From 08e8dc62ac9545ee71f48665fe7f057946745ac8 Mon Sep 17 00:00:00 2001 From: Kannan B <59028488+kannanb-github@users.noreply.github.com> Date: Thu, 28 May 2020 15:37:11 +0530 Subject: [PATCH 001/102] User credential preferred Even though Device Credential is an option on the GPO, the device credential gives error while auto-enrollment tasks running through the Task Scheduler. To avoid this error we need to choose the User Credential option from the dropdown to auto-enroll the device. The below line has been updated on the document. 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index c2df51c0ae..ee71b48495 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -113,7 +113,7 @@ Requirements: ![MDM autoenrollment policy](images/autoenrollment-policy.png) -5. Click **Enable**, then click **OK**. +5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. > [!NOTE] > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. From 26f000253a9de67980ae4c5f59ed46b6bf1f5c00 Mon Sep 17 00:00:00 2001 From: Steve Burkett Date: Thu, 11 Jun 2020 17:23:27 +1200 Subject: [PATCH 002/102] Update policy-csp-system.md Add Supported values for ConfigureTelemetryOptInChangeNotification and ConfigureTelemetryOptInSettingsUx --- windows/client-management/mdm/policy-csp-system.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 7cb986c7fd..597ed1660a 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1069,6 +1069,11 @@ ADMX Info: - GP ADMX file name: *DataCollection.admx* + +The following list shows the supported values: +- 0 (default) - Enable telemetry change notifications +- 1 - Disable telemetry change notifications +
@@ -1124,7 +1129,7 @@ If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry If you set this policy setting to "Enable Telemetry opt-in Settings" or don't configure this policy setting, people can change their own telemetry levels in Settings. > [!Note] -> Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's limit. +> Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's acceptable level of data disclosure. @@ -1136,6 +1141,11 @@ ADMX Info: - GP ADMX file name: *DataCollection.admx* + +The following list shows the supported values: +- 0 (default) - Enable Telemetry opt-in Settings +- 1 - Disable Telemetry opt-in Settings +
From 66fb73d251dbbcd7e349c1e84bd6fa43b365df4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20L?= Date: Fri, 26 Jun 2020 15:59:07 +0200 Subject: [PATCH 003/102] Add hardcoded FOD FileName For offline scenarios, the name must be Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab For 1903/1909, the file name is Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab and MixedReality installation will fail. This is because the Filename is hardcoded in FOD Metadata and the file must be Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab --- windows/application-management/manage-windows-mixed-reality.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index ff4fbd3363..48f7a770aa 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -44,6 +44,8 @@ Organizations that use Windows Server Update Services (WSUS) must take action to Add-Package Dism /Online /add-package /packagepath:(path) ``` + >[!NOTE] + >You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~~.cab** c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. From ea00e97748aa542aa32fbcbe4decdf92c99921c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20L?= Date: Fri, 26 Jun 2020 16:19:42 +0200 Subject: [PATCH 004/102] Update manage-windows-mixed-reality.md --- windows/application-management/manage-windows-mixed-reality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 48f7a770aa..35c17cbf6a 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -45,7 +45,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to Dism /Online /add-package /packagepath:(path) ``` >[!NOTE] - >You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~~.cab** + >You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab** c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. From 81a6bc9d9519cf864c9cdfa885d4f9d98244a720 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 29 Jun 2020 17:50:00 -0700 Subject: [PATCH 005/102] new hva section --- .../threat-and-vuln-mgt-scenarios.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index b099ac0a4c..42546873f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -97,6 +97,29 @@ To view a list of version that have reached end of support, or end or support so After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details. +## Define a device's value to the organization + +Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation, so devices marked as “high value” will receive more weight. + +Device value options: + +- Low +- Normal (Default) +- High + +Examples of machines that should be mark as high value: + +- Domain controllers, Active Directory +- Internet facing machines +- VIP machines +- Machines hosting internal/external production services + +### Set device value + +1. Navigate into any machine page +2. Select Machine Value and define a value +3. Review the value in the machine tag area + ## Related topics - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) From 50d2722ad53c646682f109aa8e581019f60d7d7e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 6 Jul 2020 11:41:50 -0700 Subject: [PATCH 006/102] add csp --- .../microsoft-defender-atp/minimum-requirements.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 0040889daa..60382164d4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -43,6 +43,9 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr > [!NOTE] > Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. + +Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). + Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options: - [Azure Security Center Standard plan](https://docs.microsoft.com/azure/security-center/security-center-pricing) (per node) From 46857420e696890535095b808bda51230bdf6639 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 6 Jul 2020 11:58:44 -0700 Subject: [PATCH 007/102] fix 404 --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 489cb3373f..b16baf0447 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -184,7 +184,7 @@ For updated information, see the [Microsoft 365 blog](https://aka.ms/CortanaUpda ### Windows Search -Windows Search is improved in several ways. For more information, see [Supercharging Windows Search](https://aka.ms/AA8kllm). +Windows Search is improved in several ways. For more information, see [Supercharging Windows Search](https://insider.windows.com/community-news/desktop-search). ### Virtual Desktops From 1a014920d313974598b957ecba6995aedd7c830b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 6 Jul 2020 12:24:28 -0700 Subject: [PATCH 008/102] link fix --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index b16baf0447..489cb3373f 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -184,7 +184,7 @@ For updated information, see the [Microsoft 365 blog](https://aka.ms/CortanaUpda ### Windows Search -Windows Search is improved in several ways. For more information, see [Supercharging Windows Search](https://insider.windows.com/community-news/desktop-search). +Windows Search is improved in several ways. For more information, see [Supercharging Windows Search](https://aka.ms/AA8kllm). ### Virtual Desktops From 1c8a6314ee300348aafc11dd4cf78d0e53435fe9 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 6 Jul 2020 15:19:54 -0700 Subject: [PATCH 009/102] new section --- .../threat-and-vuln-mgt-scenarios.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 3a565b7fd9..7084b50423 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -50,6 +50,28 @@ DeviceName=any(DeviceName) by DeviceId, AlertId ``` +## Define a device's value to the organization +Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation, so devices marked as “high value” will receive more weight. + +Device value options: + +- Low +- Normal (Default) +- High + +Examples of machines that should be mark as high value: + +- Domain controllers, Active Directory +- Internet facing machines +- VIP machines +- Machines hosting internal/external production services + +### Set device value + +1. Navigate into any machine page +2. Select Machine Value and define a value +3. Review the value in the machine tag area + ## Related topics - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) From 0507eaf5998912849ef7239c8797e00d99844376 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 6 Jul 2020 15:54:02 -0700 Subject: [PATCH 010/102] new video and casing --- .../next-gen-threat-and-vuln-mgt.md | 40 +++++++++++-------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 81a12f3806..05fb5adc3b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -1,5 +1,5 @@ --- -title: Threat & Vulnerability Management +title: Threat and vulnerability management description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, microsoft defender atp, microsoft defender atp, endpoint vulnerabilities, next generation search.product: eADQiWindows 10XVcnh @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Threat & Vulnerability Management +# Threat and vulnerability management **Applies to:** @@ -25,17 +25,17 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. +Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context. -Watch this video for a quick overview of Threat & Vulnerability Management. +Watch this video for a quick overview of threat and vulnerability management. >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4mLsn] ## Next-generation capabilities -Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base. +Threat and vulnerability management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base. It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft Microsoft Endpoint Configuration Manager. @@ -47,7 +47,7 @@ It provides the following solutions to frequently-cited gaps across security ope ### Real-time discovery -To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerability Management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides: +To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides: - Real-time device inventory. Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard. - Visibility into software and vulnerabilities. Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications. @@ -56,20 +56,26 @@ To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerabilit ### Intelligence-driven prioritization -Threat & Vulnerability Management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, Threat & Vulnerability Management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context: +Threat and vulnerability management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, threat and vulnerability management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context: -- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, Threat & Vulnerability Management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk. -- Pinpointing active breaches. Microsoft Defender ATP correlates Threat & Vulnerability Management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization. -- Protecting high-value assets. Microsoft Defender ATP's integration with Azure Information Protection allows Threat & Vulnerability Management to identify the exposed devices with business-critical applications, confidential data, or high-value users. +- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, threat and vulnerability management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk. +- Pinpointing active breaches. Microsoft Defender ATP correlates threat and vulnerability management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization. +- Protecting high-value assets. Microsoft Defender ATP's integration with Azure Information Protection allows threat and vulnerability management to identify the exposed devices with business-critical applications, confidential data, or high-value users. ### Seamless remediation -Microsoft Defender ATP's Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues. +Microsoft Defender ATP's threat and vulnerability management capability allows security administrators and IT administrators to collaborate seamlessly to remediate issues. - Remediation requests to IT. Through Microsoft Defender ATP's integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms. -- Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities. +- Alternate mitigations. Threat and vulnerability management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities. - Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization. +## Reduce organizational risk with threat and vulnerability management + +Watch this video for a comprehensive walk-through of threat and vulnerability management. + +>[!VIDEO https://aka.ms/MDATP-TVM-Interactive-Guide] + ## Before you begin Ensure that your devices: @@ -78,7 +84,7 @@ Ensure that your devices: - Run with Windows 10 1709 (Fall Creators Update) or later >[!NOTE] ->Threat & Vulnerability Management can also scan devices that run on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities addressed in patch Tuesday. +>Threat and vulnerability management can also scan devices that run on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities addressed in patch Tuesday. - Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates: @@ -91,11 +97,11 @@ Ensure that your devices: - Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager. If you are using Configuration Manager, update your console to the latest version. - Have at least one security recommendation that can be viewed in the device page -- Are tagged or marked as co-managed +- Are tagged or marked as co-managed ## APIs -Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615). +Run threat and vulnerability management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615). See the following topics for related APIs: - [Supported Microsoft Defender ATP APIs](exposed-apis-list.md) @@ -108,7 +114,7 @@ See the following topics for related APIs: ## Related topics - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -118,5 +124,5 @@ See the following topics for related APIs: - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/) From 3e72f565091f5a3dad18c385bd780daf4a6ac55c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 6 Jul 2020 17:24:53 -0700 Subject: [PATCH 011/102] capitalization updates --- .../tvm-dashboard-insights.md | 28 ++++++++--------- .../tvm-exposure-score.md | 18 +++++------ .../tvm-microsoft-secure-score-devices.md | 14 ++++----- .../microsoft-defender-atp/tvm-remediation.md | 24 +++++++------- .../tvm-security-recommendation.md | 31 +++++++++---------- .../tvm-software-inventory.md | 20 ++++++------ .../tvm-supported-os.md | 16 +++++----- .../microsoft-defender-atp/tvm-weaknesses.md | 22 ++++++------- 8 files changed, 86 insertions(+), 87 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index eaa32244f3..02edd24998 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -1,7 +1,7 @@ --- -title: Threat & Vulnerability Management dashboard insights -description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience. -keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score +title: Threat and vulnerability management dashboard insights +description: The threat and vulnerability management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience. +keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, threat and vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score search.appverid: met150 search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Threat & Vulnerability Management dashboard insights +# Threat and vulnerability management dashboard insights **Applies to:** @@ -24,13 +24,13 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: +Threat and vulnerability management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities - Invaluable device vulnerability context during incident investigations - Built-in remediation processes through Microsoft Intune and Microsoft Endpoint Configuration Manager -You can use the Threat & Vulnerability Management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to: +You can use the threat and vulnerability management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to: - View exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices - Correlate EDR insights with endpoint vulnerabilities and process them @@ -38,19 +38,19 @@ You can use the Threat & Vulnerability Management capability in [Microsoft Defen - Select exception options and track active exceptions > [!NOTE] -> Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and Microsoft Secure Score for Devices. +> Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices. -Watch this video for a quick overview of what is in the Threat & Vulnerability Management dashboard. +Watch this video for a quick overview of what is in the threat and vulnerability management dashboard. >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r1nv] -## Threat & Vulnerability Management in Microsoft Defender Security Center +## Threat and vulnerability management in Microsoft Defender Security Center ![Microsoft Defender Advanced Threat Protection portal](images/tvm-dashboard-devices.png) You can navigate through the portal using the menu options available in all sections. Refer to the following tables for a description of each section. -## Threat & Vulnerability Management navigation pane +## Threat and vulnerability management navigation pane Area | Description :---|:--- @@ -60,11 +60,11 @@ Area | Description [**Software inventory**](tvm-software-inventory.md) | See the list of software, versions, weaknesses, whether there's an exploit found on the software, whether the software or software version has reached end-of-support, prevalence in the organization, how many were installed, how many exposed devices there are, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected device, version distribution details, and missing KBs or security updates. [**Weaknesses**](tvm-weaknesses.md) | See the list of common vulnerabilities and exposures, the severity, the common vulnerability scoring system (CVSS) V3 score, related software, age, when it was published, related threat alerts, and how many exposed devices there are. You can select each item in the list to see a flyout panel with the vulnerability description and other details. -## Threat & Vulnerability Management dashboard +## Threat and vulnerability management dashboard Area | Description :---|:--- -**Selected device groups (#/#)** | Filter the Threat & Vulnerability Management data you want to see in the dashboard and cards by device groups. What you select in the filter applies throughout the Threat & Vulnerability management pages. +**Selected device groups (#/#)** | Filter the threat and vulnerability management data you want to see in the dashboard and cards by device groups. What you select in the filter applies throughout the threat and vulnerability management pages. [**Exposure score**](tvm-exposure-score.md) | See the current state of your organization's device exposure to threats and vulnerabilities. Several factors affect your organization's exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower the exposure score of your organization to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations. [**Microsoft Secure Score for Devices**](tvm-microsoft-secure-score-devices.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your score for devices. Selecting the bars will take you to the **Security recommendation** page. **Device exposure distribution** | See how many devices are exposed based on their exposure level. Select a section in the doughnut chart to go to the **Devices list** page and view the affected device names, exposure level, risk level, and other details such as domain, operating system platform, its health state, when it was last seen, and its tags. @@ -77,7 +77,7 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) @@ -88,4 +88,4 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 5391b7ca6b..b1b2897be8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -1,6 +1,6 @@ --- -title: Exposure score -description: The Microsoft Defender ATP exposure score reflects how vulnerable your organization is to cybersecurity threats. +title: Threat and vulnerability management xxposure score +description: The threat and vulnerability management exposure score reflects how vulnerable your organization is to cybersecurity threats. keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender Advanced Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Exposure score +# Threat and vulnerability management exposure score **Applies to:** @@ -24,7 +24,7 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Your Exposure score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. It reflects how vulnerable your organization is to cybersecurity threats. Low exposure score means your devices are less vulnerable from exploitation. +Your exposure score is visible in the [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. It reflects how vulnerable your organization is to cybersecurity threats. Low exposure score means your devices are less vulnerable from exploitation. - Quickly understand and identify high-level takeaways about the state of security in your organization. - Detect and respond to areas that require investigation or action to improve the current state. @@ -36,7 +36,7 @@ The card gives you a high-level view of your exposure score trend over time. Any ## How it works -Threat & Vulnerability Management introduces a new exposure score metric, which visually represents how exposed your devices are to imminent threats. +Threat and vulnerability management introduces a new exposure score metric, which visually represents how exposed your devices are to imminent threats. The exposure score is continuously calculated on each device in the organization and influenced by the following factors: @@ -55,13 +55,13 @@ You can remediate the issues based on prioritized [security recommendations](tvm ## Reduce your threat and vulnerability exposure -Lower your threat and vulnerability exposure by remediating [security recommendations](tvm-security-recommendation.md). Make the most impact to your exposure score by remediating the top security recommendations, which can be viewed in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). +Lower your threat and vulnerability exposure by remediating [security recommendations](tvm-security-recommendation.md). Make the most impact to your exposure score by remediating the top security recommendations, which can be viewed in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) - [Remediation and exception](tvm-remediation.md) @@ -70,4 +70,4 @@ Lower your threat and vulnerability exposure by remediating [security recommenda - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 5cdd484045..83e5537bff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -1,7 +1,7 @@ --- title: Overview of Microsoft Secure Score for Devices in Microsoft Defender Security Center description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls -keywords: Microsoft Secure Score for Devices, mdatp Microsoft Secure Score for Devices, secure score, configuration score, security controls, improvement opportunities, security configuration score over time, security posture, baseline +keywords: Microsoft Secure Score for Devices, mdatp Microsoft Secure Score for Devices, secure score, configuration score, threat and vulnerability management, security controls, improvement opportunities, security configuration score over time, security posture, baseline search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -23,9 +23,9 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!NOTE] -> Configuration score is now part of Threat & Vulnerability Management as Microsoft Secure Score for Devices. +> Configuration score is now part of threat and vulnerability management as Microsoft Secure Score for Devices. -Your score for devices is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories: +Your score for devices is visible in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories: - Application - Operating system @@ -51,7 +51,7 @@ The data in the Microsoft Secure Score for Devices card is the product of meticu You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities. -1. From the Microsoft Secure Score for Devices card in the Threat & Vulnerability Management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field. +1. From the Microsoft Secure Score for Devices card in the threat and vulnerability management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field. 2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**. @@ -82,9 +82,9 @@ You can improve your security configuration when you remediate issues from the s ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Security recommendations](tvm-security-recommendation.md) - [Remediation and exception](tvm-remediation.md) @@ -92,4 +92,4 @@ You can improve your security configuration when you remediate issues from the s - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 2c3f7a6ef5..324c695ff6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -1,7 +1,7 @@ --- -title: Remediation and exception -description: Remediate security weaknesses and fill exceptions by integrating Microsoft Intune and Microsoft Endpoint Configuration Manager. -keywords: microsoft defender atp tvm remediation, mdatp tvm, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm +title: Threat and vulnerability management remediation and exceptions +description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management. +keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Remediation activities and exceptions +# Remediation activities and exceptions - threat and vulnerability management **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -34,22 +34,22 @@ Lower your organization's exposure from vulnerabilities and increase your securi You can access the Remediation page a few different ways: -- Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) -- Top remediation activities card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- Threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) +- Top remediation activities card in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) ### Navigation menu -Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization. +Go to the threat and vulnerability management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization. ### Top remediation activities in the dashboard -View **Top remediation activities** in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task. +View **Top remediation activities** in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task. ![Example of Top remediation activities card with a table that lists top activities that were generated from security recommendations.](images/tvm-remediation-activities-card.png) ## Remediation activities -When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune. +When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the threat and vulnerability management **Remediation** page, and a remediation ticket is created in Microsoft Intune. Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete. ![Example of the Remediation page, with a selected remediation activity, and that activity's flyout listing the description, IT service and device management tools, and device remediation progress.](images/remediation_flyouteolsw.png) @@ -95,9 +95,9 @@ Select **Show exceptions** at the bottom of the **Top security recommendations** ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -106,4 +106,4 @@ Select **Show exceptions** at the bottom of the **Top security recommendations** - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index ad8c99b503..3d72a507d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -1,5 +1,5 @@ --- -title: Security recommendations +title: Threat and vulnerability management security recommendations description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value. keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Security recommendations +# Security recommendations - threat and vulnerability management **Applies to:** @@ -44,8 +44,8 @@ Each device in the organization is scored based on three important factors to he Access the Security recommendations page a few different ways: -- Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) -- Top security recommendations in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- Threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) +- Top security recommendations in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) View related security recommendations in the following places: @@ -54,11 +54,11 @@ View related security recommendations in the following places: ### Navigation menu -Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization. +Go to the threat and vulnerability management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization. -### Top security recommendations in the Threat & Vulnerability Management dashboard +### Top security recommendations in the threat and vulnerability management dashboard -In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. +In a given day as a Security Administrator, you can take a look at the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. ![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png) @@ -106,7 +106,7 @@ If there is a large jump in the number of exposed machines, or a sharp increase ## Request remediation -The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. +The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. ### Enable Microsoft Intune connection @@ -118,7 +118,7 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT 1. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. -2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within Threat & Vulnerability Management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. +2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. 3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. @@ -152,7 +152,7 @@ When an exception is created for a recommendation, the recommendation is no long 3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. -4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past). +4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat and vulnerability management** menu and select the **Exceptions** tab to view all your exceptions (current and past). ## Report inaccuracy @@ -166,7 +166,7 @@ You can report a false positive when you see any vague, inaccurate, incomplete, 3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy. -4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts. +4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. ## Find and remediate software or software versions which have reached end-of-support (EOS) @@ -176,7 +176,7 @@ It is crucial for Security and IT Administrators to work together and ensure tha To find software or software versions which have reached end-of-support: -1. From the Threat & Vulnerability Management menu, navigate to **Security recommendations**. +1. From the threat and vulnerability management menu, navigate to **Security recommendations**. 2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**. ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tag.png) @@ -203,12 +203,11 @@ To view a list of version that have reached end of support, or end or support so After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. - ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Remediation and exception](tvm-remediation.md) @@ -217,4 +216,4 @@ After you have identified which software and software versions are vulnerable du - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) \ No newline at end of file +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 9e6591f91c..d0e00649f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -1,7 +1,7 @@ --- -title: Software inventory -description: Microsoft Defender ATP Threat & Vulnerability Management's software inventory page shows how many weaknesses and vulnerabilities have been detected in software. -keywords: microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory +title: Software inventory in threat and vulnerability management +description: Microsoft Defender ATP threat and vulnerability management's software inventory page shows how many weaknesses and vulnerabilities have been detected in software. +keywords: threat and vulnerability management, microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -16,14 +16,14 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Software inventory +# Software inventory - threat and vulnerability management **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the **Software inventory** page. The software inventory includes the name of the product or vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected with it. +The software inventory in threat and vulnerability management is a list of all the software in your organization, including details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. ## How it works @@ -33,7 +33,7 @@ Since it is real-time, in a matter of minutes, you will see vulnerability inform ## Navigate to the Software inventory page -You can access the Software inventory page by selecting **Software inventory** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md). +You can access the Software inventory page by selecting **Software inventory** from the threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md). View software on specific devices in the individual devices pages from the [devices list](machines-view-overview.md). @@ -78,13 +78,13 @@ You can report a false positive when you see any vague, inaccurate version, inco 1. Open the software flyout on the Software inventory page. 2. Select **Report inaccuracy**. 3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy. -4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts. +4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -93,4 +93,4 @@ You can report a false positive when you see any vague, inaccurate version, inco - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 68cb359a5a..6551d5f13b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -1,7 +1,7 @@ --- -title: Threat & Vulnerability Management supported operating systems and platforms -description: Before you begin, ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your all devices are properly accounted for. -keywords: threat & vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score +title: Supported operating systems and platforms for threat and vulnerability management +description: Before you begin, ensure that you meet the operating system or platform requisites for threat and vulnerability management so the activities in your all devices are properly accounted for. +keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score search.appverid: met150 search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- -# Threat & Vulnerability Management supported operating systems and platforms +# Supported operating systems and platforms for threat and vulnerability management **Applies to:** @@ -24,7 +24,7 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Before you begin, ensure that you meet the following operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. +Before you begin, ensure that you meet the following operating system or platform requisites for threat and vulnerability management so the activities in your devices are properly accounted for. Operating system | Security assessment support :---|:--- @@ -43,8 +43,8 @@ Some of the above prerequisites might be different from the [Minimum requirement ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -54,4 +54,4 @@ Some of the above prerequisites might be different from the [Minimum requirement - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 32379a298f..dc76e06b79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -1,7 +1,7 @@ --- -title: Weaknesses +title: Weaknesses found by threat and vulnerability management description: Microsoft Defender Security Center offers a Weaknesses page, which lists vulnerabilities found in the infected software running in your organization. -keywords: mdatp threat & vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm +keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Weaknesses +# Weaknesses found by threat and vulnerability management **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -25,7 +25,7 @@ ms.topic: conceptual [!include[Prerelease information](../../includes/prerelease.md)] -Threat & Vulnerability Management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities. +Threat and vulnerability management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities. The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID, the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, and threat insights. @@ -40,12 +40,12 @@ The **Weaknesses** page lists down the vulnerabilities found in the infected sof Access the Weaknesses page a few different ways: -- Selecting **Weaknesses** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) +- Selecting **Weaknesses** from the threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) - Global search ### Navigation menu -Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open the list of CVEs. +Go to the threat and vulnerability management navigation menu and select **Weaknesses** to open the list of CVEs. ### Vulnerabilities in global search @@ -80,7 +80,7 @@ The threat insights icon is highlighted if there are associated exploits in the ### Top vulnerable software in the dashboard -1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time. +1. Go to the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time. ![Top vulnerable software card with four columns: software, weaknesses, threats, exposed devices.](images/tvm-top-vulnerable-software500.png) @@ -119,13 +119,13 @@ You can report a false positive when you see any vague, inaccurate, incomplete, 1. Open the CVE on the Weaknesses page. 2. Select **Report inaccuracy**. 3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy. -4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts. +4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -134,4 +134,4 @@ You can report a false positive when you see any vague, inaccurate, incomplete, - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) \ No newline at end of file +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) \ No newline at end of file From 481fc57055ad8d5fd129ec677be20ac55f99559c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 7 Jul 2020 17:26:54 -0700 Subject: [PATCH 012/102] Updated per feedback from product team --- ...ng-csp-windowsdefenderapplicationguard.png | Bin 31875 -> 48227 bytes .../windowsdefenderapplicationguard-csp.md | 74 +++++++++++------- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png index 5d8eaab42f143d8afc80d661a111e816a3aa4c70..5896b7c1df20ac72afff6bd2a5be88b6aaf2d765 100644 GIT binary patch literal 48227 zcmdpe2T+si)-F~=L`4)tKsJIR(tDK%Ql~r*prD{p zRZ-BTpg5jSL2+#G)KTDXf|Eti!2gc8>nh7r6rq?GfiK4)avE|J6s0lL`<5qw?^KUf zOx!6b=&zIi98uNf_(?%gy`!oir|)C2LIB6Hpe>6dHjc}| z8J36EPmS6&MvkvI^Yq+RmWK?amFLe*m{u4Tn>ZNYwxcHgFm>-tf!Z4scXZ((V{UZ7 z4uSu+jx4YqeE3pFK{$5sX^7!1^xy-<-ZM7r+Qw|V3lRh6FQ~g&_A$Vj>H%_nO44&5 zNkBE7lij&PvOF03F}NP@J=+#63^~OJn8jkVeda$;Jiwj?qADr3-(6(|Xf9g83qORCZbk zvDVX-kjF45F|Dl98L&9C!kMV)=(vT;I8Pq%1xwqF1h%|ObU!BrHQ@fKYaYaOTvMNv{-QXcCf&JzeHe)2( zP2^Pwn)n;69WOOTX5v7^Fa5Su|yp5TjzHfDmm zxG-S4kqyH3{ej(_w{wt(yQ^0{*P7Dj+tm-YCga)z{3jijTx#=3AIXnUWFISpe*gZR zdOqDPp(M)A(s^^PGe*qM+1J`6X;JdJbw?wFA@T|uW&Zl5)_h!Q+nBP8zvb@y{xuo$ z)9RN@Nqhx$J`;W3QffmtgsWXQGgHNl64CAB`2v*EsnP^=g~hGAW)^X^JSeGI>u|~H zaZ}I|H%1YYWdf~x`o@k6*G0Ue=;vlJ+;5l&3AeYf>kqw_>R>0TGv1{HA0IJEtGYtP zEFd&>%wVtlmY1@1dsX`G#*)jvE+O!jRF5SS?^k=REcb4rrYeSWXZP zYX8~quNWgIwkj6oIEkEy-ValsPD%5&8{w7aa+QsdLHq1&0|vW1Th}3c3_K1 z63Ikf7Fki%}n=S%5xM%GM{CdjJv?c|qjbF)`?Zm;Yl$2N)Gb?JU3*<~R21}bC;co70?+@a$uIcfC`rdIbFdgM~ z?oHJt?2YI_1A=T#2p@iFPny{c!f4_T#M^vyjbWTT`Y5#@0sGC|RQ|q1;vZ7@obj>J zLOWm03`(X^YZHsW>~`6Sh0f2K%K6cbZ50ybu1?x^)A`bwg!j>cBNh)DYFbJZnz9`` zG^-x0SfHzQWhc%-BIr_ekJbhmOgEQ5(+{|RX1O<*Y`dm@t~#W=U%N;#^YZov8_TZn zn59OTMw`)d2n7>EYTKQ~vgo!9y$E6Li~WnG`Pwb1nHP97-3p`o)mk7m^5{7KuboBo zsTF2LmEi$Wt3TU}H*xr~tR7NLnf&~yDuv`9YYrEko!JGn>%LUiFo=AyN%S+d(Dr%24W^d6IdPO4 z_@nJDsFdokgV7hGmq3UFpZQ@&Lax`#l-uEF+%7m=4x06239(hLoYO>_lHO-l1WFHN z-fN13RTZ#F_8Px~-ttqib+|+rd1OfXw0(}eM0WT~+1f*Zr)b1QWw@nSSVZfAs>3*O(Vcl%Jz~I3>UeE?+`Z69;;e^SX1{ploLw!ykGQV z7boBj@CljqdBED9s?bnlGyr3R)f?Bf6pMN2e&ixeo_bO!f_55M7L=_P%IBJttQT|e zyqF;99X*-t$Pn(4^RfHpx$Pvy%JZpZ+sXM}&U`5UvOz||ULwSQZGY~tVSgVPk@B0P zh0IE=N-W_pAwCa9k$*6&e$HUOjEQ_RsJZ(VC1dI$R)#M!9lAHIW@q?mw2x+Bu{7Im zA)CH@7azamEuum?s*y+2DQ}>>>}8Eyjx@ObeDZBM)O1FwD7%N*?m^(>>NYH)8E zoZ6MZdil_tM0y~4yeIaOMMrT%GaCv-L9lrc+sX>09 zH)-D3vZ#1|P*rwL6uVvwS5>(Q1WxiN{BU$Ozx%3oiw@X^2NJiV0 z+zA4mQ@DJl=`bwKllbbAzjuf~v&8JHcb784#!}$W{OB;5%UEQgjz%VN9e!|!0!}t~ zPM_I|c$YMZnF4SNBZ1q!>Gf^DoMd$_Ma6!uw?p~0RW&!EP;*6>NWjZ`>b)~LyYA6)6ibE*U#?GBTwowi6Dj`#5Q zs$Xv4GMaypL!4ZhFz<(&lE+c>$>l+fiY;!J2b9IKQs^_B9{8kR9RKIU_qH6?_+hoK z)1kz^Ux?uBJp$eSYHcBep4EGxEcg{3vA5s^Nzk&W^)n#p{PG<%2}G*#&!32d`Kum= zAA?_|_}Za*m(=%0Y!=icOWV-?-v&pIy*aW^qnO?+btE^ zjofm3xT^61Y9>ACL3=Ra7ujR~72zJm9_Ta01Mm~#!M#u{Q+FRoj^at+5j^F=lO_Cj zNCzJ%wod%-;PStkY%7EqI7#VpldzXzL~^-*{MUqCLk#$wQ7r}J0c@Zcg8l`$k78X+ zKe^4eiBa5fDzd1}N6M0)z&s^tgf0yhyEr+KWw9GSd%bn>Lr93b7OlKWXPQZnW}tsq zG3~nTwL0BKh6rLf`7EcN5=A?=wzk^f3@BdytG745iEA?B$$^xN$K}6$qXn~1wJQXC z2;-+;$6c$l!4A>@k3FHm4>B78PNxJv^%aprBrbwH4PAoI3nhdVGpt`{ud{Dth$dpl zD}0k9U6}$DFvG(1)7qjmtl|n=aOCYNxKhAmSTPIX1o^ao$dO*VPd7)AVRp}=i}aGP z{3+Ed>lN&E0gXnlh(dtHJPAC9PoyvX>9;=XPFl$UdnMQgpYOfXnAjC!1a71NR=V?) z_+d7F(C{%x{@Zc(x@V0HvBZ1iCkZt8#8+VCCcGtxI05@`nJrj^d0mmCE*i@~&Ty8k zyOH|l2)9{m@3Zn#?7^>IDg>~s^JoMAbcdwt8f5GH8o5{{(C2Ub9CQjk-09hGnzsOjt4d`iCrJIxy7(Gzn5RSOyc_Qp5=cWqoL*mpUO0kCJj3&dQi^WAaCDx>r zkxt@V^Atu2>Rwog&jI1dAbhNW68^Qy?k;w$8d6!j%7xiTHIS=l)I9>)ObCJ7+sT_w}=%F z*|{WLIXT_fl@!gaNdd_Fi)=6QuDc87edF@#YF$adh=~u)rCGP}-Q0~cNmZ8(T&_!q z3*E=ht3S5$I>%YZW9fW@%PV`Uv`L@x3EdcgG9nkim|WkNpwG+Z8JmVKL7AWlDgqrX zSYwL%9@GH1=`X}%1SZg5NZpf$!Lz8r#HRhLhUY-LFL#JhZkB`ZCj~;~)UzRs$6Zpm zdlHR?vc@|Hd=BYF{0%;etGv_FZjDB7cAoWu4ao8#-61u10p4Q`$VMS(QS*NLu1Xd} z_gWV}CH=FuBW+D^q*CH_lM}wT?&_n;$``<3scJ)68e8|m!H5EBm|2#XH+`Y|4YojZ zI{hskCB9U&lijhQo6ak6iQ2ru)#zObjbv{sOsp}NS<#Sy+SqL_T?fd(DqnG>Fl71o zbv3u2rS0qy^a`_9Ux=5=8}zwB3iGz<%gItrS!re>40d+n_+dk#sc&3fFd<`3ymgcp zhnL#!qt7jtf_a#84!PWF&q;leSJM0B1F|>9tQ?7)X4_qlgTsn%te^OR1ULzb2c)OO zsEiMr5n$h`a#X&dA|AI~oSd%+*mm(_~2@R~9e zJ{8A#9yok!XGijm_j5MF9uTjl09TF7uV$&cV`RnATA3_E|HYw(>f+ zF6NSVDz(57A&|4fu*-!z#ievSm)6gnVf6n}#(w*%V*S~?_6za9?pn)_|x^FR@<6R6DTNOSC4cHV(R!hrW0?o#4O3K93c9V z|0cnJOrq??1ZF{@_y%zc(#jgsx5aWb)N6;}+z*AN9PvbU2H0ek45Y*`H(!DN^Qw-1 z-`GDUwbbl1j>9W%-cK{Q1&$NDqeW>ZbCu=Hjy1T!7^womMEG) z8f-w;EcKA4co3n{zd# z&&Jmp)DV_mM&2c32W{_UY^@cZo1O1HcYZ8{)48o&y|%Q~2PLd83h{~e_q;PokHLTo z*x@n~TvggEriL;2Fd<#984}{Z-ff;;zGB(c+piu)QIO2be^h zN0Ywyl%L$lxavD<;zq-&<}>rY#Q2@5OWue4inCtyDfO>;vO)TM)$N`T{oa0oHd}b@ zy8t6cTgHg$XGYXZ%kS$gx|}9b%IM5UA4_M9&e6wuMxOXMe-0$%Zo`>^iE0J*>VIk7kB&k9{y(n7+d!2X!2T6Z`U4>~KQRzz#H^V0m{ zl?c!_Z%f2}{Ok|U$DP2Y8yqR=1eti6U82PV+?FJ74p__NW4jD5q8&LV19Np<8tVOZ z6+{hcg|~a})8BRoT(i20p8F9a`+ljx(7h@jpJdZ9-*%bHEO*pXRH`hx;b+z})&xOi z=~Y)`qFz$Y9bX>JnzGU%k{Fc3v@&dludO25xx>7jCv~$eR28Dl z68o8D_}E#kHbTipCif>$ZM1&sz+8}J6!|)rz74DSY;cl82_@j@0o)d}*_a^>FN%H7 z5WBI;4v{loH+*QzXyGuj^uW`!!Q3jpFiqY-BPppTFKFt0wT!`YbMsEak0FTJkPT!g z3TL>&>Qp{h&qkn5gQhxxu4{4C{*Udtqm}{$F-Jj`^HFwm-I>-{rtb9E4 zC8L-cHl1X+%~x9)cN+$@q(sefH(1?4xupiIFNlUF0R(Q->cuf{DdDwfWtQ+}o}*fG z1%hN*vPk-e{au#6Yqi_y0Yn`jwwPkAq&{xIeYi`?3M$STIvCPUQ?__z_m}abfsr&*3beP(3Q9uO+j0|4juH~s`>UE4Et7O<`y=a_21LV6 zrQI7>_1_WRUDnyVHNpG2Y{Ys%tJTDvHQ!V){maj`m+*$WV!2GMF_eVrXP81BC2B<$ z(UW8TZ`rNaTBDD)SU!Yzzlc}NwU$g@h8hdT2s&`i5UwDjb8j&@olSq_<9N-JbVfPi z?`J{;5%5zR)YAxpRv~TEQSVN(8}vx-6>#ZXG0#%b^N7tyZn)$M9)`^NiZY8VJ5gAM z1h-!F#ATbH?52&=u_5W}AJ6n;uOIUWAu`goi6CX@%+6P{cWCmOO5e(bUOOgMP|c}m zztTbbS1?bK2ZwD6hrS(g_sFLy@~_WG!0j!s!v!W zc}*`Yd5J7YoN>7{0AiHfD3cTQAq|Of=GrklbpN8xF8n%g4@;RIww@!RodMA~G4 zy50h4+jVpnG7A{<0Q`*j!3xMVk+nZXAt#hn`s7Gqkvmcs!1wS=1#^V&e5D0TPqiyUX~^LHEi}p%NUvrSQJsW+R^Q8K*f<_FCPwb$ z(}E@TJIMT_1Te&Hv9}q)&?W1K`5CA+u~;zlIfWE31CqEN{7Qiq%mb1lupHzB*hF&b z_2dYCP(<8$bZB(621p+evrUczBRtzYu*;}oiQd5GC0rOD|y@k?E10L1P%#093!ifiQ(L0T`pUbHJ zV^nLVj?)lUb&72|eCOz&smuaDnFe@rYJoLt3d@ujPbBm$s(n61o{HiIC7v?xADLYC zY3w=Or@vA@^-I9$qrY;)q+8t}l@q`6J^_Qb&{x1X^0N=}?~wig#*sgN(SJ&m1ICd* zKgl~vc&`7C>`f1N@ZYn*M@5qC&X4C#PY8`@xDl?0yr;c0z!3ytcy9t8w>|E^1_;NO zID5UxeLmepV*4W79w#IrLywXKK;MbaJMi{I{v{CkxdkcUxK<-r7jN%vbOqYIJwi*C zv_PikCuDqE-nD=YqnrUI1#lz(F20 zh2Kt%s><-QTwTqql02x~5CJ{!;sN>3wp}7rkrU7RN66bWB#rNFPjqHTuaY?w(am^H zS^us5MKb(_V=_*dECeu3AEE>Ek~{=0j%ts;jHH7Sf(SmQUjmO<2mtlz_A zRow`5$uyz|iX0)QZ=gZFp)!Ek&&_2MnaJykk=IQbL@u{=%_;^hxMbbD&9r5n!HO+@ zjsUWMphB2S>HwyG+X>iB_#AHS&y2V&zQ1ExDI1#VaLjpY2`F9M(}^Qzz~M_`2Gp9t zTFq_ch4gb}W;79c(Hpj6p&{b|LAXU_=?Jz*X-DrQ0%2HMg>#{HDHy2x2$V;dq+f^ai4lhDTDIFOB zYgy%v*V(hGy16+7K&{zn`JepC!(>E_J`YP^yCixz+4*tI@}!OkkpFFt$INnMI_on) zZ{=y@w~?Uz5r&|j&4U?1)lc_VN(bwR$G3@5yt}X1Th#@2aU@TCt1g2nE=!Nf&-R3><|P`@*IKeYKN zJEwu~>ZmYlz|W^da*^wo6acOAo(S9qsLp8~v(~Ft81T$ENSp>pMD0B@i#Y`Ls@C`D zf=1Quw*Hi?#_p4Ar~kZ|o*Lr)T0dOJhC8Y(zCZkD5p3Ux&I7A=TWw8OygwN-Y2(+v zTP*Rdkw?&6Hk_E3h+D?0xWl8{q>DDG zd0nqF{-LaIq90kwX$33plTQMB=4I?zr5Xgayd|RRrV1bL-oz)qd?;zkDEOmus_M7_ z!Ri&JSG&tpm9XC+4EEhLBIT2s0eSy2i84CqPa!a@G-}(PqzXdrU!`Nz zJZNeWaZ&mbqTXfMcWQSHxwqIy16Id(;hTDh?vd zQMczHeW$u$@qBDq-^hjanHlJPAmAO4_ip6j?&RT%fP`09SAhZ*5QqH%Z$SVwZHXtK zRbhif=pkX^UcHM$eRS`x;^fl_ z>D|s3^J}C5VQ?MbZ&f#UNr2r;h}G>3ZKt{Qs$azqgCnL%fDw^1{7rs-Cue7iYA+2E z44CqcH(9gwa-k=_9^=3NxqodN44qD7Fa&eZ%p(}Ux-HENc3{u(Yn?NN5y%TIr0TW0 z2pk~GWp46TM3z|96AEDtm>~&~?QA|W3V4G3g^sL#fgd_@w0#Rb|BGW!A_Fi08C^a= zOkWg!fv3h_;OoZG1DN#3$pe@rKnpAY04Ko%K=tG$`G&heVZX4M`f)&!fNKJv4zT2d zYyZI|BSUd(%~4F>fvWy3^2JQ#{EG49tzH>G78VvVB%pZG{KL=7e=Cu6Uqu8Vi;-GK z-V*+?N0DME5S`r)sPz$Ur#CeJ>ix+U_Qh+D{;0Z`n`4pQI6`ryikmf&xDu3#c zS~uuP^e@aB*5gVrOZpA~jm#*Eo!K~uW%hhrB)#Yo46*)EOks{4?$Z>n zs0{jRXOl@a>Si+iqs2ly;j%JBANc-Kl!Sn2aVnuRstFxMoHLEUxqPvdY2JYzwU+74 z?^93~uAN1oS!#vLm%|#YoxRuyrGkH7+KrH!JkdJnE0^a^UrihlH;BVv=NZyAtiC)| z{JE^Ol|cXG)19+0n_eLstZZ!M4L!a-Wl8UxI4%T#vT6k$E& zG{znb?1lP*!A*-AwE^OtEsxr26t!a-!)r69zuVqUUvE$zHAGn}rmpJj4Kay|Ea4;px^Y?Tq0k?nat z|Kgkcof4}(-h}SS!WR%RT}eHYcb8L1tpm4xLTL`^vuOcz;0mAH*Lo9IDSq42iQU^- zv+!|q#iPCN2S07y)1*&1_Va~457yd+@%p>i2wJ-kD>?AE#Jr{?7@F#7v)pqdxdN{s zwAAjhQhtj}berd^Z3(faJKsZ%ESO3>zZqvuAF)xu-ylrs$gS%FIg8+Q@ZvnlLv&aU z9(my^_+U8ps#a+W#_)}20q96^R?;U&xpQW$moZSpH@n!{*|jS5`S9enPNN98U~TkC zmf%^#rmSZ$Dax)N{XIxIVP3J;7Q4VQ(R1mv&j5EoPT>H+{e1nj*H8*AaP&ubIq{tuD%^_Np=9r*0a22g41&C@a3*{DiSFT2j$ zlKS3;qAVteaZ4VnbPbxw5+zZC78$#=3kJ{@d{S`#;$2(c9t48#@p;301>a*YCk>m{ zst&{QS8LecUCU>1=xFd>`G|EC5}F$wbwhY_2rS`{GHD(D zBC_01m^$K8>ZVZkc`sk>Glt@2q=a^?A9b4>9fX58S076Wfn3bDd@)-O7h5%n(I9*XYFWPLkzu5a{RG1n-7-+WqET&O$ zu-u~A2)C0CnAoPKG^KJ@{S{)U7ac$}~8a9^`L@l#va-MhJ|~NG`!i=@qgULmm>WTt=LORcUZTio1EB{>`CO%x z_e#%sm?E}Mdd@Hh$Eunr*Nrspm={E5Lo4jATs7-_4rx3TVl$)g^L*#qb3+nK``rg1 z<8HhqA{`eVDf5iYeAP*uFN{~p5*N=L%qyP@y;Uy;^PXl;ETyl%Ho16_W%l|a1l9y6 zv*KSlSuJgRoSy*&8Z&Fis*~0Tm3P&P24hH;eGp4^mK(4yGsmN_(EOMEnB2LnGUtVhR%3d@p_B*>UqMe!Dvp3IG> zbDoLhP}|*CP5ybUnr!=X+Wu~FtJoY+qa}}8c=XW>BbYt$!SV&=CeKMXEzK6z@}Q19 z^n(i0MN#yZlUIX@Ps$ad11z7c2IdHFKCREa+mjTwXM^$+rim%s`rYb#WC?oIc?-AN zEQTbP%Dde(iZNv&nXdEkReXc(R{on--@jZC&_cWup9`^IhmL z<$t?5q59@hfo8;|N&yQ-oKVDf7r-#UX;(uLVMdfz^MyKHG>cWi#vJooRVa)RDs(())WUiUO>7^`IwW$wqndc{l50deXP9 z{!(VGEo6QYWm0WsTTv8PSs%A4<^a@k#9}{FcAYwGcuQC<-u7okzInMJu%aIYUDw(x z94B)V9frd@cWe1sDhm5NgHZJ*=B8ZY*o2o&T55ZJd7>L%t{JCiYjYdL672`d%p?7l zQ0rZO?;tX~cSRoVhbT^#0IR^we-liLV(U7C$Uo)HO+Bchb7!S4#MDc6ND z`wqXo60q>4axVAALZzfn_GD>Z|KB6&?gE4SmO;KqgG#4;R_CF^0x0s^M@j;_?;&^j zlt?SIB1cj=3^v|EgVp`JL9Y)(r3Kdi0gMVPCa+?4C_bLS{v9p@=$aY=y=Ev7d|p1Z z^G(h?uvfl6A#MqAWpy>Y0_gFIY>wwP!fta>9Au>ANE?bf;Bznjg{gtO;{RrT;Ur!#Jl2LvB^52d*OivR}_zkf@<^54*fw@{lno(`w+n%y3yuA9k=mqZ9->_j-qCB1p9V9nw(B;TBQGEp6fGFm4U zt9I;TC`bNFl6|6HIch&=RNHP8pQxpvA;y4u>$n7)uD!%(6cZKurXt$}Qao_^OmfQM z_}z`MNuFIiSs?_<@2`e-h!~Mo;J&+ zzJhW1U7ApJjYC)ON}Q^c5=-fTf%cgo8h5kVrw2fT7Ry^p{jFM^yLYcF->R2OIn9wd z;;Q9yvN=Ke-J7Se47 zN~pSWb0IWc#kj~IC;IAZR~pDwTe8`Im%eJ^N-)59B`>PqAMOxs>6jCqDQ7_x-l@z`sNi>vY zxZMZWl@^9~{TcwGM15Ukxr_$gXH#29o7eXD{PADbqsj(aoJbU(yYnrb;oSGi+(Uh( zn_BN?YI@Dxg6nyFeAud)txo9kS{a`L^+(B4N^w*qp0_ksTz8Vsl} zgp`A5xi8C~Vr!Ud?Q;k0A@Lt9+CyU!@D@kY2+(e(G!3+l`(2)NT=Ch}Scpn*53&4WRvg&I1Z!~5Bxy}e+t&N}igg?Pn@Da?K-Y>$QO!9Uv zP4o!IF#GNIkq1Nx+yP>j+F!BjKf`POE1VFS9)jph6$gzhFkTm~othAx78km$WBomu z$xqk1>y&hYhu|T<2%rK3pdiCUP=BiLg->O2FQ;y*u0-(ix7kOOV{AJ=YLV>hq5{hh zzdR*GFOayn+}B|z;a5l1NgSbSux4FJv z1j^2b$myw^?3v>g9B-jaZF#}>6j|@;ses``4C!jQ8vv6*rFTPGP3EoyGG8e z%m=IAnvHiI$M1e-^W*EvvwOROXwQxd4Uhfa*$rj+lI1D8T`pN9TQMjXAM{+;y3t+bqjV zzgpB=Ekn?YJtxl1PP-Tu&Id?@e`SI@o>;d+X$R6T`Ng31l z2K+ds{mWaiAt62sEuQr6b#tOs)@?NJM%CEY$u8zN8`9`Dt(9I*lI%aILvL(FNCiog zA%<_3pxT*4Y3s9E0KCQtJw`ZQopz6VN%KJ7IXnw_V zVfWcsu9mzYe}RdpIgfDH{JQX}ud}G62ECtrL~|6>O+c&iO*^6YhwQR9bT?q2n5BhWCL5CyFD$J@;=)CNS3P(0W*g+U*wL@exwa(JG|0Y8F|q1N6dk^^`-PC! zga$diGnFg9h}=&XPwl+E#w|lD7YsN=3fOsfGzlcr>got1!n+YR#jd7os!~-4)AtQI8pY*ul_8catweO zCnqP~G(u~`<~E%?PIouluPTnvY zh1I25L&K;NUPdAo5wA2)9HR39WFd4fs^E=&t>|@?MU;7y{w-CkhnS!3q`Zqo?gL!{ zdzRAQ7NzS(nm-D?4Kf62-0J%@_ly|3emL@yXB5S{9Q=quX9eSWjDZQU2bEUDKXFT| zAYRmeb5}Hhb%iIzUZk3hdL@a425p+2T=tA{I1VG|&@$F`&qXqW{IZs5@h4|tu{pN6 z*NOc}nrL(Vw0F+Vad)q;oIVt84EI=bt*1!=b1e7cE?|oZRG5rg9bFH(T!xK10+jaI z>0)Yvw1+%2d^5+Qg_1XBjI;R^_3)t$`>MhXRW~w~Qg3%(cQEnSF$9Aq6hR>$kXN9i zYC*N|I!axd;!p1Uzt%sKf_jSxo9XMh9j^4Lp`_xF8w-^XBUZUUfQE}-O;^&Mb$*Tn zB4^N66ML1k!wxXUjh1&4L_toavi%JJAmuZ35yZ3+CS+rBPwkwVD|_K4FX9fQg?GJ%KLG zzZwvB7WqlFC1uTSgPEizlfGA53ScK=yOz%@yb&%!ifL6}MQs__mnPm0*kdy8xx6z{ zc@XqkgC_f+H;v!OOXLOto~Budh+}|m`K>-sX+PwxBd3NI2v``vg6{R31O!fl=b$q@ z4^`mrvHTu(#VSK)@-Aq)%5@Aliu%S_uEvIm1A#ingaDUhSW=%uS&dCBaP~1As*H;S zIR0En+{(e>bKq1CLad1wn4K6!9Ymib4N5+eCxxcAe^n3Cn*LJ%hU;*>xf>*8Gg1Wo zoQIAIGL($)Ubp`vo2a--aPNCUj1o!==f2;H{ktjy&7FQ)W_jooKSoyMLz|WzbTAJ- zFWr_M<1FPLe64nN--y}9D#6%+4|uC)&f{d~bu|}s-AH+Q_3Qt#c9xq+5p;LV8$ZAH zu{LsG#BKefF02!1RoL9~zxCdn)Sn*aS*J;D8HD~2v>H)pFex~grdGlcaT|s~T*O7V z+Ciwt0@X|}9+Ct=mwr=MA}K^pOquoH5Yu(o&6D}yWD*Wm>q=eeOia|Xn;jMw-t3IP z2Kz12*us`MQhiYZY7aU}-Jm~3vxR;5uDMD1dQT$$-kmZG)){pAtT_vkFQ-}THCL(q zJ+kg`>n4lcx9#=bu2_!#1UR?;!zi#DRMz!=Eo4t+%rEge5>+1P-RSvU9YWGv9^MLl^|9l%w4Y9Vw!)|g^?;s~mcKi4q69qI=Wz_tf23{F| zL++;XT}D8cxA%S{Vm9&K*bep=S4kpl!LKYg0Wt#cLw`~@|E<{i@4;7hVeAw|--k!s(^zXWEj+<9#UD*Z*R%!PIaN;3v zeFp2&OXU}BB%w-3O*McdEYle-O!OuyYaq-cm^Zj)Jax(?U(E_j~sBSpjzuOiZFvwJ0_v=bK7%h);>D*F1!H1nK&Z#|{D zyT7O(#hGO*&~Gk#B8%=Pb0BNtqf>GaZFHlR=@>&|F`_fXt?u=Jc#mz=#Y<^oxD&y1 zyY$wM>DBy#quuY3UiF<3=}&^B#io1E830I#mi|Z7P0AnPchxtiQKr^qF+8x zU_Tkuj$pWsPCdu`uI-2GNzIN>z4<;`s!qOE3zo+e`l|_nKpXI1m&gp>h5Z5)0evQY z%hNZz*89LX&Fjfa*4_pzw_?yeTqFJ5ZqPiZjAwmltQwevIio6mLF5`-pvG*!&*6E> zX)^_%T>I} zdW*g7uWeV_JFKCT1&_8|9h+Xat`4-Hu2uAELG`e>6oEO6(ZEIiphToBh`W~$Ao+r+y-Go&JlT>{pIB_VRTlsTyBc{^!lomH@C6Hs8^U`A|;K5P1pMiC<>jI34@!tj}f>}aT~5Y z70rwG5DAecI@^&)_yZS-^zFPS7IqqSmntl^@XgqOztU0StT z$~Hp&Xb=UaqLTDCV}9uqZF*f9$M2RAZy~a@p#qb!OWno2*s_T$*TRoA!&sfClDlq0ruLmej-WCSbTaoOi5dv#u zG)Uhl&Am3cwduBNSc;JDd~fQwSyoeJPufWr{UJ5oAx>L1L)d!T;{*HabgeVQ-;l7IiVkQFk+lU#LE(2>KZzG#TtFi)l@8q(4${-)n7S}5EbmT7M?Ks5rP#Ww zqi9x^%c_$3VR=s6AE1|6&Gb?yaw>Tp5*P)tKEp}f&asRed=)&QS4_@Hc)m!1-4xEI z8=klI^>XHQ8J2wxF%YJHJ_{7P-GZ%RhFJ+;Tocf9ZR=sDsIbv5>M1*Hw(Q>q#u_v1 zN&a>-rx^JJi`h8>e?woiLgoM*M*J2q*lj)mc+%~V?;>}PJO*BRocT?o{@%X<^p5;H z+MNNk0lW!U`?t<)wZt9LG{x9II@B|Ft*x1WTF)#1(eUm6to591A^#Z5uU-(Ib+-TS zzbZAfGy`uqfh__TfmiSV7_0P+{A$u+Cgo>oX+;I@4MR`>@Cx1qGL;f@dpm{@1pePN zgw%dg~ zZ~Bqr`OHbNz^}55EVq@5t}6yXMQ$USZSSBq#lIWSNu}X_ z%tj7GJh(O(m9LRZyp+S8Dseuvz=;F!=!PaNB|2t;3|8+P4BGiOw#coC_^|C*EglYm3sv zoGoTHa|vRfcq$zs7q!frn1~GeIIZdaMe`3m;FX@g!ard0cX$LN(vbP@piK?dSPef! z@XYCpB@%_|l}>H)?i6way%5`q8t=e}2VycgwjYdl&3fOSndV*Py@CT}`q=#-8n3;P974`f3y??y-bKiU4doO<>&Y8W> zKI^Q#_IlQOo(FM*)yyS?F^8cDb=$YXrKs80arc6NqMfAz4ssZy<#_m6LPwvwhM z51I!Foxq3}>Xvd%Tf@a*kskT7yn#&k!J-ukczbtNw364@(S^wKiMM^_;UGt#&f zn+*a<>|S-3mleZ>S=UP}TG9w$xx!$^K)T)0Hl#W{RTc|5=-A)u0@PuNC^*zT^^<;ZH#qUID%slqs^HN;)wY~NRYgptgr2=i(n&#v%iBHK zgLUoiYC?pHchlAOFUIAIsB7Y6Q`mie-H?+3hCeABUuHV6r*UvR9}WNe9i6#9ziDwh z}HkkPd($0QCcc%cl*WIg2y23!Yz zrGuZ^=T~>F4+v{bgmraw8MFjb z^4UMl{PgJL?fAuW_keT4?>@RVs=XdVOUt#_SX32zLzF-=3x8DKqN5uF zDCA85G0PMfg#hMA2il45iQ{vSh&um>=C2v1_Cns6B)BXn;^$w!_~K{p&yU*X52^4B z9tRjSuYAh2NAO^27~?(A9r&a55gj{!xU?&4gF+mD7uXYzHXCsF%rTx~o=vtnl1B6U z@q9`EVzc8xTj-u!{0BcnKBw!^aE^5F8@KgJ@u#0W&taIJ^$h|f)zwAEq3;J5Ha5R#93Tv^68!BO&BU&}mCJ1) zW*5CuG1R!r!kzd?mqt@-2cBV(m;T}6V0Yj1f4K%Gn&oZpH$oe}x7$-$xYj?vwk;K9 zHac}T(=op`v(9}`e!fW#al7q9Zaj^?lI_!|@@`3pLvlPlhj2Nuc7^BR_k0RvB39{+ zyNJ+hHhS5Y;pMV_1UA64hx(@phO!$3_aFKwR>a-Fbr^_Y%a<^arz59i`QW{PL9x>( zKN;bTd~fJSBBhe>Ok?QS=60s2UtJ|LgseCn86Qro{?;tUY^eEFZD^+H(0<{kv8?)J z;=gaj2MQSuC>6!z-F>SXkI#m%v1ee!1;)%zn|OBlS(atNq~^``sHupwcD>vwha@I1 z4Mrx`os$;o5A<6a0rXbdh;hgDX*=J=;Jdj6TNj`*PV(0=5i8ICI3I4wW^ns^U%Vaa zTs41HR-S~DLU--_eEz*>lYC&-W9w!5$5=a-Ed>iW&!R3+m|DXZO}=!?zb&sCsIGr! z($pLVa-fv`&SqvYCO*?Gv_O#AV?l5?`VJzul{kiz-2pUYl zHm93aM6jPlNL2a|l;U~BNDgy|J_Q0F`qRM2vc2JZtd z`(x!vQIAf=QTo!3w@8PFe}s&WP_3`-%lkEdzAA27?=yQPBIC}y%*OXd==vi)EQRV*(#+En6g%gj=+d?F?F_>;cQ8V>j;^bbpcjT3?=}iR*0Q zvmM`?y$|Ex<+^@PU6(AW+Hr~*>dTI&Nj~W5lB~DQqpb6Ezl-P~pAZE1Km0=D!CSML z+ZGN`e9^7oQdP`HYF-zp$k+AFRLrp|C z*f#v0At|E70v;{y*A6`8@T<$%oV&7j+2e$T*&Y{pQp<{4uGq&XQtWiMsy~1-yln2LRxo@| z@7vK*ZlRg6tHr<5pfyBl0F9MJ=tT2_oVMiu=*+m95((1}O~~stKh~w>B~AIl@m(0tNwJA^YRYEK zI*x;F9#3u-pC*8ct;)xxPL?>xgX`?soF3wJZMIrUZ*l+>S*M*NzYrSXOyx?gdf%uu>>ZhWOe`va zLMpW`pgL=2g3wV83f;H~wajk(D89v(V^x}(OB-y~NJKW-@An1c{97^)lG1cWhWXMW z*L_Nd+ti9(7p?}Bb=4tMDBH!yz4ll*)&sK}%ni>T(kb8r!5G38DtkFx+NilLmalNL zv&sQ>xg^Li_%=g3u}pl7w0fo^{HG+KypJAlQhft!@XVPb!e>jUvXDmem!+zrhjvN3@D5Hvq3*GB<)-wVbu_(!DC2% zKzlYY;Cad=*ZD}!SX((JVsgT4!?@OdBe4ddDGZ}w+ptZ|?)PHkV(|}%9RiWt8uLEc zUtZj|ZXwHLgkGE~fz3KZ;(biG18>$j+rEEPk_brQy!X<2#I&sq`fNUwMROVcCOaG^}InDWu;7Z>(<~L!arX&vO6jKg5m1C`>bB~V#Ba1xDW53;4!J|;DsU5kw ze@4jggFayK&hYHM@Z_NHlI;|IzG8-Ryl%BxvV^Z$`xE8+&1*H#3-?y_p840l-czaY zmG?=aSC-{fXaP5PGU@setAq@3T!58U&G(o?u*+}zk-g$JdHfkp^$$a!fZ7T`<{8A9 zr-DRXMFeuc^Evnrae^94_!7QhHE#V9$# zV91N!ki(#xI9}t_mZ#rN;~;DuPP?rOV^aQzlX?=>0(V84ufGmH?f56b!~M!GT+yUDm)GRUGj880Z`Q5dP46Qoaq z)btPaxvlF~>R&gP^O91#jT!ek8}&11kxQ5i;Udj9nN`x>Iw4>F3>Z0b!2rPy5+7(` zYey3>2}yTCS9Fsu!%O{K3$!4|SDmyQ?&m6s->`YLN6>7I8nkGCJoun_6e{!)gi4}n~Pe2OX#BAQ|u@V3PDNA?BVuUXdR=9UHR9?@MNQ+3O}H+dV&PnpRl zTlea&d*B_2;mx0K5ZMq2U}d>DkPkLnqueI;Gaz(LW0sifdcEy^m~jX(y6ONke8G96 z37+tzHk#!UW^9ohIbj|T3un=eznHB*-eCm8R6B_ciD-_pBD0gWO4f+oYn$-5997I* zSwH zG-)Ooi&2Z^J*cjhxv%K*+>Xx9*8p^A)ElO|o$is_oh$YvFT1b8fD}#ibozjS zT6p(#EfmJRfDf&og>lbfZGaIRoga$(;@8!8W@|v&7)VjP`=EWud;RDM>J}x?D~IMf zLI3py#-Cpa1WcFyaoOJ=@H+PRPLOyAJv{6*5whF*E;`AF@$}54VPI_H!JS$to#MzC zs67vptSB+id}zOzRt{UuL6wIDw}1-H-+u#g5jcO4s=PwC&7i5X&Mx}b4-AtH4G-@@ zK6#uSUobGfy+xM3CBU+7<8c;-SOxA8VBt2p>43JreZ}1NXnT!`MJ+J%EIT*Vyp>Of zusm9hf$7hNMSvuX@;-up^LdI&c#f{vBh(Nzbc2fLe%p$MGSI*e59C`Ak-1>bAvg^E z{RRL6HaE^mr}-iwQV@dU&r^0U0&*d(S17ftu$J3w$x!yoT=znQ*X8p#{|# zXXmL?5*6EAg5s(0OyTt?Vbn_$&D$%_N~EC2BW!e^tV)IGJNr)N}lj%vGBQ zb{%i?R2=6OlECM8mOlxP%aDL%NH%B%o?>pejt-&u;ZCW0ezfmOvuG$`+u4YSLGlWk z8RgR|FK21g$z?S|DcyrlDq=H-&z0IvUp}C98!JX;l||%4loR>)XVV6TS@&h&Cor@I}u_71S9r9o50$lIOG%2Ac-xViqE#8|A z_^&&Rb7GBPpS?Xl0)njO_hdcRm;8h7<{Dm_fAG2Hfm7HE@pbZtjckceN2eTbr)v^=eW4XzJJi9n)pXF;z9lA_h8XraK+EDYfrX+)@SGh)L9L?Yd7y|&f z`Lw}j0;;1W+O(=_JWl4SROuYxi#z8=Mul?e<0i^<`~wwHLm|3c{5W&{5(tmv1^sKK zQcaqMs7r`g$CAOz=dqP*)K5GUUDeyAygv|XW(D~#Jc$jbY-8H?T)nNltDFUHl4V_* zzS2o&Cx?1e+vm{-7Q!eluZbKJD$s|%>#Vm*L!8-rs-x{jRgD|+`~Fctb-QDCqJ4In z3~!*MN*N=fy2in}uuW}`h2UF}BJYPzua5eiC--d{05t@MgG0QGxRQH7;fS4ZVxm8Z zlH-a_K5O)m;bM89zaDJ|7d!Qde*DbweD4qIu@C>f2dRDYp7E0G}z9dAjGx@oi zz1ZW>_}RM!tc%&g6ydU4x(MYmb&o|x?!Z%@gJgSRaCW5hAO&#lApJ-Ac7tw{-c9XS=?_tTlnQ!ZvX5BG(i)Gu0 zB^CVE)rLWQWggc^UjLPU>}M*vvm5r6A8#iIb_a zuzv5ft3w&4^r)cZ2EfIzUT*5!~mIbd`xxu zea7tN%6CNVbS-nC^TzXEEw58>5rfPA#7zzt7r~m0jF(AC7RTz($yS!sN{)VViO)!J zOjvHK;EQ4iBWPLw4p&Wys)gxR1UzyvWHypOTFF*HD@IL(OMyPJI3nsCT(yAML&cK2 z+9_W+vK~%c$|(DaVF7=F_w5+PLyO&lztZLh$k5QRX@8&;+QlI=w7;>$by-oZUAe}o zfwUayZSXG6A%T4pN)-JWDJuR#7l%OssAefs=l$o`z{U4(%-_|ZgDStP_m-I7lcD2OcFKuN|gGZTnHm!1ea_g3eC*QSzO@%FBiUL&`oUY4>tZMRKf+2s;? z+$1pP7=^&@$MX>!+z|+e)D})Wgv^_88A+B_HloU%067J^8-HRrJ z)3JRb<{jPEwod1>K@iwfUq0!CzeNAFi>!gmv&Lq8*!rJ+$N!coEd~nd@mRM*XOZ`= z{+VJ0KK+axUS3&w6y4*#0Hni*3(nmlJqx4I=i{tBv{<4p0;Y;i6$|WivIE4!3V-cj zA7oHm+}spJSsp=?Rcs21M(S zTm0)4vxO~Gv-Z?q4F4LPR0XA?qEdG}xq&@@+yFXh03E&sRUr1qshz)_lh2&K^y=AP zySzdk7)a&|Il#hi)KsrmttckKp-klywktp)+opvwd2XW8t_mMRis0u;;jBypiZrLk znjw|LYK?c(EkgUOdLF*lDP5P6d>bVZmoTJ&KD7Q2h7eERE0IS9W1cd(BU3_@%LJMzS$456+0A?rlXSrT42pxIR z?^+uf0f|7XN&rkj12X^?lmp-|1hjBLjE_K}_s`r~Q3i!NWca~Rw>f}15b1JI8;uHr zZ3P*wDaTGxjJ7v}3pXOUqm7$;^LxCZJjZn5vhNamLAPHEU-Z7=2~$k0TFI}ba$UM@ zapO7mnQd2v(I94to$NNMj{4>&C5g+gQ*UJlvC@?r>5lt$3C}Zei*AfBHaV*dH4NT+ zzc(AT6HoArOGDl+acR25o!RhR;LEMWEX543<13hq7Mlrf>n;n?CcEPp59NPN9AY&$ z6*1Yb=XI#ftP^ZxQ_yI7P(c&cPR(o`ZSo%av^$Ye^3C9WWUKQfL&WD^`AR!OD6+3w zk`|;|nYe2m-eXjPkZpcnJAF)Nu?f8PDBu9N1JILUl}~$CKWymgl15NrZ~*K2Bj_9U zUK-#Lu1c+)19nB!$$Xv{oVa}^!0fKoksAATgq$Z~c%nx#I0Xw4tJZwD6a_$cn}C0C znsgXOdjK>p2LM}NFwe!Dozu+0@Ws+&-g$#-@L_=J5x<=T0KkA}1~`s-Owd7Pk4?a> zM`34iUS7|`sLe??+ZFe+m#U+JkpA+r5AC6oD95`6jxH-TP+q#Rbqi5emPcJQEP^=E zQv1#y_3uU@LR+tLI?!;lXiqUqJy}j87~sO{EPO{ch=I@qd9o&kv-&WamGiqUls}N1 zWA0k-WQ^%QFf`6E*^^_@E)mD4dgAGltt~xO^g@Xtp<))wDm1jYh)d4>)L4FPq;@tB()g3lQ7&2!v}X-Xkg8f<_zQ zab{#r)CJn%U96Aq08zBD}oH;!_U*$78tS0-Bh0(eUbr2rYQ>V z-*6z+2?}5;mHF7Q*2-H^1(2#G5&ZXzhxM9{c zest$6g8E3VRc#;;d4*ZG?j%dr0~_yvhStmyA5Reh##cXpm?(awm;o(1P- zPf&<`E`6l;5+!~epKS<@RTfC>{@!+*F|SG|B96m0Z1=4Lx7=@0Xfr`H3f}F$*EiZY zekEgQM4b(KiZYX|58Z3n=4-HxGZOzQ2J0$(D(9e7fBZP%69Wu44J^Z1nP*p<-w#^! zm$tsy-P7=yF(PF*6Rhl;AWwGueV=zjlt>Qgv~nc*i8ght%q-rO>)V%ft*UzHRG|} zjmEDQ=Nme|h?d@f32!9&m-|~C2nD`jU9Y{Ho5=H`XVMta_!f4WZjnv>c=^m1>}Ps= zsu{G446mr@C)^kpPy%n5pp>rai=_!vP+la@;%>Q<-Bq@nXnyRFEegBP-oWYG3!*&w zHe`W;hS1?iK3g`i*Q6s#T2p2O=E)F zP$b}9P|MJ$kjWI#vU5g+$+Kr4+q`#ujH=H}t5QofVb~o*s*1}r-+vfXA=fymWaCrr zq;*VA7bN9!0b0@6n(P~xua~efAZn2K(;P3shhN`c!|Slw5TAiB23*~Qj?(uy=89W2 z3*0tVNrGeUu{c+4PlX}eN$NC~GMr*4y;~Gbf<>X3HSP17n2b;BI9eX;JF4iHlUiig zA=@kihSvA!fH^wzC2hZy)`%UEa=riY(eCV3JqA zI2(O`;k@9&mC86np9fr>p6*(azA!8zgcYZUl|)H8)xd{Zb3nI-cA5!%GP!zRAc4=0 zFq~!jMT^28mhz?qJ=h6I!8*_XwzkMZGc|GVJ&qvy=t%oHljgWafnJy9Na+9SP zrXty{@jX+_BB_rl{_?e34>S9G<;~lR6m%GJOs3_Dw^;|JK7W2OzB+C_nB-m}t%eew z?at(@5xevYby|^{Q{>+5*Uhi-j;t`LT^Ec-)jJdE`HlOAkl^F*Tp(?DSYE2&0~_uI z0WUDa7`*5*AW`F4##|h*tSD_qLDsK$=fn^r>c z9Yaz9X6nc4rS85XCNp;iu0;5n19cL2?FDv&O!iwB!DF%SYq1blpXYru021bsHMG`q z^rByLH8X-AjXzx=DN1&qfo6?{dz%e!F;CWw%7_x22jkvcYo011XUryNS-FkV~u(U@CYUdWt!XE{%!}vQ4pa z0~DvoENo@kooTX_K9)W3CqaSC5xK6{K{&tOy&vW0J;Hg-DK|R~TC*pC5$HDgM7n?x zE}B3evuCaA${hwwKka)|f#~~*XwmJ8soz1Rp>??)wS!%93l<>@R7>|CsqF$8Lg9-2 ze?nSP?v}0c8{sRvn?;jTbuyHXDKRrg!vnJAEEWJ*rVM~(mdxnpP^Dw{eP$qO0HU>B zs+zMTS%*E`7qPni?bc4Hm$>1>&%)0PrDpV%`J5MVe+br`(R!Q6-GAe0nLNcXyn(FO z9)5@oAWk9_&kz4C{G_ZIdP`&GnQQ zrDpB(`5p9xZp;sZZQqLxH!bWt+ZXQf2Y$_(k8_qAy18Tno1t*;-H@!!fbk+=tX0Rx zzcG&=S=;layZLH!IrG)>NfiuIFTXukVIKb+lc`8YlcTEC*`0bM8<#t-fKw3V9LE{X@DoeIJbUZ@+kBwZXK&8|!SaIoY&kG6 z4lf@ZH_{1hWo>PtQy|})0;(KHi0Q6ReX!Z|@|+}Dp}S7??x4o=``5QvbH^Vrv91d_ z*M}*oKO27Ua7Wpn?<@V^h)@#PX~L!@t8jb9ml`&tr}ZDhL&D2}d_y8}j{d|!IaU(C z&RYODxfwd_X}d*NadYgR7vnLcF3>v=$~2Jok#5IcUY<_L=uT1WSuO+(==Fjwhh7sJ2y`&1Gun@{;_OPY0+a(2`2%LQp>j)%+!vf!$BwJwIMQ-SvsJ zg{d2K+^w*J#lh>nRafT3f^M|-`I{kr!Hd)NzRwbJ(FSvD$8g! zBQ&rFmOu0E_ibGn0 zlivR%q0?1VS4>oU!A<>!)9$7DV!i8^i%dDaN>x*D=b7}Y38lArwOAjq@BYqGMDY(nypon&L)0yVsARC zQ!>2&PuPh?!c>CEX5#6eh|$;!ybn&ByxntF_{t0iK`(WSG6Yu=&G`A}>6$esG}KP? z-+JkFRX zt_Ol~T(b0gj5gU&>w3n5d_`8&;jYH7lfuu;%TLgVzx_|p=;#MT_KY z(4_rfx^gXUejneNiU06@55zUQzOJGwg7I0SPSO6R@XngC;w90+ZEkt%fI9{R9$RUn zZuAJnHL-MEsH2YY63*nlguS;v*}puhzu_L(e+2gcRZl?+vfuwb-Xll2J+yZ`XkbqB zYni9NQHpi|R zze#7i(Y`LOk8s^tI0{?WR8N153f>LTo#=uqSJt>Ke;=Bm(J9?e1D_PdK-Z7LR;H>& zhj4YFc94<}s{EBql4ZD2gZJVe3__4Dl`EY9W+qrR+cFF>J$#YAxk)1aS6b{!X)Dg% zqL+y!NJ2+?+h^~l=f4|aMV6&UH)f}2?)xfJuj)ltk=iBXl|)SEM?T7!|s z-GZbLF$7|r%E`hJ8#lz}PnORm-8#eRNXfbPuK|5B+Z`L3;7PYsFmhW(byt?>Swv8) zBDi{y#dt~+Hht4Ld#{JDYzHN+M}fNfrT`oSD1TA@O;J&Lo#=ZKGs`uS*1LPMi4^2L z>M^ELR`=R%-@0*@2Q+Ml0sI!Sk5Jq7HfjX$;XjKu3pe&;^C;)rc^pgCfNt4?xuK)& zBB|r4?DykK11w4PNd?vdMV=!S>~i*N%--`Ki;d?6y|Tx|n=Tg<_#KrIV|uh@En|~Zu5Rk z>lYb=L{l5_Oi~0Sg2$kDEzmMi_D@2Rkqx+spL*jXVRLmS^(-wJMvB2TiIBpfOW;R98`P81tL7Za>v{$PI-G+Q2)Z!Y#<86{nEZK%Qta^zF%cUHEL47T zfqJ>e?r;7`rvhM|9ZTKuX?t-Gqf8W%wjRZQ{tQx@jr<+t8ji%f$zuT%*l{<$~0S_<{mRc9c`td{VheE<6Hx6;mkpRjgep zy<{BYXVp@6vyy!9@}w-?{$s7Oh=tTOO!bRSaq4>WEm3JBH50zgWm|l&)i;vF%Q=-Z z;F#NcETCy~N|-|o_BA%phb|mt#qL}2d<&X{@!3?slZkXi<#dr89Eto?nDUSiJmAfV?&3a?Q0&?N1ZhkJ}v`2hbF45-W+p z2M1DCFH|OU$1(@PvkjgZ$hS~ruw(48*?V1E<hc~b3c4J>$+P0&ekas4Teb@xKFQaOYX96q z)inh3c;rgA5a z<_GUDk?S6QB?r_A*9t)K0=fxqYu)0W>WoJB$ZKD!I;9hauE?7sxSunbUk$`7ExN|^ zXdcorm^U_bQXZT})b~;L4yyv|#fULDu}mS^^@5M0X4g6=-4=9gJ)Cmf$dpBi(*#xv#fwW_soxJ9d`oW8kXBEWA?55Y;@IY|{eJ@%>3r$zl>HYXuHpD2H}wSmfwLo?^#+{HO@%NM)K zIayCBIc0Y4JBU$@0;0^5JDK(weU3iUiv)jw4~q4>ONrI13@Ix9&9qT(hl;wNWebEl zHr`QijbiT6RGhUTm*2QV#)7Xg>`HSj{N1%7$Ov@x0(k-N!)dAA@bVBh>fSFA@K?Z0 zc;{M(6O473v|1v3YxiE1s;ppQFC{v~Th^x6J3x7)`EA9h5}roBjvpdXUV2JU$RAX~ z-Y%4A@q0h{h@UQox+5t@nnv0O$j(1vWKLt(7#JQ_mlPXZ-aoRS)yQqy5kAs2f6bf{ znWvxG{g!X8fm}2MDYE;PAP?^naVh6+Pt*m%mA-%(Lc7}6-ko<7i!_DgP`g+rA^THd z9)i$K9&@m}ncb+c{F2I5rLn$- zp>S*3F-Q%=2T12w&$trq{(Z2)q#091W`z0lIk<_8^z_{}y0&qd5y|;-)=X|2Z6_uJ#qZLx zUEs7KV?)b)<&<`!D|1s}n)|XAnrqY5$-|9z^l?1Y1m&O~0MH1fO z7ct!YQg57$-LS0{%rvn9*Gm~#U0hY&4s+PD@xO*V^zSO($v-j)m8Mt9xZj2!>3iFi z+SI{|5S0OLmOk6WWg05I4WeCR8T z`YiOS?FVv>ZrlPo&v~CLPtSKmMQi~0mA3FcI!iC>0aH8xIbM5^pnb7{KH#UNx=->+`E(Or*^J0kn^_=P40uPvuO z`XM`nMgqQbRrDER)kw2n?vJTJto{=EO$HwW@&Lb-iI;Tgl6N}=h8M9AD*y(3Hh+kf zp(D)zq^oqZ%M+$em&U;C%#A}9qguMQt-s$dFn_=3VH9U6`*4S(YlmG|C1S8l(40ED`L#Pub>^~h_T9C=gM zZ0%)C%fuH@X`*td6XD-O$KxXyNZochqQJcub{{Rf-i~ zSz&h^Eff`4@}wEqSI(@v;Ho^`M2XWL_n!5EpW5QecJ;Yq*ug>gTSD(`r=xaiu+uI} zMczBdCik7yX?=`QupOdfipf(+P9->wW%te^&X=| zuIX4#07;W8w`aSafR4>i*N+_V4*r0AC{Vn^Qc!o7D9h`8;UYIVpmWOsxQ7?$cA;c+ zk{I}TW%gq~MF0MO*@gn#0w9jw40u~TCnwc^@uWM8I_?WcQRsy!Heso$flDHy&;&b{ z=u{{m-xMNPjZRGlvg*3-MgV>0+5aaTEm>D6Q(+XSYQ(8SysMV3y!cY_Y67Toy+(2$ z;N<@8{I=4-Iz;>42LS+8X3fr0-MI$h^(Bj3;)K8Cp}L`*fnB836wBHw1)63;pMlC53s55 z1`XpoG#8GZ9jTz4JMVk!*MszTfE7AksE!B1!9VWc!k#SQf=RwRg8zYJ>W*P~r>V)n9=mmAX5w1(w8H&F z+LZRR{v{lovr#2FY+cpN+CeN%BR4?mOhmbpKz%i& zp8Gt!d`*B7TJ2}m8UQL?Q_DDBXTnzYBlCI3BHW~zCJQ6@c&E8dP}AJ#I$yav zbn0{?MHv`02QoJF8*W^wqZRF_Ea)-o?XF#5dSm1*K|rpD3+;#0#8k}}4B)>zyMG&a zPzP$fytvfBfEYY=a41xDI3WEff2e~l_ao_jkRBo+_$%MrC^eLleaQTCeF9PkTqqR8 zioX+=x^pw``fr4&_Szt@AD?^A79czY$pa#v7J6SZAl zv>0F<>$NY7^?P~H21m1``_#g$T~-ZM@9je4;?ldN^v0SN3K3jAr`*L_`#cGc)502M zfBTOBWcrYe2%$M_(s1ou0Eu?0Ry+Yg!$ZSoprhjV$)9GkE=&U@M*2A&<1K4gwM%{^ z_lU?gb@pGSMCp@cH?Ed|r|QPo`<00QIgP}~`!f%>U6STy6R}ndLqscUG&3bT4NHWs za4X6xw4Kn8PxPigv%VKcAR56MS9;JLA*xiOg63Hzb zem}il$d=Jf1VN=!+M(aOPKE0^ifWFOvvhl9SCg`NLLGpkXw+!&W&R>hHR}^Noh`by znR_o)I;BqH>co@e&bk2Xu9%8H# zoJIvdt9CIy1Ic@I>Gvs?1zarjBkKQ8T|B*{{!8{-xoxWW;eeflSO8if&sifjeK(T0 zILm0cfVqcfBN#+E6806-K}&q>3&&93P2(OcprPjH94t?@Y}$3>96IRmz&MtXj4Z~& z_!^6QLvYL~`Z1-TK%=^WJ4`TwlK(*KTNVuGw$5j+whrP&Ch<4ZhFKa!uT+6IuX$2kdQ3n1p1#1sLgwS?h#1BsWx?8PYwhqm68ukVh9 z!M~|XIbXZEg*&-r0tMyNigZby^cgL}0+9m@&_&teZO`L^<%Ygv38*A*xQ1DVPsB0w=Nv#r7f#E#2dh`t)`0igphl+b} zx+ulbH?qir<7kj!PL3$J?}0VehYjOpYb!(U*sQd&Fx&ashwRmTJ(1>Yu`y+vkLt7rtoJ_>kqYtGfv0x!-DE&?v}=v2`u64#g)Z>5lf=RhHDq{7mBV zQgtzc;erm!wDgWm44X9`l%`OB19n)Z4qNZka8pQibaDYW;|xk9BIgbbqQr@q-nBQq zif1qeMDKExDXZ8<*&X~zc@Iofkfurqb#H$B;ppKCeCv$rv#xh0P7p<4)RsFTxYF@UXZBAIO9kZ}Vl_P*m+;JHjXgFclP0 zmpre$Q!^+Q8jZo~k^BAddLa-2_|PnInZn|64+PQ6-V%4Q>*19Z-LmBEDCGPYb5X*O zUrlw*(!}FAt`#Oj1b(Ss;oXSYD8hPc-WB1DuNq-pQDs9q3ddb9Aeja-z2kCux`MZF zvN}caZo{;hk~JPS8#l%T#N?JfF|OG5|9te%-h+m*2XG=O) zO#?KHizu^)kYKjP9W4!V}zk|-Mdx9-pWUYWwBfp8XB0nC&F46|+s*$%}#4zeA zI4ngUWTa=TqSJQIpjyu2_6wY5vd>z0M3m~*S!vnT*8$Vw9Bnr$&nJp6A``1LE-h2o z@XyPonv8HA%qJ=|UTf?HSu!4_y%jaQI2(p@^rY4jYon9TO~H_5vaMCn*zJwgK#XeY zMM-uT6mKg>oi@~uKkIOyRRJwheN*WAqzexGbNkG4fR{KF0z+#-^Lju6#?BTw`6vJc z*_!iX5kf)$3H7n9Ilav)xfWM8-#rVz5i+Q|vrlL;3uLAD`87}|C25N7^mbaS>E|KC zm0bSX$&W2J9xCgXsRT|_SU#WI(q_V6(`fvBs`BmeTjd+ulV#GVuXw1OWkKFDW{-wR zEnNv%aow&{x$jE|(@Z`>H)}cZbsLg|D3l(lUCAsJox@&1Gg_nEW%C+P;)?M+5gh;78~)EkTS_GM88b_|=`#aujxz<;8odnt__U5jVCQ1#b?nEZ9VD zgyL0QQOPN_3_`zO{;Ns+J$CKRiJ}!3t2N^J?s#&d)xJ5A97SF~w7w_ee`tL#JEW3v z2sO%`X?+8{DnIv|Rb0eM-dNNvK8E66;V#{yWfR^=k3sFru=Ke}@ouw*5l%f|kE|MekDiCPZxpsD%%FT48OC>Q2Z zF-Gip8o~By59Z_T>R`qTJL%^;0Kusu9-N_=+;?|Im`lBCOfQKod4l{y;d0d7IxDZAII{oR=AkyT&B zAXTxaME6=+m5h8BMWCjFj20zT(c{V1Zy=oLJFD7fxLqu(KHF4PT&}`Q+f?MK z5>I^}u;*Z=3(A!*47=QN4z-ti3C*qEa?-`7@g&~s*X<&U3Xliq<*H_?b1u?#w};Pi zUy4pNEvykX{F1Md_=&L4dNIl*PFAFeQg8o(8b5tH_zq@SUNyV<+B3k&6dm!9OGeOD zd++3nHWUjAi$dxdGL*#{qJAGMY)-CnYG|{A?FzPKX=K0k&{t4jqVoMi_qzsc5lf&{ ze3gUem+m+0ER^yuTc*B!%&8m`3VdHbTKeiN^y~+e0MOa&5$>P4ZAU<87;UF@KcmeO z;9sY13Foxx=cn59uMq7=h3zjt@T24F%m<%!r2U9!&i|5%{`VLE8?nxx0W-jgGF+fb zY)*`>znq-ZM(bB&OrmLyfd4@s9x&v7GzFagp8i9%6G#bQU`PSsGf)_JnsfU||KBp_ zCRL2ou61>Ab2|pQNIhO5T84%qd61yPZTJHh zFCL-wIy`D8NEEc$Z?Uc`O-Fg6KWT^lq~FRk#In}ScDYed_9V2pnbu2b&aDSAtb4M3 zp7_mqAfbb1LS$7(98bDwf;0sj5BkRA(wJ@=KBqcd*41*}6TNl=_%1i}cU^%^1A_0K zbsQnbcx<**p8H7d3hbM|MtZh9y|*&lQ@dNQnsAs~97hZEPp0&M`XRf)$ZBAqS2E~5 z>|PqU0I|Y=LM3`Mskh<-^7517*8J7(3usJ977&&Hp$_};9a0;R9^37IQ|wP`+5UrR zdaZLWx1Mx`)|7r)=Wq8eZ7GCb$Wq=BNs@PB3^6h%YKEaC`#O>(YqVgDU6K7na;($ImSLFeTZs%ZmV=oi z%<|sPROfWQyw`0bbLJc2g`)$(tNa*Sa4U!F(ZmBuZmlY2`xITJ;!23y5?Kune@r2C<}hB+qqw3^e#UD9 zx8%?v)&VFRlmTBi2q~=cS3H(i&UU!MWiFia-F_=$h>%Cp;Ci#lQQ?-0K^Cth~eWUaczS$*`Upm`%2wVIe` zl%l^`IG(_#hOTj=6G_@hrwE^Qx+#z2^?DiZIOGZJ zM3~NHp4^^jt_9{V%*erQVa{8n-a(iAwAz*+QDoBzw7;2r&x?&T-b$ahyAVLwV$rL@O0 z;308qdj?|8uIotA$e%j%3xz#y#)^P3VNi{XcUS2Hf&?BjTVKWYM3c2y>Iq}x-hR!~ z2^22UVBnz91T#GH&zP29^&e;jT-{(UEtPXM!T!l#uHW$Zcrdg7Dvo}kO`O+|AvU!B zC^u%`1|!%?*l*KUa5E$KnY_optbL|4BknR0W7sCy!)a;+ANE?OdS)NN8IVA`O@q$~ zk8@MCR#f0V4KlaWh*$c^Jy`*x_7$@{mxyQiU6+PL$1W%xdP0zEi;8pjAzh8P>b{&g z(NOl6*wT(U2Hc=aDGBQ_Y>nQy)Nak)z@_#$)cacS?m%MNd4`vRbO35PYrb|G7M1jT zdQ1?5CNL~GL!jL=Y!Rfsmdo0dI8oS$*%ON$aFO$)_ z>j!>3|7O>Q2b{CoSpoD3lr@6UWB~(I$w3~B*-rQtP)MJYmk~*^>^Wu)1}qBdP9OrZ zz+w73HwCWDfX39bj)9Ztp5PI?5BrSRZ0bWlRj~K#NU3#B1u%^N+Y z+-C5iR1fFK2xQ*wy%oXYG;3n)bl3ZPH(JZej&p{$%ogI7A+U}7~Jq(m+f=2n^a2r`1!YfFHj!d4T1( zLJG<6jk(RR4>}6*OFZug1L4HbXQ)Tl|7ikOe#`MKSW?vb1OWrN&J3kMy|5ft0HA`} z#-LSsfIm0X=#Br{uout&D$9iLI=cbm0ODL7d5Kv8)3lG-MP_X~XInmw(Xw_vqpkdE^^{$2uf{JSpJ0iTH)1M)O zPuI7|ha8_TOq{s)6-~^n%|huqH)a$++vdTHe^7Al6t!N_C%oM({qLbaHE;nwC=

c2@cyBPI8v@J@}J};Vxic9Q-L__2!OV_sA^sQ+9dvy z^n{j|Ue1^RT^E*i%*0eQDish0jWDeD*_fjjG8Ck;vU9izNOQS|(gah-{(kRGk`X($ zaWu@<7CQTe=|cRlXlEf#^-STh+no)zq1^01?r^VA&;2Ep%xl8l@3bt}>H?5i46pa| zpyk%=TOb=yQ35dSO-6Rzi`zaMeN|FK+4!}yG+n0pWNi4jldaCpwum>JX?`el;W?2w zadZjKs8Aa#*1TAKyP&)CbR)fWmC}*PElzV?S$f^Ia1K6p0qcc(uF+WBaqd**&4K-8 zcC$;dW*wUTb?I;OyD!v{HRkkxh4h zz%k@Sq|oJ)Y3T9FQuWdCWUsfU&WQYmugp!16?i{KslAmF=#HQ)Tbc+Br(;d<^BDTY zIE&TiG59I+=IeL%?PgHJjjuAcG39K};}Q@KYfa*LN+6`{n>NgRSV-?B zA6dh}H}7{-w9iaa#)hgsJZQAq{kkxXJ!l;>U>(UFkZ`>9s%h;f6xCD0`2{}R2X&$4 zMs7K`RlkyQ_u*~9#}0M|c$B7br>J078guFu!^@&iHVsS@KvN7G^|rKfHX z0-Zv>_*$vTPgO?=8p>M;H)~u%mso>+pMc;Em0icqEKZ6wrXk3s5*IV^ zp3%Fr%oxYlr_D47U7C12RuIK?UJ}=SNy=3sh&OJbudlEwToz{v(weHxaWn5$`ahR4 zx*+J|dr?m8i{KV%`+5Jqs2}DyP9mq($P-q_P~oMC4aSIpnw~(kXhs7Ru@?fJIlj!&xU8am$^hI@nPjs zf|YdV%01EfE4j`~5t7+H3E)W_v0BzO0|{-gFWa!EBn@62EaE8iEbq`O5b#xR^Vyi- zQ#K^%($?j^p}W`8)Lmt06PtNYOhQU+Pvb!+f0Mg{jj!h_C+I4Oiyc3qkAJpm9~a9L zt=3`I8+?J=)Nk$5lY2c_}19Du6Oa-jMe z6m|B+zI@Cf7z4DS8NwgU?KrM8=Y651M|7rMV zXlsM6t?m3H1~_D3z$pB$76c)S0Isl*S5y*DWb{BgIuSSUJM@*A$$!q48~qagU)D36 A>i_@% literal 31875 zcmd432UJsA*Dj2rqEs8bL_`Hc6Oke%5m4!%A)!}kO7Fd>hzLk02-2hp2~7wA=_=B@ z5PCrA9ciJ5yEz_(^ZoaJ-~0ZzI);Nm*n91@_L}pV^Lgf634EX;OGVB^PC`OLB`7WJlhbk} zA)&50_J?nXd__2`mJw z>DM)VZ~HN6AEpd%h}X}pzv!PH6LK?WG_xXOSYYgUYjFNUWCV}NiCK`v-7e`4hG&B= zCB=+Xipepd=@4>x@0*xH^i2$S!~l`Fw2`~vK6+s?Hz%hhXTD_JTh~_6dypEKAIYs# zsDrgUK9+v4$ag0_mcz<>@(C#d~l~s0V6$G?<@m zI8MCuXB~z!X><99?fy@!Z8)k`HPmbBjV*D0!CwSvXl-rXUve6_W%C8hd902KAx@L* zLCmMYS1;A(pM~8$(^F8Y(eCrXX?0S0$K@Ca$x{|pbe?{t*hbqR+T|23I{fnfjK+wT zo2z+Hexf~x*a=@aMM zn?1f;^O*glN?+jeJBqmVxn5P?gxwxR11hvx&Ah=#DHdXEF#nNJi;2KiX;RN}yC1!_ zuP=5(&9%vz@oH;MgPtG0q$$!&y~oM3fM`r6yi%#B&sE;v9GnB{D4!}eLCx1Zb)Wv8 z+?EKbrO5?mW%3xcT?6vn@6Km#z8f1ik%&#JUz@w5u2fKx`BKRd)ufSure#e z<>M_PcEPuwC=gGlYkzTW&Z3cf`&A1$clnyN_hOGBi)$CWrD~>L@rM{cYoEbdcNl7x zO6VDUZ}Vr#h`~eVGr)@wFTq#1JNg*$am9qBfv(enAEOoNx2r( zRQjPV8^iy?8wSAxjaH&sDj`74d7wLv6gG{>~H*&G2=Do0_y^)M%Txe*I z$$Q6(t`km3sh~i3=64ouX0O!dX@)6So$X38NYxlE9wf#&m||XVJ5@9-#Bgfr+hZ2R zR(pqYXDVT7?$Yl^=Mk}NnJ-&+cPqTP0h?12DFN)1HQrMwE1K#;_k7v;B*oX}!djj# zSs`DwpLb=lfGaw#h`m)YWo)~+Xzn8U22Sii*vofRKX$F}ZnVAaWvzzKsL0UGbh+Ne zxmKG~OE2VI8j;Jh=!7f1A9~ZlhxZa-nxn}OZX8+Bt>>9!l+WzV=oPPZa*RY@@;;P$$x5S-0xYj~^6k&t_WgyaT(x_VEfT6A!} zq-$Dx5uyZ6-X7<*Inx`E;U8-`hV?b}7G4?C8umxyMHQTGNk&(LFBr2=Kvf?I_fVw{ zTBbKKgt6*U#FUj6;`LGl6}b@DW=ETz3YYtb<#JDvpidj{olPZzX6_HDfCB{78!8`rXn1*_oacB#I_FPqkX4U#P4Z!CseD*y4IMMYspAT!vKI@6^ zET}>ITA|Smx`=Z>nu8}%2JK!e#L6rzs!i(<72)~Wi>Kc9` z;N@Heu#5)cXLOHm?#&tfXs={lQJ?i$#7+-jf+QN~i*wAD^;0xZzzh5UREwyFIPEw3 z8~75T#Qv%$z$Kr)%OgiuCYm$pREhYx5ekLt>?0mC+0~*%&{SJRs~{M#F>ng}dY(Zw zv2%-NMBi;SZVXB!a(g~+ddssv>Ayc?u)pF<#nh;|0@B|JHdmFfxA-wW3xZVIkG=Fx z10L~ICIoJ3Wov8j(avZYzh%F?;486{@8h%Bszx|l*YIt}Tv%9mv-bjUsmEC)x&X8E zseWUB-Y@tK*EsOmjboP(zz-7Mr|^R{6_LOW0$|5+IRKeS?oj;mk56?`+uMSm>!`Ao z{bf~Uz?46oxTJxOeu(Nj0BVx{e_sA+P2m8Fp*!;!42UOD3nJ<3(MF6Be@gw~M&>XM z%*@QJk*|+kaw8$>GkyOM9j)TMIp~-?fme`1|rT|m1cSZS% zZZAQ1H@$cEfB~!pd132Y`uR%*mBT7Ym&7D?d{JejZCj~Bl$OzLwfeWYCXNtKkaR%Q*b&wH zW3$kt&B1qN-DYN{yj&_}Dh6UVE)-2SRc=gYuq$rbSjgtd-a8dL-S;d+-3hE1Ro>NG z{9Pu^_sMM67g1twMkSv5X3OOMS|3fD?{>l7Fkl>nSaQ@`g9PvK@7_{RP^#06g3U&} z-Mq~dv;Gn&2RdU5_v-V*iylm`->a8b41amVq=5Jk5R%bU;jYWkyOf7_C#A$}9hj^m z1xCbnxM+k8Fpl&1H)w8+yo%etJXze!(_&=>g}rP{^#fT&uQw~$Q{eq{`;0ma*rZ|B zmrV_><_MXkiUM4x8vaGfx1TGQ_BN_(DNDBkR3-Oo=?(gp&H{N%;G!bVJlUJjEaFRd z5y@t6nL@l}=Y4HwWIo3yG1=L|?%IidW8VF95yCGk?5}2dO-j9zv>e1QV`Nz~+G+jO zsvG!ow3OJ|_rH`n?LRs@#Ww`GXS|n-y1SI;!X?x&(CI%P>5%Zq6Ynj|kp;oI8!w2} zUfV4H!SlZOVSa}sPx(oMN149DudMS2LHP5oU+2-gH{hwWy3RVibGbOqeY-VVpZx&D z4l7{tyzF{teF?_`qa?_3;|Lp3{sG)0Bgd|+_(`U{MH0Hue*zB9%XKNkmxVql@h&XW zfkQT;ORtDeyzTfhUso1n@LduC9^-j0_prCJRKZql13|8vuDaIqTydy8n2L7(4jsOK z_Fl-z0U60x;%>_2Dg|fSY}|q$F4VrfsG{bIumiJvjqBD4gCOx%o_RItybls_aWf{R{E^u!}pyqh;h(9-?08*f%7Kqn#%JPyd#@}`2 zBcxPp*bT1?XdX;$!sbOVNgS($s zYI>{e&9;j6R7gpl#)NYt+Ie@opcSQT5-v>as+G&j`|GoI`;+Ec3XW3`ct3Mw7smVG z(+b5h+9WAeZX?usA4=vhskuJDOuMK;f-dXDAj}2agUYfE#_vgnv8m;LjzX6~B%6Ha z7gJ>rEuSD3E8@KtvhLP7dYOGM97Mi&w_V`*rlgIR89Yxts>0L{60E|gBz_t8SU@YZ z9?Vhqe0i&!kJsklQhpZuF_L%6;|d5JD=RAr&(XklS!*ily9Aw5lQb2&v)SFKxQQH+>?C5lGqTgKZ+XuD5;MEz{d3Nxxy#Fk6M8oQ)1PY}to}6{3;HzX zW-0Ps)QAjjbQs%40y7z=)9ypu znj(k;8G&}{4lE-UDk(k=&0Iv-WY%WusOZgWXkp%F8kBRG;JUx&Pt?%{9os{#f8Ro= zq~L<>2mFq$N(IGsc0bTB0k+Xb`KpI2R>t4#yOm+wP*kCNFz?C<0Yb^S;A49ciQa9@ z7}jErobjCpLn_0qjGTnp*;42a$j1@`N`@+d*`D{}fa!V3nm@A(?6?#0M)-l1wc_4DjdA-+hk5Z!nD6cD=Y&6$8&vwRLYtCxgUH%A<2CV>a#l&w3i29u6i6D3YMjv z3RZYvd^#>^H`Bm-s?yPXegn9>sP!U{5$qv1l6G3{_RVP7@eS?1ds#QZK4CXWJ}nC9 z!7?`SAc(sou`i5zi9&&zU9WY+px@DI5jV1e0+D>;6Lf}Ud~}#->ZgfO;j37l59IXO z91tOHckD@>WAd!pny=m)@!f)wg}k6llBFKb93DJCukL++O)pm;OUve}ons`1y|MRE zO&>khXY1O9#& zT5%)r5@PfY8o2Y?xpW1VgB0V_mFMt4(gQLZd-uOTSi~JPkRACfkJbWP1kj>B16ne* zhM7{q=1eGYJgv1=d8Z9{$SGjxJ_M=^NUS-lcQ(7fG`>+Gj>-mX9FWQd&t+~CvDNR* z8$^Kc?k+^g>L+`<``8nL`KvxG0o;Y*3^1Q^PQ)92gCsq#xr6+0E+hZcI#S7 z)d_EV6#~sRJk0^VOq1AXD}|mtu)5q_-oyJ+;RlS;<_Emj=dA+ty|%bV&NnuBDC+Y1 z)*wfi*KVUM;eZm5K7|LS-9wcD_SNVw^8C^5txi?+Y)*rOV+dvO*h`znLC4W<$)l|~IkZ7t8}f)t2>%;1F5<6NpQY_2ST&fNMbYjVBZ4sm zWgy2pm=#A9x_E_t-&BArCNWT$Ggo~w1wJjJ;Kw4ubRXT6?A1G~&N{R(Ms(636NEx- zN1_3vB?0Vsz#F#y#ny)w-lS6N1Bm^lL-upC|mN_y^UdV{ae-Z@jah|SOkTP9$?PaSyT6+{q_V762{&Vp2T zc|j*5FOB$`wgb8obaR@gJqzH0r%>nX7v+)C$d-|PduN*;-Q2d4J5d}XTR$vEVkgZt zM!X0k#JT-#bE&blak6|L<;r8kAJZcMl3Oj~-HFFel01F+3o@D>SgdbNCHn#%VIHH} z&fnIidR2BKr`zErHq?;QNXK~qt@^gkc ze?jfHj!_7(B8bD!DsO%t|Fe;h`bmBKz(C5^LxpW?Dw87(j-5I|q-sR-(RvWMvPjx+V0)H2k|_*Ebt7DYRka zUx6mWr~;M|)V1QFDUl#HTgfJnV$#AB;Qye6huMO@ zWX3d^kujYh;q*xG;3(8MJ5XD71VU;yt`qEKDl4}ta);SA2DQY?!u4R(FsuCX zcC!<>Oc%wp%pqkveevMsx_0ITay;E&*9dO*YO%mdMsJ9{atmJzjU+cZF{{wCvlYa3 zxEYwaH#mszUR+qWx=720f!mTezYoWzAA~LQxO-j)CbVoptI0x(esf4XsiF!4>L}z~SRGE-D zONr_^eCZXBYbj+~R%6J4$?T6@aYmb%6-kZk2l9%80G)jsM zH-^@`ZLE?HO)<1$zjR;Vos};sd>FHKBc+V(&jJC`sb97NA$*bi`$(@|oV+?y_p{&2g?Ld;Tg3*sXGa z*F5w4;|&djt#W>EwEnG@U{1QKot3@MptXY7%yaI_D_}J}Rz!Z<)eg#xovg_B;#rDL z`GsboffU4i~U+%NK7BbcB(C2>+AginL0zKwc)ZtU1J|4KW5+|=#Nohm5toi)zpfw z_WbPesDzOQcG3X|{3$`VV92L*8}6~mDD*{RJ!cD(M^Dek>Se36@|a^4*4KP36s~4_ z?IhM&D8_iz4WBGr43x&u#&nKNFOxDq=;ZA`{h4VftJ%7Bv6I)qwLm90RBcO4U8l)% zPrgzhEz@F{5*yqZGI2U|`UUXf=v>X!awLcuBAHDKLiUrh1=(23)eZ2+d^`8O!}rDz z2FG2b)C(_c544!g^2y~6@73=SR%_|OqNZgK34E=5e5R0}pTl^i`s4zgY5Vkb z*9$}ZA%j`Jxy_1lhX#^)l$v43V`h0yxcS$1;g`1_TX5x@TbFF&@7doJe zLP&)q_h@^3Do5juFIf4Plh!^RUc7feYRc(HcAp)>FGG72_-4qmX{}-$`c_G2Z7Gqo&E8U|8J$RPOybH98Yy*XoU;B zAaQpGipG$;6lzc*#xS^hb20aZ`k)$GNp)j|=M8ns3rTs3qmM67jx#kqAL`C^u3xi1 zzB0=~;mTMP+Rn&N5fOK+JmT6vu4P@g5MeG@ll77XwelR^2!yQzeE4fs0~6ErZ~;az zyvCmTs;Z@ISX_XP*sOEU?I^T`r@QdJSLDZ6=v%iV}1;4%nx%1Uvd7&-m!6ruJ+O;W41n^dJhm7rB2HyUs%oOKwLWU$KS)CThlEo zPox_(SB7_%^s9aF|BoS5l~@1&8we%xpCHuv<)bFpn7a3bQh6BbwoNG+FDa?fNkMbx;?M(+r0w7gXvrKbUwaK`phBxuclba}X z@f&jt&CG7{E3~zSUkm;ie8*V{BHT>}iv-eF1C1J!I*M3H z=tNMkqx=uYwu^DC-TG_^VC!r9XKzf~sz>UC3f^l?=^Dic+we%r^M7hXSmDEITHXu( zi4reMAj9yTA$8&|$d_qXO7(sec&afbhSHJ2GJp4Rsb^E5G1Mo((ErC{vAQ1){p3q> zA!anB!Q|A5bo=_LAW=H}+H=-y4xz($XtJ}5e*;1AGfjTCRasp&(3_>@Y|c|ex?J2# zXne1Ze%?Hnu24^z(Rz)c>k4!3Nz_eCie&i2f*D`$lpNzPq9;T9BprN=cTo_k29$ky zgDz$!K&tGbA3d~gr!j_25S|dyo9^;odV}`BoLMaL7;{$yp~!VxgBM?G;EsBI#;XWs z4gR8$*qT^4)s`UQ{@s=3^#^eh?l9BsZUy9RCpK!7)_g;)n6pB>0QdEQ#Avl%)&V+i zBVBa2<$mN1`;7RN!^jbihBroYg>m1RbY8wpA3FL>nf)xfa+BNB#xo|hdP<p{~@)u$`5d1Qj zMQr+(?msQ~OD9$MzbZ2TEk=LkRR15u>RM_6C5wAmEh41lwp(~xMvnsUR&76^Lzf&h z4@rNMb;tGe#O&FeVBr3hRR0%g)4wi8+(Fkx?#+ppxC9;4TU{D3K+!Z&XHF1FU}OAo zp0l3XYMeqxKP!QiuT@?8A$ULe!Em?$stXVjOqI9_af?)aQ)@(y8@=9F(o)WAnrhJlV+V^PgcN9%f|w5(HF z8q?xqqR~89GGZ^5-%SiTs6=Fc7sPl4WZ>3k>wc6+-0cqUiipHD`Yoj zkO~s)%=(v;@Zn$$Z|!ij!^B>fUD>glh42|`SAMvn^Md2gTh;aWkqkWfk^F_c`)e*L zt*7@RJQwsJlSwf?L;}Sm;9*oVBo}t8TDG9P`zTv)Qi}o-EEffk!)&(uDPw2?ImFaa z<#yu2C9_X0sq>F1Ftw+B_VN-hGdD>zbZUuv@L2W&ooEYJ7r$59D(HQ5agyR6ELE?} z%1asOs^;*{?7!+SSZkJJ{~&6BSX}v8vPYkd+33-sb7<<~VLL+##Cen>(2V2i2c4df z&6a;Ci(pZ1r2X7IQ1Ny4ezin-=4%!cp+P~gXA1Of+NFZ)O6A!+Z7a`_Q~KvCzsB(` z#el?oVo>)V->7|R_HEt@n7Oi%VHB;k~7B6n+Y&bqFU^Ir|j0fX~jq~-^@5dhDq??=k z@C$l@*0tDmtgJJQs%fXtpoHX#?q^ib`%G6x^v7V2_MLyPVPJn-$ zzHs4a*8V^-|FyR>W@OAf4`1+iZGTB;c-?dxOJe@*eKu!kW5{* zQgu2K{t%;FcrASmeWCIZTPp+fiWGpN13%Fa7_O;MKI({Rq0?`>7|P5=(?w7C7kX=C zSd0V>nGa)vwP5%$<%6`J8#^?Vp$#7KWmRy{-YZhF(^i@_uh=SfEH4)wDYGs3`Ejf;RKj;#mIYP%Y{t z*^*f59^+jB&*TMxhj-Cm;)MdKr7eyk2rT0fZ<{eguUu2FJ*sK%iP`P0n>a`BYa+b9 z;g{Odeb6wZEWeBa3~DxS<&+A@QF8f5xAN{8D*1bJ_XzCTm2gv4zahd3XVB}nIhJp} z1t>sTRDq*xx(8QPnz)N3W--nSPk};q#eNa{XznOFafHyGm z<`_w1>2JtOGcqFZF>>be{3yUgD`cY#yoyJq-7T^=Y116f*Sdqw_z4xkngQ8G-G4mLJ5ohY43@|;cy zSghJvY$+ft47!dtobzNdr2nlc15h3)k9g{kQ_to(pX9k%x==jWy${(MkBX0vC$QX6 zJW_n7ya-u$H|^KHD?=zFW<%Bi z`$DpSJLh8kIZ>V)XwKRr3~Fd-EFAkJ_j^?tVXzmqhzW#_>Sl<)NYVGR1A_|60$Msl z{aO-v`fCyBmzbS5bMlgvo z7sYWDic`&WxmrnewcqRrKktKST7ot&(6(t{p1xFk8+r83ubp8guR$023t#ZTl5Wz( z%$u9^1g&8+ayE(4%~5P$&%JHfoE=z@sYgzkfHGyGOcKf|ESY$iHa%O$Q8{DnG)>^l()m9QVd;Af|ChYKL(unBT zoQp=_E(R=sS{cAAUZ%*BcSBTB`W{>7O+PZ`=xofuR6cYyVqo^A`_Ix1(B?^1v`3u} z;SH+=|MjFB{x2gcsi7F|p{xqRkBo)dF?8juSlcF1v`sh33ekpkTY+nZh3t&C7*v=$ z6AEGmF^_W$^o#uAhspl;vFhl~m4_BD%d}uD z_VpOgw>#+VxrBIf2mS5ptt&_vy>5-2zU9pFfa2hdG7MTz0R(RDAJTR@$+hHYgjtK_ z`MfCvn^>cvSK~muuT)1WiMSR?rGv}SAGo~b+ml-_YhBYs7u{dG7^wFKy&5(m^z{aA z*rU6g4Qd;9YfGXgB!`g@%JeRieCj4e@#`weU(OwlHbFU`Hm1~88^ZXsE16b=^%cfi zQeXta{H32@yr0)gv;mJbRhFxrF{b;l{sLl}*>GRDA5v6AtC3-4WEwPMA@cRTrk{$N zTDou)Hv(M*{dq?dM;GAfHkDno}KJD8yY+>SXByTAVZbm5}{a zQj3G5zV)QcmhGuZN=g`Oo&;WyWECPVtsKnDu`MUgJ?}^R-Z0OwpK9^=VFQbabcO=G zjapAIJ)L)geeYP9hNbTUYUQipo+3+m16?Zf{8eXlql~W=ZF~*H-dnLTyH*f~cBA#i z3h$@l4)q(oqeJon$S=vc>C*}4Skyzw$c~JCGXty^GHUv8H$Xwgq~nzNJ$h zW&#NpOP7SbCo-)!Nsu(RUBpbcwY@vHdws2T`1R+emn28#d_JQIZl9dW^;Ub>HsWo^Y4WJt}*C z^7qrX#~%EKFd!f*y@Mkxid~Kylhg)NmKe{&JM=q@xyUlL3?2|(t!bE$f?PZ_bS`d@ zEE^efQ)Uvv7Tf|r4SWdBz2rG?XD@Ey_2t;hn(}s{lz&1HMX}~;FQM2t%Bn=J)vD2uP7woo60`O1_L$&Mzn7999o}~$|{=V1Kq#Co{C(mhTePV*THlwy=+nmYG zuLb++KYXnZO|!X&zQzRf`2YmrUHL5hY9P-Yuj;>E9QO}wxxJd+lhnbP{+nTI6Fj zz5iY#- zZ=TmA*nRk0%?5f4up4n3xW_=X{q{;vxg0W>mfmw*A;A5T$@N=z6RYNyYx?7MZ+gpz zK3T2JaACo3e)=)m#I$pLIRHaCz}+%8Z_>vr(Ibk#`i}-R|Hm6#3HKEPZvUK5d)(^b zsXdy&ZRb?ST(6tJ8tdZPVMj@3{xM8@f{^8EzR>FZsg)T?4ej69{~r7+EumnN z2ioj#hNeyDSO*{Jd#=GFhiscvj5bC;K7-fRQTDKu`wu&2{BGd0pmYcFhQvgjYr*y0 z=FE4+)gXnTgv`|dVZ{h0eRRvjVyu=hKZJ$Aqn3CwPVsCyn$DETRr2T4vD@16vqNc_ zk>hM*PT%;0Db}8?C!B&!@VBy<`gw3R1;ZV$YY=OH=d|fy_Z~V|7e1auk$hyKmE?~^ z>u538CtL{AQ`N=yP!@&XpHRRMVG*Da;n%*=CR5<;D7{#<-o}|9%^@ST%tAFFod|=a zL@u(BmI>GVICHDtuRJ5vM+xga?XTd;Jd=G%nZ@*{WwxYjQc2_UOx~mX%6%;gE%wk3 z`WO?IUj+LIDqw+7VY zaPKIkn|9Kxo43G< zzviP8%fv1Q9+sQzT=rI~celt4d?z`uII7j}j!V#=!H$c`E9t65{U6)LxgHXKqR#T{ z8%1_?T`?1sGTst{$Xye8UyIFa`o5rulyu6>qrUg(kZS|E|E?15XCvq?W9{{!FYYje z1nirnHQC@J@p2U6Y)OF^D=7W-#t&oDpL!8!iLGv2iX6|;eXuXOK^yZxGnf-G`9zr= zQ76ZjW248V_jRY>iU^i`R9GxO%`bYnHv8sBtxR!;s>#`#2{F?M{S{OitK8M219=y5 zZGs$7kNd$)Z;Bak2R*zzXi&SYjx&3Hzgh-=sbAN9$Xw3Zk6ET^RL8KR%NA9Q z_OVEdFT0xX_Qm0v{_8r@tvBe9kPv`-OnHv%BuSoP_`6H#pv5)f8Vp-lxYBCtvq~7W zg*uGCvOfL~DsdWyEht!C>rw^ChC$U>sCbgsN~2|OUjGG>)*~c`@c}yecIEC$^A2G_ z?eh8|efbX@XDu8Juqp{cpK(+2V#R73bSny4x-smD`vI^RNvaOv|6zm#`nZcnLQa{g zG^N^-;xy1j=Kjku!|t_9Ge+Kydxl z>5PO7#JMCq_7(GejJb&NftiW{XP5dbHtqT_{%+a12FQ}lhh0sV)DqEfYb&cE$973i z!hHYGP?0i;{BMg;NES0^Qb0FR4m*a!@9XHS-BWP>_`#`4v_)`qbng;E`NGcT(oAM@ z6+jtr`vb;L@xRkfu=ln_{dfJF=+E7p49Xzt{k3fT)riksW9DdK5s{7ge&Bfl z*Pi14I$i_xaf7`rur=0e;<2)#1k#VWoGV1F-6YFk@xg#lgNk>aHXsiv?6f6)*kIcR zXap?Vk-ut$y)TwPfdDZoo3KZp%*Y>2=Ib=hJ?CV)23ZI|& zWmw@0tF8vy@XE)rZ+tN?;8f>FURW^6R5lEP^arTfShr;2ROcipI^Xol;V7ESa+*Fa z-w$3x#a}IUL-uWZQjX^KgF@C63{WuLau;iW+J{LJVkJ-Yu>v75>vAqJ_72)5J_=-8 z=F2D2vQOwPediBPyZ0ILva|6->ae0TMu5hRrE@t^CO&B2>iT8Gd-L_ow2Dp-1te6_ zWEtGKzQLF-hvSgv@dE^cD(@XOk7;&K;CSz^$sa)J9(3pDT)S6#ahVYthrq(aH^Qk84AnOX<>`~ zn5hFjh2b6IPXYwAbsZZkS5!{Rr^ki`TkWR2j0Bf-s+{A=aY?LEL@aEN`7xw{RhH8& zeo|gV1Z5`sY!7=b)n*%t9NLSvR-jwphM+udQ)az~)w}pUnq{doQO~b2iQzWJvQ`T} z%a542RIpCNg)nQC!x=KFqb~wt$>*bkfHb5mnD?mb6bos-fYrx0as-e=87=+;8Z8ss zGjM@-j`C&?!3F)!ol;jWv*Q;kydOWIKr!9mkVB3Z)Uyqi*d|MoJU%!W z_4he|h|Y8c`=!c_DgfUIB=4wxXDxu}c0c9-TLGa(Z7*N))Z@Q9;14_!5MeSz?MJ`j zT}P~GNSJ`!_xCx1Z+FobM+EywpPKzn0|1V3D;f=;D&A*j!Rz$t+#^Zdw+HBpyUKSS zQyiJkB&@au{QDE2*w|$r^A9$mk*8ZQ5|XykAwwex$XWyvL-?P~0@_1y`wve&E$A4^ zy2#DV?K)&1AW8B&CICXe-PX4^RbM%ucAP!TqaAh@O7a1xBYg^-O8b54@)y(nF;D6l!Xb6uj54vAR z-s*V$?8m$aFEH`(8TJtoCPh7;{5v?L!V?obWvT9+W>ozDC6~UOiAHm(11CT7PKMmQ z(*~$vS`uuxW?%nMbn%+&Y3sQlm3E{9KM$fHCaCsEch7c35w}ONTb<~AQ{z)EQ zwkaSqk5`t7%K5k5bZeJ_F%8VfSdSQv-HJiuf-O#{UO+Ni>wA5vo_qGC z-uJh3ShFUF9GrH&(azptZiKr$yP*q+cn~LDD83Pzxq9^zZ_TzdB!_Qmk*7a)`;0=! zooNcp=bD*{+SmZ4iKj*ZRz{QZnm)qiAAmB3&AsBbM_f34C+>g{y}Wu?>-R&c1Es0W zY=()&s_Una#wSAx&L!yKAw_T>A+k8{Bh`}MZC-CpwrJwpLB1uMtKJpMiiXN*s{0WmI=9R2(w$YhFjqM}9kJ4Z>L2jy!7av23t~&Z}YCD#FUQwk-F#nVCOZZwNzU zD{UsmexEFuE!s9djvBB|(%Ed;b1Y@<%xLQ-@?;zvU(feipfhAeDBx?}Ssk?$Ooy#^dQ zox0Y+G!@f~;@C)9F9>i?cDOHDSlSeY?mI12?kGE~C%*iW)%DPtG0D5o{go+@*RQiJ zjn%#rt|OkroE_O+1~r}I`1{q;^e>IZF0LDLsq!nOE=D>Flg2ogjXb_Kamk2m%E24G z6onq}KY3~_`+n&et(McnH!F1PmU_!wkt^s&bwT~2j<*#ZY)V^9xI!xud>31%=a8HHg2@WOK;@DjEM5H?w zha#Y!3r+Q)Km4YqND+w|#kJkrO_6SXXfI}xIu_&~sD^enFF6%YzR;E@9_=idke8r{ z+bPpt&cltpiA^H5!l^+3TI$=xHqoJUJaR@yNy_?L~oZN^$(Bo%wp z2V)J@av^}7L=(#yI9Mk9wL~)gssKIsBRo#czYb^PUqWdsBY}e1FJ65RVkOg5?$T>Z zOiEnHr+cvLFY5^QwYk;sCa17?W#wm{vBBCXMY?uSzM0b${vU5zMFBBoJX>Zgm@*Xp zN_*WDXiVO7exc6T4&rbbMbeaIDn{QAJskYPJE1)JZHu|xa zx@Ti`>KEbzrPYIC^M9)TNTJ`|2J-Vm@#p}p|2_oxzxzf&z8MiOdE|SBktBU;ZInPL z2IdZY70f}j0_L7l>zyR-ZFV&8E-5aacQq#cTfhQjuzxH4{trhEag%|#M4fC)DGo-p z-_fM*CVWcekOkjJgk>Z?sShM@>b<6jnB_$LCqble29PK=w72!J@qwP-fIu)V9_9MV zb#La^2?4d&ni1Gqe7xClg(v?wVSj_s1!JD5Xi_2+M9wnuV zaK3@!ICboD95)WF{SMkf5Rf1&&mRPkm9^~Rg4$RiUAP5IB8TZG8`-?D*X5*ikQyR+ zkR74?_vQje3@;(DAwFb!nV9z2p(&BSGIVqcs2vj3G+Svf7G{g&nC{*BpdAS`0}8B1 z#WF!V=*|2By4-{9Axwg2#7rmzRllrY`u&T;Fz|gg1e*CgpFZ>b3$sh zr$Ilg^}3_l)&sNU;V#@vsM12(!LwM`y<0UW@H&n(R~$o zSO0gJ3hK>xh56IZ6ne0`@|4&iPsn&?;xF`cN16_JSg_idZNXutk>?=OSWuuSjk;C2bac*g%s>GkqO`vGJ0ANo~|p0Z%=f&lYTL| znQGNsHIYKwq%QjBO|4vK^4!${Bq=Mx4==NX&XL|>8pk-UT|^xC6|-K}CNxMzqbI`X!q>ZCeDpR8PPP;Nqd0_7$iPNDLMurUMXA&pWvp4Y&9#vJUi*I#^hu{jDX z=$s3$T~hJ+uL@cRT;zR+1*mCMD`G^jC?T~|KTEN^RF{6|(VeNtmQ?tzKyzCX_C;4| zut2+W69vXbCE%6U3s*RYOD7eI2cjbbQFK9;djd^-W&Exvv+xRxKAJVk6k!z6bU$k7X;U>UhGIOm;YkG}@EX|?a+m3>pz z6`_59Ey6{;kBnRCv+n0Y=An~+m#Go5f~aJphzP+HSO!JO^|@M#U`X4?x#jw7Y&8My z{^$eoYN(zGMJE*@QY`xe?2*1Xy~(~Mlaiv3FsO9u!?wvV23?s~r?MC)c842inGT*yVde{DXng*s@IO?;xb+;5!$_$mmpE@-u8NiUPUyA%W| z_`*X=H(F%lptw>ZDINhDceJ2}+VzrxRYcYY7CQXA>=}o>-X4=h{i>||6)sIKXDDba zqy~v!mB^a3SqMucKY1tdMu6l?2fMfHCr!iTe5dY09x4Z4vkjqP)=3$ZRr3w;FlBpc zY96HJWNzMZns{;hk!_u!smu|&cQX)XivFmoUPGE}M`N66QFoKmDJ@nG7_H}0{+Ns~No2}l4&L&8L%cuWaao-(JW&i)rU2&JxT~<;wNRCy> z%4!)Q;|wz-At`7_xXK)kKfID@DCa5j;;_~xBY4@JXwy=l%qn86+TT}Tj zI^AC5&U$fFtR#ikt}q2a@7}WD zAq!n*nDYI&Bs`saaY>DeXyb!**4&gF!*7M@{<-!W^OTN9B6N}tswEROVM^bWhuK6s zxFW-NHXWodJ8pOtGT_1=?sym+V@IJ%!?%&9ClYS%Rhr}&_D5pY)4v8D!X5wpKPe{t z$B`+iHQ~REh2yaJO#$i3$0Jd8-4m34uot^gvGPAW9}j~~!rZu&vLtMnjsK{-)fUcb z8M$;c5&eE@af@QDbEi}VBH?e<-fpd)OLl&g*Pkkt&8L$+E`}s&9LzBJfs%vkw7(Pl zdu~r})(^q$ESWoS#hsjp-+RSOFM>e1%RmHCDOs=Cs;@BpEolG^C-d5}oWb z4wo?O*{EZ;nlGgE%Uw7 z=qwRwrwimXmF4}tF+6v*Bite0YIPx+n|C{Jd-p0#fhQCU#emo*|b z(R{^;#~+n6ZTT$X=m(ulRTPag(5^T0jh25yyxYY!se4M;59$mp4?myZWxs?d{;eMd#2Vx1+G;Ox!R8&0vf1U!;S;u> z7=tCCOmsF)w&YrY|F^4sdIt=;iqqRjk_( zL_LNMAk=w2_WNXG`}2*L@B^j{=wP1AqDxZ_%9dSKAs-f+C%Cj1ez$dNK32?ZQg7RP0F zw;1flRL^O>-W!o0SiF-tzRYYpw+wLzjq_=u1@3DW6TOWGBQy;!uLaI)d{X*q{TE;A zqybA^bS&~f1YHR9MTq*n;C!J!Qj|u3tFY@vS$@VdWr#}|^0K8rzu*A3>9ziAJib-K zYevquqr3=ug_JHc?Sd~J?Hjp;(jGj&BCr;5=GW3I9+T$zFxToBCK*B&oW9bGlM6zW z*`Pbv6&q~Pz?*zP@+MJec39&BDu3uv;oK!Y)NuPG4rBx}8Xm4rEf?e(!wJNc;JZ_N zS>4A^m*&!xm2(jBqM`AhxwMzkP2s3@>Ng~`&YfN!hnxgbH}ME2yQ zgA6HqfS9QxJBgt_D|Xl(h2~i-KH>qf3I6rEDlSV*)2HcM`$_pA3Dl8kXF?Xj=R+6c z3^xn&4M9dszG~I!+W>U2+hyE(1{I~evcD>u_6qObgq=a1mg_sufi)f9TSC{NYyPZk zF8(IJn)^QosQ-gir@MOuz$$nmb&;6VeIGPLHX4hTiZYpZAROE1(SKk={(oi%06h^2 z%(9b@0LcK!?3_pBTmf4DE17R7lk%tSJ2kvtL89A)L$ueouX%C|{6Ft_`X>Vs2l)=_ zRt2!joA$6fyXk_wH+?K&oxdU;kG)CptsU2TY#aKJa8cGCASB>P>j?8|uY0LwpN6Ym zNh=Vh&E;f&on!ajAvUZ*eE zHA~PUGyBp4e9gJfh+nyqd)*qihO{zx5ng3;M~*^Nr!4xNe{P3&g!MXRY!F?;D1L6d<#1DYK3$7LTp z!dMnU$e~y5PqU&MhhY7m00+w(4X2qj&$QOEcwN1WBYSP%j|b!Vd!<5HhCfGNW6H6H zNqAV>%Zt9a)@J;Nc-I`{^7upmVBCwJY6 zzF(b;6m?eYUEJ?E7Ky}-KB@O!&T9FE;|i3amFtc|PJ&{}84(@S3hU-2{z}wx~3AcDlh6AdLvB~mt3KT z!L!`U<>xDa8?jcuhog?bi=Zq0lh<57d4yT8<4!K2A=A9ZBmGuUjjX|ABO#}M?R7aR z8Akn`E8(MMhf!(u;nd(ECU?f;^SminhTN*9vVx~>DKxrmuGpmDsoG|fR9@pfvY)4M zF3{@|@552+=8{1bmRZc6<(^C7X;xIe8LcJGebKZjbS`JFfz06^c~|vGJzqK3Up5Ks zO8XfU=mP(RDJGK&XZq{O|BqDN-+=Ld-V{6v|HGYv)cM-uB>{sV!% zOebKy8M6z~!w~BM0GvVAVwL4_ z-3hdJ-hHl2C_w5I*-imy%mCnTYZEZILFD%8qgwu2G!sl*OmQFPfYmSuAWJrI+W*TGsLrG`X`Tvj(@oL6?(ZU!)4 zH!Rl&BZ*1RQfkKo9Ma6tnlZiI!^J|PUXn;#8G|bI)JlXnPxco3n{fVyRL8N3P-zPG>+TheeT{uVZ21Qn`CeNQhoTakJE6;&M;2&K){jctk`Iak?l&r^wisGJGc* zX<_3pAOSC8By!E*33ZSw`bD59JJy{)*0>zRvAn2ryWHB{t2d5R`ZQwGv5bx=a|D_x;2eNRp%~T zPh-h5)n9{gc`aBgSix(vudSd$8d=_Yx{aeyr=vNwOwZ1B)Pf*rA7Y=-kxe~vlg{c+ zpS4Xk(jtwgQxykg3~qYOddqX58l%Du`ywM+I)a5y6tRc)iCUMQ+blUMLb9dDEQV;_ zHf?B#D+Hh{J(pD@CyFL25CkLr)i8=@P;?(HHWh>PXi(OoIiHXB!iBF#)up47+8ML2 zr8yc)r65nU{{_b8N+dMH`?;uC!#(@HRBpbSfTuue!N*l?KVU~pTTEt+%mF18pZ0W6 z3iiYxrlUXd9qf*(`cqroO4jAvR5?q$xL5zmemMew1DBvbvjQ8AlLPVB222T1;>oe6 zLC%MUgA3n2bDT=B4TUFR*~L;|qr>eF9v;div)aEAcSO?#?4^suC_vM_Xd-<0Xdr0fENc@{$_& zx$b#qn(2$D+NWadJo^^YLG%IE4{k)<5L34p@}18}Yr(8%`jOmX|M^>l$q0c`6Xq`s?cdUS zKEH!6&eidQE}%YAL(z%1667sNSChUahGMsQ#(5@7AP_0BvCsS@QWRDZ;dfAT*M zKqoaMT(>W!EgLD*MEDqs9VdP+TmF)bCbeWuAkd(u-r4ycSUpoP!n#-?M9EH0y$U{A zUs_L^DPEQ&F|RppRZetd^vuXq#`{X*XJTGtl26wEf>rr{fuh-mF=2ddaYCCS{=t9@ z;K@A!J|95Ds}kJ4S-tXYD3Sm4PE>T6s?3X#;yx)2n{yF0@0sm;s@QVCQ}3){=lc3+ zyqTHVPsZSVxN`t}M@ey*M3##6kOS@!#U&onn8MDT1zgb|-jUbYUw@Jqr%5!se}BMq z^cM=`U@v;WMos3vJ%hSsZ0vwW8yICckc1SvHWHo5i~!6@+RjvyLT)zzAvK9lnHny5 z5Ab*Z9iIwYETj*ptDkSTrO+~OVDU`xC9?co%KL2a2n*um=9)!e=KA3$`t1umx+78i zr$cK`7J(L_?SC1mQW{a9hW5pZZYgVJ~$^aC~O9dBb+f{^tiUe^$_pAPN5Ufw+rxj`$15R}h3PEZKC z3{?cXW8g!#g>46bd;9Zi8Pa6k7(@%>&1*NFJXMD31(I$;y%y2NM!tzKxZr6iJ-45e zWZLo^iI`SmO0O$=Db|JPZ|!Im&}a&iJ*q_re z1FMYVH(Ssa`ivRBg~I;bhWHcfI|suax(|_0CbFAN(MqmTZF}IMLS(baf%AtP@`X*# zKTssnf}P(q|6(2n4;Qoq>J^y9;xbx`)#-RxzxEn{(1 zFMKWMlFycniDf>BBq;s>h}9ayJA~&2s|psBT@cf>>lQ=Zm*X0-{FRHtwJ5xl6m%=k!ri)N%{!}CUD(PJXL_hNqH z@sgtM*tRofvP@YD_$MAyHp^XJZ`Y6`-nkR>5npE9vqQUON^UN{n`C_UI%>1)OkRlv z##*8GSa!->rOIo_ieRpjk*@}tsmXKd1ALj8t*%!jNdFLu1nEbYZLGTj!q{9~;8krU z&?rt9EgXnzZ;N|gkmS*!yOmWjMw8nrBB;E`!&6fL%PLOoTdEzmP+jds48NHSbdsgX zW|@E~u`N2j)oz5h*;uBx^t3q#{l+v#SCaeX`116FTL;Aar0w$bPS3O#J1m}={vt@y zKoKeW$}5x0!~%C#5K%vnRBc99rb2BaW5>_K-w6SJ}?;5g{wZ|e( zjEShy?<8VL*6*Iz zW2EfT?7$9A*|khmV!Q^k%9ZgaJwrSrN3?{?9c=3U}7P5sq5`)n;5Tg$Rm)c+VC# z%e$+e-k2Mv&&$$QxtlFXOzUmSPhQZAj=nZ0a<=%uuGq+-4L+3Kba+}1 zr3vO%QQn9UeGgW7Zngm)82) z!Ua%NZ*S^MIfk&om8_PssKcPE`F=O~AotG!%)8t>b_0*a1jvP`?JQE@Mv~~%DHU1B zUJjXQedn>g^WO(FJZ#N^fM-D!BoiVdoq$@#?)AaMuX}Ib^I4#IK}+oWodN-x-@z3G zWH>0^kS~b;Ck`Nc07?Amk-51uN$`cq^uyKI(ghEa?1cr;;iv{qTBkV<&bK(r$<`1P z?F^Jm0B^sZ!$jAY{10zT{#t8EDK7ajTp?zKS@|}z%3wo5K|+~jI>8eTjR4`Iq^P8Qv6?B~0IdH9O<`wY zB&9HtfEEzY`05Y*#ZM$tXmKF>vevNP47jD30^v7%N!pU(m}Poh;4P3mcC8Qy_|7p} z;#?osrD@DbO(`Phiq} z_GG1P{sw`)d6&>vNpnw+uF&}?CB=vPz!*RwFwBHbnwG`ooS5p>iaFRreTNI>c&u}4$wwp4!4s+@Vde01>DIku zO^8d|js$5eW7ZY}CCo@{E86~QaYJtSuF}`f)`iXC2_(ThFlU{1K8U~5P z7fz5b-So5?aM+Z+kvVC7%Ap0yv0cze(5VW5eN$8mG7ioaJpgAYjebKCQ1YfViU1E^ z1mnHAQk6@@Ea|_MJwL)9Lv&E#DLO^$(z8uAH!(1>oGsLa#Fyuk?iL^=tk!Fo`0l;4 zlqaizKy}4sS?hp_`iO_ot9Yq7Zpoy&r(++yBpE=dEdDwc_E~`w^JI2Vde_}6tWQdb z5no*^qwz4Zi`+wz6gywt>krhFdUl3`V3e1a=hIMflD@9-g8eWS;qu$4 zhX1lFqAPYIP=!X#0Tu`&HkrZZfPPG4Omw#8d0^0CEL7JE#89Rea9pctnB1cQ_0%uJ z*p2v%B5R4wDHRD7i2mo&F=O_+izHQwANeDbJwQ~I3dEHnOnj+qD-8qG907j)U)f0B zFeMiHrbwuSwa5dhmjR&oGRZ>vF%@oH5;S~CN@7;D`JDxmqy9wBcf6X85u0D~W)Yq& zq9*?){LtpuAUfl7sh7HczpBjQk{Bl`yGo=2aSbIdoN;q?-m@%BYHdS(X}?XNAJ5k6 zqU>;Ev9~HEh1X%YpfupfHUi3l>iv#OKq!OvVzQy>JdoO3i?1a1hlDII;Zs^rP#{#bzVd^tKj=DNmR-|Y<3_^-M&F{p*kk}m6gC~k9!d6DV0i3oZ-3$grz!yeV);NFwgj;0ojep^1ASl&)HtV+0 zz)w+GIg?2>dYJTPu=mynCpW+OQkSKN`rVkrM^FcTwu?ir=IB{9Z$?c zcn~{1Z+uR+ksP)Z?uV01BF8zS$F~h7#W`;Q$qC7PQk?UgkMvP3H*i`zYPP*Y+bXqm zSCyo-y3Kcg{d*8h2a+WOX4M0~95-<0?uDm=as-NiC1q~cP!z5xo5b}t*+hz*l1V0< zLqLJFJQ==PY3Jc6;w4=3ZKZI9pt9m&xL|hb?Qy`Z8#e^h1BE6z0XCX~!4DP+XO|D+ z-O}O-W`d!K7vRHYSm^6*B~x$n>WC*+TKkU%V79YrjLOQF5 z+`4VXtKVNRW*UCguhg!Dl>tJtepBzlII?=~f?2jcNLm3~k5`uEA+6dN37hFH`>*`2 z4@93uzRB>k`+8^t`2i+(fq4n}(I#slJoz#GlyEI%tn)aEb^56!7-&&tX1emiRHO=&KLCy>$s z*paW1Pw!SarwM$y-H(VF#f86K3-$JC&+7g2Ij#IXP`HDj4H{5Rz<+<6m!fK=n_8(6E?S_us5wm-oGeV=c&nuwng>nLsoU|e8 ztnS|qpFtTPLPuTmVP7nGmnEbJy>&sk{{{hX<{Tn!0$t|g;WcD08;AfMx1#qk#Gdu9OPy$(`%6yYzC{{F7ptL812jz8>*`|kIH z9Vl}IexQj1On2fLl;QW?KX|+$QD~|Y{QdOj!N%U+y_8pn03n--&9VDeNoS|nL5d5f zKx%@dtqt}T@M{>!x@8nv6yUht6W+coCblJ|hp92zKj{s0`Y0&wNGsh=zj^=VzX2FJ B*5d#G diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 28421dc466..19edab69d4 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -1,12 +1,12 @@ --- title: WindowsDefenderApplicationGuard CSP -description: Configure the settings in Windows Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP). +description: Configure the settings in Microsoft Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP). ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 09/10/2018 +ms.date: 07/07/2020 ms.reviewer: manager: dansimp --- @@ -16,7 +16,7 @@ manager: dansimp > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Windows Defender Application Guard. This CSP was added in Windows 10, version 1709. +The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709. The following diagram shows the WindowsDefenderApplicationGuard configuration service provider in tree format. @@ -29,7 +29,7 @@ Root node. Supported operation is Get. Interior node. Supported operation is Get. **Settings/AllowWindowsDefenderApplicationGuard** -Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete. +Turn on Microsoft Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment. - 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container. @@ -37,7 +37,6 @@ Turn on Windows Defender Application Guard in Enterprise Mode. Value type is int **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete. -- 0 - Disables content copying. - 1 - Allow text copying. - 2 - Allow image copying. - 3 - Allow text and image copying. @@ -75,8 +74,11 @@ This policy setting allows you to decide how the print functionality behaves whi **Settings/BlockNonEnterpriseContent** This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. Value type is integer. Supported operations are Add, Get, Replace, and Delete. -- 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge.. -- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Windows Defender Application Guard. +- 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Microsoft Defender Application Guard container, directly in Internet Explorer and Microsoft Edge. +- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard. + +> [!NOTE] +> This policy is no longer supported in the new Microsoft Edge browser. **Settings/AllowPersistence** This policy setting allows you to decide whether data should persist across different sessions in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -85,48 +87,48 @@ This policy setting allows you to decide whether data should persist across diff - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions. **Settings/AllowVirtualGPU** -Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual GPU to process graphics. Supported operations are Add, Get, Replace, and Delete. Value type is integer. +Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual graphics processing units (GPUs) to process graphics. Supported operations are Add, Get, Replace, and Delete. Value type is integer. +If you enable this setting, Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If you enable this setting without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. + +The following list shows the supported values: - 0 (default) - Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0). - 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. +> [!IMPORTANT] +> Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device. + **Settings/SaveFilesToHost** Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. Supported operations are Add, Get, Replace, and Delete. Value type is integer. - 0 (default) - The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0). - 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system. -**Settings/FileTrustCriteria** -Placeholder for future use. Do not use in production code. - -**Settings/FileTrustOriginRemovableMedia** -Placeholder for future use. Do not use in production code. - -**Settings/FileTrustOriginNetworkShare** -Placeholder for future use. Do not use in production code. - -**Settings/FileTrustOriginMarkOfTheWeb** -Placeholder for future use. Do not use in production code. - **Settings/CertificateThumbprints** -Added in Windows 10, version 1809. This policy setting allows certain Root Certificates to be shared with the Windows Defender Application Guard container. +Added in Windows 10, version 1809. This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. Value type is string. Supported operations are Add, Get, Replace, and Delete. -If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. You can specify multiple certificates using a comma to separate the thumbprints for each certificate you want to transfer. +If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. Multiple certificates can be specified by using a comma to separate the thumbprints for each certificate you want to transfer. -Example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924 +Here's an example: +b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924 -If you disable or don’t configure this setting, certificates are not shared with the Windows Defender Application Guard container. +If you disable or don’t configure this setting, certificates are not shared with the Microsoft Defender Application Guard container. **Settings/AllowCameraMicrophoneRedirection** -Added in Windows 10, version 1809. The policy allows you to determine whether applications inside Windows Defender Application Guard can access the device’s camera and microphone when these settings are enabled on the user’s device. +Added in Windows 10, version 1809. The policy allows you to determine whether applications inside Microsoft Defender Application Guard can access the device’s camera and microphone when these settings are enabled on the user’s device. Value type is integer. Supported operations are Add, Get, Replace, and Delete. -If you enable this policy, applications inside Windows Defender Application Guard will be able to access the camera and microphone on the user’s device. +If you enable this policy, applications inside Microsoft Defender Application Guard will be able to access the camera and microphone on the user’s device. -If you disable or don't configure this policy, applications inside Windows Defender Application Guard will be unable to access the camera and microphone on the user’s device. +If you disable or don't configure this policy, applications inside Microsoft Defender Application Guard will be unable to access the camera and microphone on the user’s device. + +The following list shows the supported values: + +- 0 (default) - Microsoft Defender Application Guard cannot access the device’s camera and microphone. When the policy is not configured, it is the same as disabled (0). +- 1 - Turns on the functionality to allow Microsoft Defender Application Guard to access the device’s camera and microphone. > [!IMPORTANT] > If you turn on this policy, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge. To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed. @@ -134,12 +136,24 @@ If you disable or don't configure this policy, applications inside Windows Defen **Status** Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get. -- Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode +- Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode - Bit 1 - Set to 1 when the client machine is Hyper-V capable - Bit 2 - Set to 1 when the client machine has a valid OS license and SKU - Bit 3 - Set to 1 when WDAG installed on the client machine - Bit 4 - Set to 1 when required Network Isolation Policies are configured - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements +- Bit 6 - Set to 1 when system reboot is required + +**PlatformStatus** +Returns bitmask that indicates status of Application Guard platform installation and pre-requisites on the device. Value type is integer. Supported operation is Get. + +- Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode +- Bit 1 - Set to 1 when the client machine is Hyper-V capable +- Bit 2 - Reserved for MS +- Bit 3 - Set to 1 when WDAG installed on the client machine +- Bit 4 - Reserved for MS +- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements + **InstallWindowsDefenderApplicationGuard** Initiates remote installation of Application Guard feature. Supported operations are Get and Execute. @@ -153,5 +167,5 @@ Interior node. Supported operation is Get **Audit/AuditApplicationGuard** This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete. -- 0 (default) - - Audit event logs aren't collected for Application Guard. -- 1 - Application Guard inherits its auditing policies from Microsoft Edge and starts to audit system events specifically for Application Guard. +- 0 (default) - Audit event logs aren't collected for Application Guard. +- 1 - Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container. From 52068a17ded33558afac7a0552e20063ea70ef5d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 8 Jul 2020 09:43:27 -0700 Subject: [PATCH 013/102] More updates --- .../windowsdefenderapplicationguard-csp.md | 164 +++++++++--------- 1 file changed, 84 insertions(+), 80 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 2e70ff89c0..63373c2a34 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -48,10 +48,10 @@ The following list shows the supported values: ADMX Info: -- GP English name: Configure Microsoft Defender Application Guard clipboard settings -- GP name: AppHVSIClipboardFileType -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Configure Microsoft Defender Application Guard clipboard settings* +- GP name: *AppHVSIClipboardFileType* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/ClipboardSettings** @@ -62,20 +62,20 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: -- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard -- 1 - Turns On clipboard operation from an isolated session to the host -- 2 - Turns On clipboard operation from the host to an isolated session -- 3 - Turns On clipboard operation in both the directions +- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard. +- 1 - Turns On clipboard operation from an isolated session to the host. +- 2 - Turns On clipboard operation from the host to an isolated session. +- 3 - Turns On clipboard operation in both the directions. > [!IMPORTANT] > Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended. ADMX Info: -- GP English name: Configure Microsoft Defender Application Guard clipboard settings -- GP name: AppHVSIClipboardSettings -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Configure Microsoft Defender Application Guard clipboard settings* +- GP name: *AppHVSIClipboardSettings* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/PrintingSettings** @@ -86,29 +86,29 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: -- 0 - Disables all print functionality (default) -- 1 - Enables only XPS printing -- 2 - Enables only PDF printing -- 3 - Enables both PDF and XPS printing -- 4 - Enables only local printing -- 5 - Enables both local and XPS printing -- 6 - Enables both local and PDF printing -- 7 - Enables local, PDF, and XPS printing -- 8 - Enables only network printing -- 9 - Enables both network and XPS printing -- 10 - Enables both network and PDF printing -- 11 - Enables network, PDF, and XPS printing -- 12 - Enables both network and local printing -- 13 - Enables network, local, and XPS printing -- 14 - Enables network, local, and PDF printing -- 15 - Enables all printing +- 0 (default) - Disables all print functionality. +- 1 - Enables only XPS printing. +- 2 - Enables only PDF printing. +- 3 - Enables both PDF and XPS printing. +- 4 - Enables only local printing. +- 5 - Enables both local and XPS printing. +- 6 - Enables both local and PDF printing. +- 7 - Enables local, PDF, and XPS printing. +- 8 - Enables only network printing. +- 9 - Enables both network and XPS printing. +- 10 - Enables both network and PDF printing. +- 11 - Enables network, PDF, and XPS printing. +- 12 - Enables both network and local printing. +- 13 - Enables network, local, and XPS printing. +- 14 - Enables network, local, and PDF printing. +- 15 - Enables all printing. ADMX Info: -- GP English name: Configure Microsoft Defender Application Guard print settings -- GP name: AppHVSIPrintingSettings -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Configure Microsoft Defender Application Guard print settings* +- GP name: *AppHVSIPrintingSettings* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/BlockNonEnterpriseContent** @@ -127,10 +127,10 @@ The following list shows the supported values: ADMX Info: -- GP English name: Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer -- GP name: BlockNonEnterpriseContent -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer* +- GP name: *BlockNonEnterpriseContent* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/AllowPersistence** @@ -146,10 +146,10 @@ The following list shows the supported values: ADMX Info: -- GP English name: Allow data persistence for Microsoft Defender Application Guard -- GP name: AllowPersistence -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Allow data persistence for Microsoft Defender Application Guard* +- GP name: *AllowPersistence* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/AllowVirtualGPU** @@ -165,15 +165,15 @@ The following list shows the supported values: - 0 (default) - Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0). - 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. -> [!IMPORTANT] +> [!WARNING] > Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device. ADMX Info: -- GP English name: Allow hardware-accelerated rendering for Microsoft Defender Application Guard -- GP name: AllowVirtualGPU -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard* +- GP name: *AllowVirtualGPU* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/SaveFilesToHost** @@ -189,14 +189,14 @@ The following list shows the supported values: ADMX Info: -- GP English name: Allow files to download and save to the host operating system from Microsoft Defender Application Guard -- GP name: SaveFilesToHost -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard* +- GP name: *SaveFilesToHost* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/CertificateThumbprints** -Added in Windows 10, version 1809. This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. +Added in Windows 10, version 1809. This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. Value type is string. Supported operations are Add, Get, Replace, and Delete. @@ -211,10 +211,10 @@ If you disable or don’t configure this setting, certificates are not shared wi ADMX Info: -- GP English name: Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device -- GP name: CertificateThumbprints -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device* +- GP name: *CertificateThumbprints* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Settings/AllowCameraMicrophoneRedirection** @@ -237,10 +237,10 @@ The following list shows the supported values: ADMX Info: -- GP English name: Allow camera and microphone access in Microsoft Defender Application Guard -- GP name: AllowCameraMicrophoneRedirection -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Allow camera and microphone access in Microsoft Defender Application Guard* +- GP name: *AllowCameraMicrophoneRedirection* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* **Status** @@ -248,38 +248,42 @@ Returns bitmask that indicates status of Application Guard installation and pre- Value type is integer. Supported operation is Get. -- Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode -- Bit 1 - Set to 1 when the client machine is Hyper-V capable -- Bit 2 - Set to 1 when the client machine has a valid OS license and SKU -- Bit 3 - Set to 1 when WDAG installed on the client machine -- Bit 4 - Set to 1 when required Network Isolation Policies are configured -- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements -- Bit 6 - Set to 1 when system reboot is required +- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode. +- Bit 1 - Set to 1 when the client machine is Hyper-V capable. +- Bit 2 - Set to 1 when the client machine has a valid OS license and SKU. +- Bit 3 - Set to 1 when Application Guard installed on the client machine. +- Bit 4 - Set to 1 when required Network Isolation Policies are configured. +- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. +- Bit 6 - Set to 1 when system reboot is required. **PlatformStatus** -Returns bitmask that indicates status of Application Guard platform installation and pre-requisites on the device. +Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. Value type is integer. Supported operation is Get. -- Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode -- Bit 1 - Set to 1 when the client machine is Hyper-V capable -- Bit 2 - Reserved for MS -- Bit 3 - Set to 1 when WDAG installed on the client machine -- Bit 4 - Reserved for MS -- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements +- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode. +- Bit 1 - Set to 1 when the client machine is Hyper-V capable. +- Bit 2 - Reserved for Microsoft. +- Bit 3 - Set to 1 when Application Guard is installed on the client machine. +- Bit 4 - Reserved for Microsoft. +- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. **InstallWindowsDefenderApplicationGuard** -Initiates remote installation of Application Guard feature. Supported operations are Get and Execute. +Initiates remote installation of Application Guard feature. + +Supported operations are Get and Execute. The following list shows the supported values: -- Install - Will initiate feature install -- Uninstall - Will initiate feature uninstall +- Install - Will initiate feature install. +- Uninstall - Will initiate feature uninstall. **Audit** Interior node. Supported operation is Get. **Audit/AuditApplicationGuard** -This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete. +This policy setting allows you to decide whether auditing events can be collected from Application Guard. + +Value type in integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode. @@ -289,8 +293,8 @@ The following list shows the supported values: ADMX Info: -- GP English name: Allow auditing events in Microsoft Defender Application Guard -- GP name: AuditApplicationGuard -- GP path: Windows Components/Microsoft Defender Application Guard -- GP ADMX file name: AppHVSI.admx +- GP English name: *Allow auditing events in Microsoft Defender Application Guard* +- GP name: *AuditApplicationGuard* +- GP path: *Windows Components/Microsoft Defender Application Guard* +- GP ADMX file name: *AppHVSI.admx* \ No newline at end of file From 71f8b23865f08733714b6fd7aff5cd924f7ccd65 Mon Sep 17 00:00:00 2001 From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com> Date: Wed, 8 Jul 2020 12:10:17 -0700 Subject: [PATCH 014/102] Simple Download Mode - DO Simple Download Mode edit from 100 to 99 --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9128a35dd0..8b92505fa7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1813,7 +1813,7 @@ By default, PCs running Windows 10 Enterprise and Windows 10 Education will only Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization. -In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (100), as described below. +In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (99), as described below. ### 28.1 Settings > Update & security @@ -1839,7 +1839,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con -or- -- Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **100 (one hundred)**. +- Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **99 (Ninety-nine)**. For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684). From 6f5f0435bfe1904f9b7033ada266fe23e681a665 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 8 Jul 2020 14:49:33 -0700 Subject: [PATCH 015/102] grammar --- .../windows-autopilot-requirements.md | 146 ------------------ 1 file changed, 146 deletions(-) delete mode 100644 windows/deployment/windows-autopilot/windows-autopilot-requirements.md diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md deleted file mode 100644 index c8f3eba453..0000000000 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -title: Windows Autopilot requirements -ms.reviewer: -manager: laurawi -description: See the requirements you need to run Windows Autopilot in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, Autopilot, ztd, zero-touch, partner, msfb, intune -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro -author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article -ms.custom: -- CI 116757 -- CSSTroubleshooting ---- - - -# Windows Autopilot requirements - -**Applies to: Windows 10** - -Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met. - -> [!NOTE] -> For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsAutopilot). - -## Software requirements - -- A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 Semi-Annual Channel is required. Windows 10 Enterprise 2019 long-term servicing channel (LTSC) is also supported. -- The following editions are supported: - - Windows 10 Pro - - Windows 10 Pro Education - - Windows 10 Pro for Workstations - - Windows 10 Enterprise - - Windows 10 Education - - Windows 10 Enterprise 2019 LTSC - ->[!NOTE] ->Procedures for deploying Windows Autopilot might refer to specific products and versions. The inclusion of these products in this content doesn't imply an extension of support for a version that is beyond its support lifecycle. Windows Autopilot does not support products that are beyond their support lifecycle. For more information, see [Microsoft Lifecycle Policy](https://go.microsoft.com/fwlink/p/?LinkId=208270). - -## Networking requirements - -Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: - -- Ensure DNS name resolution for internet DNS names. -- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP). - -In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to allow access to the required services. - -> [!NOTE] -> Smart card and certificate based authentication are not supported during OOBE. For more information, see [Smartcards and certificate-based authentication](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan#smartcards-and-certificate-based-authentication). - -For additional details about each of these services and their specific requirements, review the following details: - -
ServiceInformation -
Windows Autopilot Deployment ServiceAfter a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com.
- -
Windows ActivationWindows Autopilot also requires Windows Activation services. See Windows activation or validation fails with error code 0x8004FE33 for details about the URLs that need to be accessible for the activation services.
- -
Azure Active DirectoryUser credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See Office 365 IP Address and URL Web service for more information. -
IntuneOnce authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: Intune network configuration requirements and bandwidth. -
Windows UpdateDuring the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see How to solve connection problems concerning Windows Update or Microsoft Update.
- -If Windows Update is inaccessible, the Autopilot process will still continue but critical updates will not be available. - -
Delivery OptimizationWhen downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
- -If the Delivery Optimization Service is inaccessible, the Autopilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer). - -
Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible. -
Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names. -
Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
- -If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. -
Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). - -www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP. -
Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
- -If the WNS services are not available, the Autopilot process will still continue without notifications. -
Microsoft Store, Microsoft Store for BusinessApps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
- -If the Microsoft Store is not accessible, the Autopilot process will still continue without Microsoft Store apps. - -
Office 365As part of the Intune device configuration, installation of Microsoft 365 Apps for enterprise may be required. For more information, see Office 365 URLs and IP address ranges (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above). -
Certificate revocation lists (CRLs)Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at Office 365 URLs and IP address ranges and Office 365 Certificate Chains. -
Hybrid AAD joinThe device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at Windows Autopilot user-driven mode -
Autopilot Self-Deploying mode and Autopilot White GloveFirmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips (including devices from any other manufacturer) come with these certificates preinstalled. See TPM recommendations for more details. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested: - -
Intel- https://ekop.intel.com/ekcertservice -
Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1 -
AMD- https://ftpm.amd.com/pki/aia -
Infineon- https://pki.infineon.com -
- -## Licensing requirements - -Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs. - -To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: -- [Microsoft 365 Business Premium subscription](https://www.microsoft.com/microsoft-365/business). -- [Microsoft 365 F1 or F3 subscription](https://www.microsoft.com/microsoft-365/enterprise/firstline). -- [Microsoft 365 Academic A1, A3, or A5 subscription](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx). -- [Microsoft 365 Enterprise E3 or E5 subscription](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). -- [Enterprise Mobility + Security E3 or E5 subscription](https://www.microsoft.com/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. -- [Intune for Education subscription](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. -- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/cloud-platform/microsoft-intune) (or an alternative MDM service). - -> [!NOTE] -> Even when using Microsoft 365 subscriptions, you still need to [assign Intune licenses to the users](https://docs.microsoft.com/intune/fundamentals/licenses-assign). - -Additionally, the following are also recommended (but not required): -- [Microsoft 365 Apps for enterprise](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). -- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise. - -## Configuration requirements - -Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios. - -- Configure Azure Active Directory automatic enrollment. For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details. If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services. -- Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties). -- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise. - -Specific scenarios will then have additional requirements. Generally, there are two specific tasks: - -- Device registration. Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios. See [Adding devices to Windows Autopilot](add-devices.md) for more details. -- Profile configuration. Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device. See [Configure Autopilot profiles](profiles.md) for details. Note that Microsoft Intune can automate this profile assignment; see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-Autopilot#create-an-Autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-Autopilot#assign-an-Autopilot-deployment-profile-to-a-device-group) for more information. - -See [Windows Autopilot Scenarios](windows-Autopilot-scenarios.md) for additional details. - -For a walkthrough for some of these and related steps, see this video: - -
- - - -There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications). - -## Related topics - -[Configure Autopilot deployment](https://docs.microsoft.com/windows/deployment/windows-Autopilot/) From 7640527bf0573628e7bdf69f7a57cf938512e82c Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 8 Jul 2020 14:50:02 -0700 Subject: [PATCH 016/102] grammar --- .../windows-autopilot-requirements.md | 146 ++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 windows/deployment/windows-autopilot/windows-autopilot-requirements.md diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md new file mode 100644 index 0000000000..a71d3bbd39 --- /dev/null +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -0,0 +1,146 @@ +--- +title: Windows Autopilot requirements +ms.reviewer: +manager: laurawi +description: See the requirements you need to run Windows Autopilot in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, Autopilot, ztd, zero-touch, partner, msfb, intune +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +ms.custom: +- CI 116757 +- CSSTroubleshooting +--- + + +# Windows Autopilot requirements + +**Applies to: Windows 10** + +Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met. + +> [!NOTE] +> For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsAutopilot). + +## Software requirements + +- A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 Semi-Annual Channel is required. Windows 10 Enterprise 2019 long-term servicing channel (LTSC) is also supported. +- The following editions are supported: + - Windows 10 Pro + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Enterprise 2019 LTSC + +>[!NOTE] +>Procedures for deploying Windows Autopilot might refer to specific products and versions. The inclusion of these products in this content doesn't imply an extension of support for a version that is beyond its support lifecycle. Windows Autopilot does not support products that are beyond their support lifecycle. For more information, see [Microsoft Lifecycle Policy](https://go.microsoft.com/fwlink/p/?LinkId=208270). + +## Networking requirements + +Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: + +- Ensure DNS name resolution for internet DNS names. +- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP). + +In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to allow access to the required services. + +> [!NOTE] +> Smart card and certificate based authentication is not supported during OOBE. For more information, see [Smartcards and certificate-based authentication](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan#smartcards-and-certificate-based-authentication). + +For additional details about each of these services and their specific requirements, review the following details: + +
ServiceInformation +
Windows Autopilot Deployment ServiceAfter a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com.
+ +
Windows ActivationWindows Autopilot also requires Windows Activation services. See Windows activation or validation fails with error code 0x8004FE33 for details about the URLs that need to be accessible for the activation services.
+ +
Azure Active DirectoryUser credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See Office 365 IP Address and URL Web service for more information. +
IntuneOnce authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: Intune network configuration requirements and bandwidth. +
Windows UpdateDuring the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see How to solve connection problems concerning Windows Update or Microsoft Update.
+ +If Windows Update is inaccessible, the Autopilot process will still continue but critical updates will not be available. + +
Delivery OptimizationWhen downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
+ +If the Delivery Optimization Service is inaccessible, the Autopilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer). + +
Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible. +
Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names. +
Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
+ +If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. +
Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). + +www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP. +
Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
+ +If the WNS services are not available, the Autopilot process will still continue without notifications. +
Microsoft Store, Microsoft Store for BusinessApps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
+ +If the Microsoft Store is not accessible, the Autopilot process will still continue without Microsoft Store apps. + +
Office 365As part of the Intune device configuration, installation of Microsoft 365 Apps for enterprise may be required. For more information, see Office 365 URLs and IP address ranges (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above). +
Certificate revocation lists (CRLs)Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at Office 365 URLs and IP address ranges and Office 365 Certificate Chains. +
Hybrid AAD joinThe device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at Windows Autopilot user-driven mode +
Autopilot Self-Deploying mode and Autopilot White GloveFirmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips (including devices from any other manufacturer) come with these certificates preinstalled. See TPM recommendations for more details. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested: + +
Intel- https://ekop.intel.com/ekcertservice +
Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1 +
AMD- https://ftpm.amd.com/pki/aia +
Infineon- https://pki.infineon.com +
+ +## Licensing requirements + +Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs. + +To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: +- [Microsoft 365 Business Premium subscription](https://www.microsoft.com/microsoft-365/business). +- [Microsoft 365 F1 or F3 subscription](https://www.microsoft.com/microsoft-365/enterprise/firstline). +- [Microsoft 365 Academic A1, A3, or A5 subscription](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx). +- [Microsoft 365 Enterprise E3 or E5 subscription](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). +- [Enterprise Mobility + Security E3 or E5 subscription](https://www.microsoft.com/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. +- [Intune for Education subscription](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. +- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/cloud-platform/microsoft-intune) (or an alternative MDM service). + +> [!NOTE] +> Even when using Microsoft 365 subscriptions, you still need to [assign Intune licenses to the users](https://docs.microsoft.com/intune/fundamentals/licenses-assign). + +Additionally, the following are also recommended (but not required): +- [Microsoft 365 Apps for enterprise](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). +- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise. + +## Configuration requirements + +Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios. + +- Configure Azure Active Directory automatic enrollment. For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details. If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services. +- Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties). +- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise. + +Specific scenarios will then have additional requirements. Generally, there are two specific tasks: + +- Device registration. Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios. See [Adding devices to Windows Autopilot](add-devices.md) for more details. +- Profile configuration. Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device. See [Configure Autopilot profiles](profiles.md) for details. Note that Microsoft Intune can automate this profile assignment; see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-Autopilot#create-an-Autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-Autopilot#assign-an-Autopilot-deployment-profile-to-a-device-group) for more information. + +See [Windows Autopilot Scenarios](windows-Autopilot-scenarios.md) for additional details. + +For a walkthrough for some of these and related steps, see this video: + +
+ + + +There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications). + +## Related topics + +[Configure Autopilot deployment](https://docs.microsoft.com/windows/deployment/windows-Autopilot/) From 03517bb7f881e17dad09052ed569078e5057a8ae Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 8 Jul 2020 16:54:29 -0700 Subject: [PATCH 017/102] add url spreadsheet --- .../configure-proxy-internet.md | 16 +++++++++------- .../downloads/mdatp-urls.xlsx | Bin 0 -> 17145 bytes .../images/mdatp-urls.png | Bin 0 -> 65155 bytes .../microsoft-defender-atp-linux.md | 15 ++++++++------- .../microsoft-defender-atp-mac.md | 15 ++++++++------- .../production-deployment.md | 13 ++++++------- 6 files changed, 31 insertions(+), 28 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/mdatp-urls.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 94f58cc685..73427e0de5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -102,19 +102,21 @@ See [Netsh Command Syntax, Contexts, and Formatting](https://docs.microsoft.com/ ## Enable access to Microsoft Defender ATP service URLs in the proxy server -If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed below to the allowed domains list. +If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list. + + + +|**Item**|**Description**| +|:-----|:-----| +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. + + If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed below from HTTPS scanning. > [!NOTE] > settings-win.data.microsoft.com is only needed if you have Windows 10 devices running version 1803 or earlier.
> URLs that include v20 in them are only needed if you have Windows 10 devices running version 1803 or later. For example, ```us-v20.events.data.microsoft.com``` is needed for a Windows 10 device running version 1803 or later and onboarded to US Data Storage region. - Service location | Microsoft.com DNS record --|- -Common URLs for all locations | ```crl.microsoft.com/pki/crl/*```
```ctldl.windowsupdate.com```
```www.microsoft.com/pkiops/*```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com``` -European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net```
```automatedirstrprdweu.blob.core.windows.net```
```automatedirstrprdneu.blob.core.windows.net``` -United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net```
```automatedirstrprduks.blob.core.windows.net```
```automatedirstrprdukw.blob.core.windows.net``` -United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net```
```automatedirstrprdcus.blob.core.windows.net```
```automatedirstrprdeus.blob.core.windows.net``` > [!NOTE] > If you are using Microsoft Defender Antivirus in your environment, please refer to the following article for details on allowing connections to the Microsoft Defender Antivirus cloud service: https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus diff --git a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..b1a37416092ff6c6b25788e3c08781b71b170bb4 GIT binary patch literal 17145 zcmeIZ1y>#0(l&|&cXxMpm*DR1?(Xgchv4o`aCdhL8r%Z}g1ZK|E7^8V&c46kd)FAy zYmHG=J-g~DnX{`Dq(R@I0)YcT0s#RL0dX*O#d`w-0et`i0zv_T1ko0@w{tPIbJ17v zbTD<+rT4J4AuMT*ZJ|Ubi%!knx%3_nIaa zR8p&0)f^oJSBMtBcOO_81|`R}WkNxV_m4-uhQ<#0bZzih#Sd8CTd-}Dz6}Qhq zf}DD$)M~jyXX$DrWN5uj)C+%a?#m!*aSXFt%`>cjXEZZ?Fb<66i|95y-XI@1vtLar zq9HeAJUiQV)jYmnM;Z;9fP6$pOJ`d^&$2F+y7N>(kz1SV3dtdtpWj^KHt*FJNC!`} zJNd?#Gf(g!0dV-(8;u46OwTQJf3@Yy5<@aNJZG$)FXq4#gD{EyGGAa*AvwKx&>XV}@1U0!+ zikM^N&LEQ8!tKIcy10}lrCV1lbwz7gzVz4@iP-$5NFCxdy*f4&N-=III$wIA*08MR zrqM$+@Pd%?X;o-#3rF5j;&i6}QcB5pxcA{)GADECXrs}Fz0MLww4THPAleLk(z4gzeR;g-hpUH^$%5VABcjX=_ z%lPh#3p8+})TxTA=5w7>AFG;YB9m-+`J1mfa)N7iNtt%i^5w?mx-$d6T#rpTG9T2! zSV@kdmk=Ye>*8L$U)m1A#Fq@CFP3@-oiFVg>wFFGcA+LLR27rpK!SN90y2;$0|nqvFNw zwm1~+)FG70xsEEcvg{J-)4RM=y6^6n%0|jhS3P6p~Uqc}ho zS`-uob$pNNGRKh-n} zUA*yj13_;+q96v^HSV&xRbsC~g;!vs{EADp$g(TLT9g=dPeH;DZ|z-O!J9RKDhX zwhIGobCB-krcB!fH@@A%-S-|Wzpz7T$0A2B=c1jjYx`GM5^GT=p6;3OF*hR?r}@}s zcwVFU)*g2#|K?JG{7I?T09R@U|JEkFb_bpt6YM^2g*1LS8=p_83t`x(IDtP^g7bbs zdWY)yj*HOqI91Qu745{$x!K;>$if!D(*GNUfk)kgZay*I=phI$2#?^(^HGhIk1Xb@kkwbaPQPBUPIT5~@_^_NN{M z33{boJ#8ST$?`K}b7x1;ui^pAQLMLjExGcsUFQ|2c3qy`N9GjfFPlf6ZEgDR{o9V- z?%$tpX5D*tynKE1yKME;)4hGuIDP8rdY*pscs6c$Y4_Hsy5q~-@pNDCUq08TmzQ^+ z2wRvpa-gmjL*QGnF$j-r+hcGu!oG%@EYSTAwT`$>N_Id5p ztF~jGu$Qkm@Xa>q@X|T4eRD@RPSs63wMX`4okJ3qVAH}Jc+fs%A;IXb?o)V0rc*Pi}HEV+xm-(vk8y&T&$ zn$sVyDT>F$O4kkMjb+epmc>Uhd zvH*4S{&*oa``X*S=i%o0$gyd?#)d?*=l;O#`sUe5v7U#3=k15Krx5>Q-xcm_5;NV0XYEhrmhPbrMGAfckdMvr#~d5 z6Q@5Vv=MXNleH1IU66$kj}7jy%`7KgI(R^Yf%;gjv`_??%2D)Q6lBTkIYK8%);zg= zbX&!^;s1iYwh%0q0~%Ar8!|N%*7=EJ^^MyW@=1zg5X!041c_pFMC)tLR63`iSxixu z%>)x;YM>4{G!~<)ftD_$j=&uya-QN!<{q%7S@>)jn;>?KNU@^*jYT+-Q-zB#Y&;KH zRFR@|5G%H%v@p067Ntq=7vK^@9CGYntJb1xO6Nh3FBycfVoFz-F@q7l%J#Pb;Va+N zzK5mRo+Z&DOVB}qSd!8qVvU;S#Q`frV1{Rx>2dLn!!qGEk%t$?A95a5(SHm~o3U#n zn99Z-Vb;%PHf4jzaMN^ah1f$<;M|P$s`h}lC=&YsN+z#9VvI5R|SNK&a{0S z0jMKV`!4OfqLk=zrDh%7&n5=+pq?lW=wV-FD8C{rOJl~>X zJR(9?f6zV~QP4>{gU>L&seR^;-z^6K0K9 z!$?#X#2L)>SKi5r#nw&}laH}3GkdnAgB4@WI>vG0JE|!aHQ!X1I+666C?_jsak2Do z&0{0ZtBl=pu+rCXUlTD?$Zm=Wb!PAq={1S%6t6(`G#^eW`MeA7 zZ`7d(q){)ru#jXBJdV=wr1A7{8SD2C?b6XQA!y7%tZG#>j1$jSRqLq1*Ol^pA4jia zIj^Qpz9fbse$|eKhoyId47)FdNVT3XCoO2fdtub}fQ0St5#J$@(HZk0U?>JQm=~Jy zbLhi@sy7#Ip|wzWr;rqS_EOa$B;y@YsFQA)TWF^<84{AT1L;f}&*5kyp{yWMaCpD? zHLhQ}eB`OZ#$ttC0%tcXTv_dP0PdLpreq5w_S>qY&$2Hja_+ll;Fva_(Etm!d?s}J z3BuTZ1r}<*bi+vXcq%in*t%NXKwNxbMf7!{U1r<}s3*Cx0Z0^Dm_0|N1j|_~A;?`@ ztUX0UH$yuUsxxqrcuQs*2g0zhxRl3rEU{612$JYEB$k^IQHf#k3Me9(TK+h3!R3(0 z_~KRqL{Y?0IK;gR#JO?(V_3SEm3M}rjy*=9@NKYTSe9%=p-`KUSBwLK7~dq4Nxc$V znD~Vzq)oWLeKcqoQP^%%Hr}<Z zY+(wKU`RS14F@@-MsY8)(Hn0#_6uqeQ#hqhy94hyg}^RC4HeXMWm0>RKvDgmVSz%R9LzngZ?Ux7BLrWJ`_Ek_UD~P%X$vvzYXkdoMvPXFmNcq zz^}#t1E)*_)^E76yS;!I(GQCQv)8L2cJ+Z*^rvDNX=(13vrAaop@Dlp%0XD&{fRH_>Tg{XAk+}{D0%; z9JAyB5AktVd{P$R`=ii7xnI&GdW65jVyVn{>?(ZOC&+h%rH-7WN@$7it>+Uo&QlC< zH4K1NhD8h~?(GMMbn<}ELIKY9XIA48_Idao19d6szySb%*m{f_3brxS8Tb_?Y=;AY8sP3op@!}N>QEJIidGyg ze4(^$JHptgxSyoIz9W#}y6)JiNEY}9SGM6?wTH@#EaCyoo0JSdk5;p_C#jG{&_utQ z^Mket^Ix_Ns)cbjPBO9s*fs?4r1}XB6ioT=$qoPzB10gu(TNl=j6UNoj3ed}{pE_h zx)11us9PWfkU6#X0Bk}gh5)1w54=L?9>h`b_G8=cGWMI0+F!H&0zQ~LM)wfqP)h)1 z5XFf$VOW$oHHd9ox+G7F^i}ujSvlacjfQbg1ybnDMSDYgYzH_@IkfK8TMAd*nfVtW|UN z5XA6A{Y9>L;j;5S$sQ`EhocHTL>z$`Z)l*qPvr?g${bTZ=q-TPkT*u$v6qCzGqaS= zfyxN+7elo24~TGLkN#IsCyzq$|0Ldf-{{@6MDdr0UJwjZy@LMq&^KT%9o{R|@)m$f zV)TEh1pM6}9_r6^D?Ydw3PdZzLWUFj^n<^1^6)7F1}Nl#loL?`761L7z<y>2JY7r3}xR0t5_)af<{glg^2@%L`^jt=xRI>ihJSM?vM;D%#4*{{Ys#De}K0xXr#`-IeerD2R3W_B2cuY+8Jwiw|H z#b|UfmXiE6EEN{Gch*&WKb_+Al(gjtDj)TETTyf7mW`uQ9V$ zfEI&`VL{GGpXXRD@-sb^O8hEF3SdSI3OK*EnOtafGeeBKBr&|Hy?63Gs+g=Mn9?92Bn=$^zD9#jB%M;+ni|)i%Vi^wB0Xiw9_R3=7rYRvS z_eVk##n9^&xdcfQRsI&H@u3Q+aknncnod@j_CfKT84&?>8d1YU5I*mpEPq3eKF_jV%e?GEE;OvkwI7;!T zIc8It3qnRs=J?beOl$miO1S+?pp0UT#O$$_+k89>taOu^)>QjP*uE^*KVuZOF0U%1 zqLfF8ViYlJKN~Oh6+H20m4e%>d4c1ZXgO0j@Bb`zx# ziB5hYQR=XS8djuO{%q1=SfEr5z7TP0C~eh2(HND|&+=mCu;52dQPLKosKo~Y2m$!m z&>Ir87@^=Oml8oRPNj||IO<->Uxf&O5-7I_b^9kJjl-UUW%Q>xg>vg|yV~&ABczx% zV`21l=ea)|#t?g+Uh0BcvhrORr3`3+vAUzpoyDlQDJonn99{em9B~U=?0?KFR2W6< zlcDrM7&U)ZLNca_5oxWTp{>LU*xDLKcZq8pi!8fIQT)oGUIS%^L zg%v;Ridz5~>p=Dq_cgy{CqHS0Rr6DNI0V}6^5-@;g}*RV7-a;wNwhHP4pQ}S{J;TG z6uhd)uJEUk>A|2!66UsD;gqev*01Q{q8KNy4DA$7%-hfL^(S>Mi<0P|Fx6N(#KPX_ z=|_a}u|L#uaacgk&;zN>e>ZfUtd=;@GbvC~sP0_6nX={L6NQV<`iNJO5o$)G88}^= zDlKf~^oP%|wwH~SQn7J~ydDx_?_}U|b%JJ(F)N@T!4*4DVAq4>5;gn_F%q^b`7>6w z{Yc7||3?{q6fHx?g={1gQDK=wH|`Ag^uGZuiIM!sTFe|q*-xsIP7)?Bj2@g3ZsA}$ zwWTPP%*EWnS_asc{B$jV?#BUYNf+Lmjni-QgPWbL2vc%3Z)~3vxoYEP-E%DN6LcS` zON|OX`}hmW9~`sX6*JT&jf%NM_~AV}0M_NKT_M1|@(UwR*h=s%jUa`$$ZDb&{f7D{ z#I|Rwul>%=*|lgH&fi)!Pg5$)c`|dem(|g`ytRGv@1L*R#hOTN8K>v1pozU-IWa&% z0<3TJ|Y#@IoVm(lp$`2AQfr6WWpgtZ! zlXpj`Sa>z7)9>_tu79Y1su{YQc=BBG*72=|@95&RUDC(T*t*Y5MHXx0e{Nhk=aB#0 zgRd6#ocxku2vffG+_`d+>A##Z-q}-gx25NmdAj;l=VU4KpyGAHtYeFQ@!9XZZ}@F} z87`KC!TOnUcYE^VJm752uj@u=ZQ}Mt)t{$ldK{rv-^WYm#kX$b+-u@<%M~pZgc8na z)6vmPHvZmS!`re=k6P}J4Zu6he>olO!$9no1H7LZCj8la@auHY#lqCql;PL^Uk8IH znxCU^I8b{qp5DVcyZ>O@jV0UMp0-KcAT`NO!fk3kQB-4LPUyrz0U_hMRiZ2^P8G7} zOPUh^h3mSBg(7YIPB2UHd6}eYpET1(O3Mu{O8m8}wDdm5&+FRda;_`QOFRvxKOsfG zTj7c?D|$JNbUwx3nv;^%M_wW+8p#yO?h%IehxA&mpA(Yp805$@=%a{DehPsk*BUkY z5M*e4Yp)q+;1+rGh(te0F8T;AUhrlbI!&=s6(&i-gIcg%XCI=k6*NUn&(P^Em(t+OPZItkCW}< z4B-@>7V9Nd@Uh~Y-VIGO4c=q z(7;i;^Dr75lWG1zlefS@$dJS5{d)2JI;@A!|K{*m&`xlDK{=uFfj}xgqZ955WE2`q5I{O~D?6JQ1<}(cJnDC?J?&q^)ffirCU}fo-uK8;gBP=r_RcR%r*7O@( zByvOvXWyK1Pn~cyUPXs+`2G?f^H-VLh?_ISn&9wxGGQkJG9~&(VWaSgepA8^t5=^l zZEFU~tQYuvOh^m?>tOT?|Fl0mVL`8WqQoV_#D>=$WwOWYas9{4>7pAbWze)8SlO6edeNpWAYb0<`rUR`H&dKUqPOHgf;=_+sYa?|Gs79Q^F zPsyttn945E!wRF2Ee8X<<^T-PN|SIruUag zwzcN=jzJ#ilo3cAdKv>a4f$@b+A8Hm}EDV>)G>eyufpdv_~nmEP$SI8J_kb(kaHS+~zZlyo)$Hq;^H z?)$EDHX4GlY)!G9qRk3;iufUeEsb_PiG*&~k^DUc^J?r2td_9pMsHT6%&m$C3wfS# zQJ5Aiu&+EsCwof^j6X}W?eL96^>H#wZt6vp&4z_&^-3+(KBWUI7%{LA#=0o4v^#oQxmuQYi5Ah3M7uP^FwQXsVeHWI zd`@}R9Bxk!`@$^WX4Hn`#BvmafMhL7Owk%hPOdyN$Yb}|WChtmO~PvZh;oQIu;c;W zM)E})qd>XU4NEe|?!nzK1q-7-OeBe0CsA%3oGCudJ86(kpUyuSj&&Bdz?Mcm0Fhs7 zH$#AiAkz`ig=f@*xsSv$bOTc{M~)zHN4eVJwR~s`uaa~Hx4(-ZCbkQd`+x(fNJE2x z2I6BxKvb~P(PyT>%v!Yg{YUq&2ICe>osn}~NgqkLqZHf<(oAyt*&?bZXXR-KFy&V= z`tpzIdDF^4@4DnSI0zQToxv@?nU@SvAANC2{2s=$2Ul?={H30{*zQG+&Z*j(z6~CE z!BeVp=ZkL?Xdfe8?j*CUW~bahWJ81ES|bZBB&_@w_6J*6F;2eAYKr%x*^^qX0<_0c z*$+?S>zxZ`5blAzUJm}8rAmhiLiVX7luvUwqe<)rQR|7CF_2rGToiO~epEIP8&b=3 zN!W%xh$_KK`AE$bA#Rvz6EC$oN3PTe+XnH9I`H$yPry2cGoo&mH6u&(XS@4!pF@zM zqGa?ZF`9OszIN-Z_&A;;5oSL(jpu3Fx><#oHStlt>yj&+Ia%Zm(W}xvhx6K~oyFz7 z=puoGUtO?MIOc$Ea%$0rv?4S0E7UB5NS5L$Yr%QRdm*GTHrS`~HR%Srx9Vtq`_~qU z(CL)8PC$pzHYX4e+#l)J*~Qbw)cNNdxf5-D`>&jc{_nqc3-7sSd_YD=G;C^&X;eCo zt*&&bA$ROu8Wj6zX{dg`VQ)i$xT-`6#@>>d+)Rq%&3iZL!TWygB{qt+4nKU9(wyIk z0oMcx{VKdZBDOm^NDM+VeUP>v%6w2eLL3`nlSB&;Hil-FG6ot#r6rFfDW$i$bU|7Do+kO4!gjml}FN`k5n4aAVGn9d1j* zI~gbr{LzWWD{{_-=P-_hr73iypsGj0!G4qJla+DP={K`vkmaFy?$Zw>FkdKU9Q3Sa zrn|KeIDsRhP6XfYL1Co4Tj(3LgdU(`BCB=~8VM>lVv@70XWc6ywy-_eSAsUK32#mq zkYG8CRsDpqikw&%8`L}drc!0h=20^2LcwxKCYvyqhSQ&iFiaI;0PNFrbujA$9z4+- zJ4x7Anq5o*!mv@&;vW)C!Kx&cqm!(x%X4|~ovv|kJAg3vU zPI{%-QM^X$D*RnFs?tC2z?hymjSJfQ8K??-E-yDuBS;D?TV|nVkL7{qn^KTF+!N9e z%9KNaOmUfFH53cH3_ZV;q{snPE!*Ow3j2b@=5P*MBX8!{6V3V2Zta_b`DB#C2z2VD z)5!E8$w97ec&B?{b6ClQb*h#}9zD;Zj1!Eyp>LLPRTh#U@w!aqP+8wq{cAP)LZLs(5zS4kpZK=X8*!6`}CqLL_tedGMa|~ zI1eaK{#cX`?M>uER!i-H>cLJ7^I7KB2g#nG!FCS#g>_C8+>DGBBY?If>q${d>C z1ybJ3aZ5Yzs_eT*xZEC^)r%)=?uPVdaV8lJQdN(X%X0RKESWqjnrj6J{uI}2m(^f2 zA<=Af@;xItkkbZVe_jk#;ii^6NE}Qwhew8ca{?D%BJTs{9srn3$ zhVlC2r0iGWs$vFIS;OKzG&&4au1372Py(_rFy8iiowZGOg5?LzQ2 zpQYcJS`&q`%KFN1V-zI?&z+;CP=w$qAtuI2M}Z)tq>>+W$di(zOq6jiN0j2*Jn4b( znr^;Cgb~F$ilIW#^`&1hz)jnT=Hv(o%U>jcfQ$?F>W0U^AhR}3HQqIdK<&O_qyp_x zKVSvPbKx~41zA=hfvwk8dch6-d^;lRFOhr-7C_o z1aWv`o(GFsvhEdSBT{enVqae1LMmg1zFSX`zPnRiy+NXbmf3qjSG7K*ntXe^c~oaQ z;s`AOaRHLollN}Y?rG*wVQXQ39IO_ovt%_Nc(8u4~Yx}q_7AM0*FJ4V*Cu<8O54)#^ z1S}^xzG@$$r3y`x*Re)f^3Lm)x(+;g+2X&Zj6TB$m&s~zx)LvlGWt^bxh8=*jfD?- zeuy$Ot@&p?DVhg^cu)UN4b5v;0F@Ugf zoSC9pbXTr&5VCo|7 zn(OCV4zkXrMAij!Q}!W(S$O>Q_MU4;949Qn0fDCMGP(zAI@-Lu>-7#>++--}o6>q?yI!ei8l=hS(2o)} z&({Xu1>#i&q&W#_w|Om=ji<%8+f?f+xWLL8j;au*G4-vbzMvr$Z)QV~p2?!fPkp&o zXU8H;*hgT-<@K-l9jF5Vl&@DR=dJQKVMZ>p(FiZex7i``&$%+4QwS&I0HdNO_lW@u&xlutf$U zk^-Ec*z~hM6PG%xCMTm_E2L?OWQ(wmk*q=F4fn>@1a$Lrx4~NS65q|WobW*;?`$SYNDr)Gc#OW`866gcDuD5r zWKm){!#x)X0pTQD1-~zeKKuaIre9zoYlf6PT_<kVGk@O6E^QhD5ZMFMee>c9PX7Fa~krvCI>2CgwkmDDB>mM zEHDiX)x9$|!^pyqjIs{Ed+DOIW@1&&vH2e%9}tdl!dJak%CT&PKdyiEU@i!nA`0JN zr=gJwhzsw!Wk)O*GB_?AQDGPj-mnv15IZa>w{W_>Ncd{jyK#FM8SATF8S;gM zEI4}t{`{iombC7rUe?KD?VaWNdCgV$BcUnmlVp~6Siwhk)uGLb)V%FQ9=Cq=Gbodu z`FH$}6c`lZF9P_tF09@tNOXGFXG#44RVg5v|i2RXQ0mruu`^6j*)5OU83fvh6AY!K(~0-JUk zFY3tIAPHoMLceFsvbbG$8r~d!n=R~!X8%OO?%^`9J!a}fku`6PUi8R?L6PO`*w2*; zxOiI4fmxmw8H=~9!q|Z0b1mIWRY?rcOpCrA3>e_KYME*GEO=Lo2Rjwycr!QRf?#A! zW2A{3PNUlU4Y_b&!(Byy)A2ukHFjwp>|anuAlT5m+=(8NUvvEOQ3&zJ*K>;N=|>r6 z)A&hhfuUQ0>?Ky*-863r^nw9@4)@giJ!73UIn8tO-Zd2OA6Ag8%mjs;@3}*x$qgv= zvT`oh*I2;3O!HZo3qVSMGzz0YjLGMX?59I2wYhDmxe8v0JVSmJk3 z(<3D2NQALW3?~VhW%8X(NLTAgGbtxM3nF>eWw~8TYG#{nH*P!k*Rn~`kDlkvdHdt4 ztD@^BLyDo@lpiAJedzt?#kAF?o$$P&MKP+}s)_BJXtZor8>Qffx3b3rD4@Kq&`U49 z1?NLey%;}P5V3yAa_|G2Frre1o4O(VZrs*fPZA3gsP3$^Q@*ROr-wV|n)ZFoB(3mV z7`40j4mbXiJ7@ebuS6qw(p#Rx?s|M_q2Lypa9Kyj7ikvEgQ9@Dsf#K?D`c^%C<9p3g2zBw{#A{@hLGpm%`^y>a+aQ zv3qBC5wJ_jj4E8m>f8%^`N zU%H0JB4Vbxutj!*aN#48So}@+X?Fwzk$CScl*BL;sFU`!%u|@pWv&t>X+tW|QDKs7 z@3|=q3&4g-WOR6hsbQ>SCk~lI-EqfkGrnymZ^0g_$uykvCHeLMJ9F;0Kia!thhiR5 zg~Wzv)Koe|j-*o~PDmW}tvZWNy*bEiH=q*d1p9YorAXll@s*xELA%c90CeF27E2vyvz5cG*!w@4=qngYKd|d)_&M zBa@*6GmFMg=2^$cjtJ4s#vKj{GM#Udti@LiM-|Xai0?g4-7amU`Zh@F`7SNxXP54Q zmqyrQ7;3gK0J;u2!dxa0>1$Q%7~x}W)9oZgNZ-0Pm|E}_=#o;}+?I(qYD-bOXq zm%ozR_`=w$2tZgZK566=}{Wy6D?G$6eaFP-BtG1u}OmcGBl`a@z#~ zr>#)joxA$8mdvA<`-r;h3eSxAHE}o!qws|ie`x#Z;|uW9kZ;xbFx{Zab^3g`g&Jyg z+%JU~5LYvOWAiYro)!;-5+Yvy>Ze8yx8zUs>9r&4tu(l5LL^a8qB>f^%;I=PY3O2% zV-u4vGUoRq5%q=*)~o!QA9Qi@B~TF|t}ch#oK94@t3EM)(fR;|5$+tRC3w%2@Ku6L+ z#X$uzfn-W*lz11cA8QJCK%qK1CZJx|PIzN@<-T-;DqIINLOO17P|*rn#bm~uK3(WB zE)6+LYaf%QsTEoZdW)gm3&(IbfeKB(a9rBzJ9PAfPC)`4#3YUYog5saxoNW|g_YC%p^tsm;C3-%!&8|+eds^lT%%*GhK zYDrL0SjJ@Zje`zzAcU>WtE->e**es51z~^-`*Y? zWHCkg*+Q(6#^8`pT#q`Gl?tq2n3240jBGe}4u@rc+q0lI1o!*HJHB>EK|Pqjfc7k7 z%qu3aF#djo$~4E(WgSAM6CfJLz$Sd-2Q51C*CEw6h)*vXX2!5cnh}bDbQZQbfs0zO zq{<4yRN-iRHGRe#XLl(5s!c%Y?V|$AI#lDF_30m|`>lvBvPpz2?6P-5Bd^KVW>~vp zUfww=M6HCJ-BO_Wd_2c_o2l;KZ`n5Zag=&n9mwf5%Z?V+}%A=xB($r5ik^h1Q-f1u{Tz5vUhN1Ft&Fx{d0Wu z|7HOI(K9+hQF?$8HDn9yO?b>Zv(eT0Lo;YH9~WX4Wp~J)9SpmrM8U>umu1HS{N46$ z*TG)Lfu0gALitC(Uhb7c=5SVYd1y)1pa19*(= zBuLqDL9r6ow#WE{oT1pL7UvEbMGw=*ebnx^f;BQ(Qcs0YJlS96R)P?|9`bW?VXrmI zu6D*EU6noR=h&1&L>S4_{|>b|f=5VL zfEWPpI6dzD`p~GEPfdaqG3G0So=IEEmG9m#ZMQe{Og}TDP}=uKu{pouBg6|Dx}KVw z_wUn>sOW|*i2%U;9PUE=Prw;EIQ$>p06_cmlLZ(7++{=zJ*PSK5BDjRGYnBnHvXWc zhO41ytIX-0Eor>7oWdtU*W*VKVWGU;*z!1cJaQi0y3)daOh~?~+xM*@%XGW3CVCCc zM*Fq>VXXecxaznU1Q?Hi5y#atN8Lw$0TECt5~x(@MZ!?914)jVa@NA;Lb+4pinzJf z-R|m`(B!2WI?laRPruKGvD?&T^!S;0VkZJ{gfQYUnAXwAQ95kbczR-U?lo)}}@Y1p}fG*uIkq zo+NAZns@4ChmO#TpDdDu`;SJ3O~P#@F!vi`89o8`l5)aD4-sWe$r)b@PlW+PPeFJG zB7ML<2rm|d`Cg}25w4FoT{;LlFv{~ai&sZ*O9~_Pd1NcRBw^$N-ew z|2;1CuX~=~1^&J{_(xzP+b@B?Z4Lf)tMI$f-|PH;gz~fh68b+?|L+q1yG;0p9|%a0 t8wlusiiY3W|2ydaCwo2bf3W|V0u-dd04VBk+ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-urls.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-urls.png new file mode 100644 index 0000000000000000000000000000000000000000..217cc0d47823e0ec91c38feea0c4b77620df148a GIT binary patch literal 65155 zcmV)>K!d-DP)u2p2FG1a2{$001BWNkl?ha=?XIRZ6FUmU$hD>=vKO~I zjmq$Z(RyEKJV+FyB#JuijmpsEZbUI5y-q_WNwGSjqzp#d1wLhJ&J?eG0D06f+l`;7-eh*0+KU;gC_Z~RWKP}_~U?*+yr z3cBzA^e^82-hVX4?9(`K%X#mA{LR4=uMLgO$~1ZEdTclQ!B2nYWlP7-yd8ym$zzO* z`J2~P=C6L`JAbrG&Bk_fAHMrbVY??^{?=~Pxv>86FaPT3nYYVBlS-yf)CS5ZwgnPw zUydAvkl3Q0Yug-4M4r>aL5OWJ&$VqqC?XFnBRFwwfwizW2Kn$Zzd68|AWa87f`2Xx z2OvZ#@m$-ss3nM2U*0K<2~yN^ZA%c?zlDPn&$S$j*_=rH^t@ql>^j1=xy1?66rtT- z++gZG@aW#7B?2&J=Nra}=LpZSEJ2Wdcnb&Ag~ct7cPqohc25OSk%-1_{9(FkF!mC+huj4?q7wAKh=gh0tuYeP8$0|o#iELDOD)k*>& zgs^^Ig8y!y0Dv*xS@00XV8EC?ZWhJ_A@rQLN=$Z$?jjH)gtxbpo#tUov{r);fWT;j z5Het%n~vrYz?c}LjWIi|MHp}Gy$BIZv{ndV0MJ??gb>E}%D_8?ck21I_2dBzCd@2FEyr&_fDf3gpmwm=MzUy9bZGws`GVnc56tVq$!H?)GKZ^|sF>TSM^(7JbCXOw)M#9Q7(ptTviS^%x2OcOwR zE-RTN>|-h@C0Z#dlZP;$)=?BNZX+vu&r} zYfBWVAF0A<$72XYysE zQl&H#9EJxOF5M`3^o0RtFgtre#1-gX(SjWGnH zuEo!CG{O!+V)H9ga zUM>xKnA+vB!xLk}w?F;qEh6&e(a7Hn!w6IR%v-MUidoWc zT>I=-w&OO|<|uQ7<6uI-=s1cAW2M^6(CCy_Po|rBBn&1@$L*i|xBs&^ayXN5+l`Is z<6j#Z8j_!DfDGgI^6LAa{1UltCJq~&cDGO-!&nEM2DLq8Fr~WJ3oWYe-nvpAJ#_kw z?`J$qJ@87N4-h6u$DjVY7`@x z#%^J(;M&)(d=#e9$ur+*uFnx{)>f9Yg_2T6*tQJ)Sn7#GF9n;|uU)<1Wow?3Yc%dm z9R2#q7hWFhtOyg(@%w-O|8)GQTpr?HiQ}}@s26Gz7$c+=FmH0|z~vAB@$l)dY_2VY zt+`I@%uY@8BtCTXBp9PrOf#i#|GWPq3`0V&F-FPQ7~r;tj6n!#V;Ey^{a~C>#)T`B zKq`qawJaxVzcGI7YZw3!Xr&0_lQT#BPLo?s8ux3%tg(6vz+fuE#@+XR@?QyeD#HgD zXCu?6@`b|Z!%L_PTl2TCMq!{4b~A;f-^x^`CZ~_w`xY2uw?6%45Nkp}Cb0p`8I9sd zSWcS60BIaV`P$UX;WG%NF+eG^EKb)KZhFO$B<%J5jwM{b736BO7~^L#BAKoK3?RfP zt1n$|_j<1FHr8);dO@`|f|(cl>nS)B)3Z^yHw(uWQDdZ(W3w+NL1TGgEt9W+mOEz} z17HAYZ7`;Si*|jf->Zjyx4ynys8p#jCW=6%c77r17P18E$zHdl%{TUbu7wJMW* z6!^ARv@JG&<0GD_dRMTyO>2%~UzJwBE8z8l#2nS(e-O zV_}K*#-i4t(qJ|gWD+9GEU#1>8mUbl?zdNkTZC|Pqup+|HjGs?1{v5AYTRsz@?fxs zBZLt~z1Dh~N<;{wydMRYla2bVBn}aw886%GwgMSTDY4dwa-%i3GmH`gP#T)lS}{Hn z1Q)c{00@jG!V#8@sHm^pNDVHH9YcTzJTvG9CNv5v`{m6B8}ah@ijQd&Nt$!f29gs@JN$Y62o>~{>plu#K5K^S_uqA?mHjF9d$H{Dzn z4xORg)+$Ytm=IbTIm|edX*!V1DJ2t!UUITUf{-x=BVs`7=e`sIfRfSxfB|g`07#{0 zPQEpHTv0*+P|#iPc6+t)*<+{Q^n0C5amXb7cBcz6ijxEYjF!OMul<|<9SoSQty_aJ zgJ}uIXsxwYue|*Sl<~0N2FxwN-}=Fy0BAsDOA^u=A(YL$F?E~*fYx%LrVRSNF?ygf zNu+-1oj*hf^gz`$Pz()JV@7MOjnRe5sNb$r;fnF8=`Eoc1^u4wWVF(NK*{tTV<+OA zFJAxP+O-Rr+)$xBflyqmj(_&+Pwxpj@EC2Qn|1$!kltKt4NfJeU3lpsr0x()(o;`Zzn}{$%sg?=C zRLZpPx4E#iF@yayP373^i$hZhp#l>!(De)kVW1?^S{e;fC5bc!fC54Tu0lJiBZLrO zfTuTir3$JU_0>~lVL9D4|5JZ1m54Du7%%|NYa;?x`+gOdk`80R;uvw!`|WsNWbqqT8zr2#7p$`kHpg{QQ_ z7)hC8%rM?B``>O*8nTvp`_+PNdr9QW=2WV&U|4H~xt+6IrR28w3Axg+RuTvs2z`uO z17TY$g)spz2qC3Su2?f#8DkK_27V18k zz_9J=G+=wi1OONS0_Lm7t>J1OA>@UJ?{)_Do5AqH*5L?kX;QUi62E;lsU+ zTQkRAw}jA2i;U|!w$>_ zu7*l007IDAYBpv@CvTmwYLx;2a{EUY`gp6SfGD#Dwe1Y-_CRTaC?UyPC!Ioe2ixr`^JBy8*CW>lKUbf67YTie|pDCf3_maPHNtmjIp zc8G43(W+X^TUGg1KnpzTBTuR#f*v=JOn4P~xeyK!K8 zyi~|{)09(gi~%F1hI_|N$>e^K!#wc+dyBy{zT&6Gz{E8@mS0<5s8-7pBbC)T4KQF* zv)#yeF!*4!)JiE}493dVm21}zOpO-{*}l|p&%&`?@dLEBEGYxmvH>SN!01K;fHBBu zH94I1TdQ8iot_xF^=Ud-Sih7C0BmdMkO7lQIZ`cf(+xY(fr-jTx7Y8t)EKGZ;K{Eb zG}xOp0BEHOm0@H+>okr+%0w>r@&qP>sfjTe93hp`g^Z}>$gMj!4~!36wxzVj_w*FN zq%s{Tmo3!qwby4RD!;nEtnW7`X`_)=QzQ9SeL0`cPmR~^UfFKmJ+I(lgQ)6Nm|0I2p@w3FFlE1l>B9?h_0#Odu{?;bes6QpVW>L^W2F zJC?;AFGm?;+!D5@WxRi_dKMrBTqweA%l0hW#gqx#;}-jkGNV2zv_TXx#$C(FI8Fu# z7q%-bSLt2#X@~(AnhHnQ8O!zvWy0~epnEtD#vr396RzcWuA9Mxaf=DddmMk(FII&m zWwvc2OhgbX#%;^;QgR=UeQ}?pTk9z%lnM7it17~TFfc?@&V=RIPL?o-G9hdanft_N zjV0l>Wm64AnI7YoWqFc(?yjW`LWWY|T297sGYB(oF>bl~%X+E}q7YNz+D?XB9$jC# z`^g6jwzZd@U`oN7o5sry7xpLT&t3fFIxTb<-rs#&Dp>c@aM|J9{`jL0E?v063LSbs z(NsdbDDRGEC}k@v%Qr4J*Eicn|AsCcN~3v^nhjyu?q{EUeBt~h>iciMkqFa{Aw z|Ex)iInNmL{`o7bL1`tEGiKL?Lus@iQoU|jwsY~*^B2xv)?SNKyoc;$3<8t>xPfb> ztTFJ(XIE}FGn>n|w0`1+LrM+nW^yQl3Aujb=FK_NsIRNNP$Z=i+IP~%9gi^ai(fRa zeYW7NbP(LvLMaWb>B->?A@tU*TQ~2>M!l}o=NxVfLMHujgH(zc191MrmAO`SW3i-n zU$}RENFe<$OCn(G~IWJS{u>qDN4h7 zy$jLiTc=K^vHrsHu9U8K63fze=2yxhdgCMw!(X=-!|pIfbVAvS!zl3k&Bbq>JqbVt zT7Lwe%N*tlo7j#=(-&&nda_e&hsyR}4;5m*@Flv3;!bV%l=-|dyN;_!Qnk^FD8(yF zcVB&VD4XN@kwI2F;}G`!puPO5VUfkfCUHbrp4WE8;`Re7*e(<9o z^?JKfCs??i_swsA-QR_}(<)!1dK=V-NyLS>N}gDC+f89EV$$=WU=b>{ojP#hEcZzJ-@fz3)t?_cH7XFweLPh;;F z~Mc6G3)5!gv;1^s>$ zMcpp={w^yAWWq2+m~^|QzstInN;{4s-}ignIDNvEgTjE#jRK4*r3e53ZN+F{tkM(+ z)-nmgFq6#@1W^{}M5T#T8bF6ZfC*)c-TRs_#%U4)!j>%ts`9}M)mj6> z2p~z~=P9=vqm_)LN--ha0vb`7N-hK?B#C2$2_B>;K?sZiKw4|9HO7Om27~}%f{jxB zpl>-Y8h8yTDW$Rh zvN1ATU0JPv_Xj_0HrAI{RuUz187~MW!KhFy-n@RLR2!|-N`9-EMk-$(8yzlgZqz0C zYfGEL5wRp+d;4u-^xE?Lg^$k@CquMxt*q@bY>R%qQSWsG;RlbNP{G>mg~rJjUzYyn zg-Q7Sx99i2u|^Typpi{sUWmGR@JUpsRqjw1j-m?UBM;>C}J za1j{4(~{aE9=80@A9Q9^^J|n z=r{zuh2`~ft!lK>K6hDMX1izw}FwllSA z)@Ak0rk%;fq3?R$#^S9IyYIaHP5BH?boat&O)U4|^Z_|Jdy0~bmx-c4SPntZ?Y2`X zUnE>GlEg_iUwrFZKS<(80j3z@I6(**qYfQAVF?QpoCEPweeYmvFEvI630gp zKtKq?pcN2`zI4?o=QyzlRX`Vb8WanZ#k>OQk4t zxPakWb$w}}-KzUxL@{L)&)vLTDrXn2UN)Fj7!LXbX|ynRw^A*yudhrWc{!K$)H9@k zc}UB(sg8_MDiD}33^-?fzn5Y*G(3hdK}M%a3&E2(R$91Tc5p}^M8pm}myFR`8(b(E zt+mkrRyJ4E+8~U;07j4`i84l5mhHL-P`OeYhz?pSKq!kb0;H4#K-pYTrl|otlPdxk zDHV1z7-RTcbTvuxrFsj486!wH8ufCe*4~&yh+DQ}^q!2H!I+h5L%ln9=Wef33U0Ps z%4hb(!0}s9EUa(;=-(lu0YMmsmSxK%F(Bh$wz(b}X*1ejs~sWd`hw5CE3Wa2mh zIH*!Iq2V+^Gf00bA>7%qg?nhR^7lCT}e08m1;)?ko9Kq=KmX$kj+$!o1` z$0d{+W3)18dtVZ^v$H=vU{TyJXaFvRZ99z80KoISZl{MChb^5b5|%SCWitNxAOL`6 zJ81h)DW&atfKU!0r4%AGn=2TjIpbREOrfZil5)>v^&J?axv&s-M{4DM)E}yyF%hZup~s5aJBD5RT(Gjz}f{(w`85luo%2uIp*D zUnvw_7YSk6j^nx_VPD>=UF-3{vMkHCT@M57C68GavTa8Q%k@B;hu6GK-Euu-cA;)N zhzrYhT-Oyz`eZ$&S1(<-a{Uf_h5>p62tn<3>+;1LvKYagJuA5z3xf4ZuDT#AV7Ut(y zR+cD{Vfb+FwQYL-!w-b8H`kXQP8|W~_@i?__q*+Kr96mzdVJ97$&ry-5tDsMZ-o(B z-&j{s=c})ser`E-F+%I>>mYkyd+qdY0j&fRs^dkRbYQa__;6~iwKfDJr8OlKVI-v-xY97j2*yd0FwOx?nj{F5!8e#vN(e%bCJEz0 zE4jVgY(Z;{F;0`jfFT$g1B8;DcvLAR#sp)G5NM^8HiC00C1o^C5=?ALP4XCF>|;BM4dnLqo= z@sZ)-C+#U69v&?e@=w$J$HPdYvADQ=>eLJSN8&*Y*XzqGt0x~xwAF4mn~f7EPCmC* zJq!9lcbEay6ptC%9Ctb|aE9^80a=BrY>RWT!WK>_mHIuHKFvP9vo= zHg9fphDOT$AY_EP*?b%Y471Jk)!M|t1GBR)o_VQQEI#Hq^m@HZmoA@q>7{)g?TZ&L zojmoz=;-J()^qFT%}TX;;^f}*7-L);^Jwm!o14#MGLNSI$%PB2Prq2J)t?S#QTl z8pluI*FAW%Qp$nOexHye$rH6|*Lu=4c_!b}UGdl){w36(x~FttPuXYuChD>2{zzy0 z1!Gc;U;Ww}w(agnT(Q2Tfz?jS&m?eWWxiG!`JA)AV zga7a!2D((GH6TQ`)T(Dj4qvZUDu499{xN`&T2oAtIN@Te=53{kNm9ufo1UK1+GwpP zWdJZfGVHf|%(iWdYcnv3Y-9TKy;{nYQU-8V8#5@ABr#yhDFJ|UAG}M*Z|~^%rw5vZ z{;ivBWVD+vxQ+z?pbf%^5~8)5yL%gWcA}cSeDm(?>>-fR(#rbS#1zGvGUm718ZpNe zlyMaY^;WyvZua|0ZDR7k#5U_7gh1WCb;HRNv!0#CF=iaJR0dg`X|1JF*=+9l*~pB# z^x3Bdvpb8cIoIm6Tb*t%lg;!yUBh^-S_Pw%I80K>xk!S39P3Qp@CZJ`M z#FTK(nUvCTUBA;x6u6E9Muu@pz$D5P^0_FA5JFnXo*xjbRySJ5jvY(mFpW$UMO;__ zM%a$u>#VJ8l!u3G&bmF{@iG)tD5X{kFtG&pdp(S?G1?GFUQHNN47{P+>S zx$(1KoI7~pNZRfuq3ZU#QlnzYX|=j;E^p!}m#d^fzwNiNph-{pQ9D~K2hIBM%;Blg z(yhCzMn@oJ*H8b|_y5gMW$!wL5XEre+|TbUZ4|0C4{)4n&Zwb8>D0*z6{+?0l?aR3 zsj0HZuUx;KFV{|=oH_T)4;EKj(}$1Ej92emzj|k3ZDMK)w6r}MgyH)73NiZf)!V~E z)mEczdG_eU!D^O%`2K~FvGL`VJBqpA`u02T|K0yEnHme*C|f;sWa`Gv+i5BZ=zfqe zpfO7F#cCS&vDV#QFfuve`>mkuw|bH5iILHnN`Za+@x@~=oPF(;FUs58vgdAIy}qz< z=*aPvJ6C9K=#T#WzumJj!+33dd2W8S*AH#WdiAUC%uWsORptM}L79{N*6;j|!Q8e; ztJNu#%Dr}5Y9*B-m{zM_mC7&-u|da=ozfT=bKb`4My^;zI<2?cf>8}HIyx4IxzgBd zCX<<+I+8Dbu5HyySzdm8bRsCklZ=;(`8bRTr%3B&qlLN1dl|>s7h~{4fiVB>_kIM3 zoWF3{r2V7Ej$?w1QWIkbN|h3l@f%-xvr?^K4M>}fR)cef5H>0$+)_y_jp;R8`Lt9W ztr=~SB=$1dBrd7+={K@pAc6A$R7rH@R1Eh)#fJYzBxJgv;d;Hs;2K%XY0Y zIx@7mu~96Q89`|({lJgogkoV#k}H*wjL*KFotm0_uv=-89z62Wk<(T#R}PO(19Ju< z%pL)qe);tS2ivW-uT_-KI(t|1zjRQ*XkvP1@JF>a3;@+i`N499Qf23JzOYrGI`aAY z?KpO!^iUGU02!N@x~HzKf6LYC(>MHSfe1Tv_!t1JuB>j>_4wEqHRqL~k)6-w;a@`w zcZ1Y=Wc(p>Z_wOIsWLS^qog8~0Kn{_ty?oj@A*lkIs{;p27+^gZ!(#!4_YZSOm;-8 zY%UJ~rJ=2to;`lwN#R~*cmElYeU_cF%5bQW;VZOeLenTLY@>R0Ek-?+I?Q;1;FY&9=l zycj1+Y5jbT9t4v{vw7w6r7%i&%Tmo4zjWzh5cD_dt!K;f^gMtu_I>|@b00)0Fw45T zbSF(xOzvo>Vye=#QQHoHzcYY8gX>Pl&{JtA+5KT78VUC%EU%*4&|`|o?1%;hULo;1JKqd_T~pPySe|YYkWmz|F-rmjQgHrnLyYDV8t(42l&!5UcYJyJ)o(^|^3c`Fb?jJkzt=wV`nP;Pct(m}==EbhdVCN} z!?3foRzGs`D*%YwoDvGi^m{!p#2A$=6m*(&I$fzXA;fhZ#%LUb(jYJ6V9b=1N~ZvX zF_r}VeiRi-MU|#frd-%cCQ=zn2>_gal_ha(5Hdy+LbZ}{97kc2FBLI@Bnmg`bpuco zZmy6g$SAEbAx5h~&O}0pQYs95W3aFU#zY&145X=KoFPPZawsE&7-e_n*N(sVwPL9v zA7hFVO#A)z%0~P2tKZO%nL6;v;n>#Q#mz$}UzwboNuFWCd!AEo1-X3j^lM)Ug1xz` zZ~#jPD|3ljH(q@GTmAmSx!3cYRxh?~_r=%V?(ag~vaH+l>xWOhIWju_#Hj;w`9dvI z8{8ka_1$*#H~=DqA~17WDea9&Hw`jV?qc{lLP<_w$Q;9=h_&IF+#{_ZOkAYA|TjGoWli| zNg|bc>S%FFh~Li@a+#pr4t>8Tqa+NF5J_L2ICkv%|oN8|@ zD~0@SR{_o!?S4P8Jx|8z$rnyvx^PYdRZ+TfSBFVz3-8FOQ}y+wekdF3t8O;iYBsXD zLatbdI{kL9K6&^B9B$sYv0AMb*Xxb9-g&2Y^HQv}iP`w%JFD|oHd|d4g~kv{Fv7Um zSj$$1brN#NB^XD&o-*wC$)mTfU6GocJoDPb*l?1juoWH4^2OrB#MIDmElJg2NYfZhu56VSmjd1aWfMWeoxy>WYL`XI>u>RNqhY=R<9xfQhA z%3#|S+;Vl&->5f3zwP(J>g3F!ndvl5!GKgsrP0MtF9;{=+Ex_wF&9WlX^?FRrIk$6 ze6g~JzETK4N~zRfL;d`ah7i_KbZ2E56Q)&so1&n#iVhZq?FR2-*dD1PGeJe85P7t2*wElj1WjAxp0E+ z#`PPwj-7tBlF!Pg)dCu=()027+cX1Q0cWOHk)3zCpZVaO4T3(L#pJlocQn6RtWDkd~j zoA~KZ{#(Znk4?^4-UwDP5sqcqwc4meDDDUC=BBVcH&)2W7V{;Urj!D=g>YO(E5Z_C zKd^z!_3v`UkR^L)9Q zUHj;RcC$Bf@SrVFv)+n*p9qSnHF@AbrBdA!fm|we?9|H$)4_cRX(|Ux|G8p}9Ij5fvUu+a(uG600&t+OXa zzxRj#NosH%w=x8P@GOEfNshg676D+4(lo^w&mcUw^BExkgQkxhHQH>QB@r4NyOdIe zQu#1KQl|1gS=w-6ZLZwDHn)1@=&6;vS8!%%YUVKPemT<Ds09`P#I_ zNG@OE2>bm`m?miu^ur{RbD}VEGg+CWgksyxCVq2aVSRjhI*P*DP-SKDZex8TG49J} z&z8#BG`V-}HjLZM=rrBAl@Q_6*X@W}Y!b{~vEYryz(4=BBLA25thjSoI+4Z~w2gU^#>E9;b0fKU-*Fd7U3 zz5R9=L%p8Eg?;42Op<^xaId64HaR+|P^-PXR+cm5dae*wCQCWTXHoh zrESN3mL5@p5K@-yQDiooZHGg<9ZyajOm#1mNo}aKyfmkY^~S{X^^eajt*jG{2^UD~ zTXUVs@kxVx9P9HRzjyTYZ;xgWA-u6TKfm6njnsq?*?hLuNjEp^6Vo-7JU`DCgb?RI z8LbYFjf@tf2rwQ3fHc*+t+13JV-g`mCgW;@9>)y_W3N;yZrvayLFrv9-+}8QVOg%{ zW-=m4p5B<6$$({9j%{bM7~?(70A?fCbu7!uWB|~^YaURyZ7Y*SXcy|XgM`@b>CO_{o3o_xs&emsyVMSO{YZYIS7}0kJLK zY1PlY_jd=T#*#!c0szUmpZ`Oz+Y@#MgFJt3{?_$#2!R1aFxL9M1K@r4QSE|(a5}K6 z>{wwRSsn<%AAj^Kl}5RI{&8+Cz!-&r|H=9H|J-u`;eGPo6M}s7!OvUGjoMK4nKFRc z?A-hByIy8(?QR_HC695A=jRtzmX{fk;Vw1XHvQ;>4~1pbHkFyFOK&^Ir zV`cv3(?=*F`@~Kd;mwu#lP70KMn;}xZNiu|)|QHe!kH6C^qyLdF~S9xdjg#~d2~1b z7mP_~bIo<#-KZk~KxlRT){7?&4h;`IX;10+#6&*7j~T$4&F04D<|}8%I_XF(W-H?Cct9GZy2AVP*1l~NWo{K?75g}b-&XS!}(fv-(6-CkW*JD2p(KwFxB+JwDK^TVGz})<;Akpn^EARv6I25zm zXmw+K>Bjuc1GA@a;_H-N`}ET;h>UaC@AubN7my~dZ~)<`-&t(5#wLaY)(Z<8RyIoj zkByeEUB8*gq<{TN(DR2594ot%pwi19pI=*PSE`v#t2=e;^lg4VrF`3X7b$6&m+ez=fw4!>xXB@<0!dv`7(95lPl59 z_1kwAzx$nccGL_>lHBKO^BCihB*}hf0E^@JiCXoDdiIIO9+Shr)aCq1$A1UUCj;1T zBL2zcbdd(V@XAZvvW)>s2xzU0=8TVx4aadpn6LyLBqdLhlyf#bGzx^=8wnz%GFq9z zg=+v>YtDIPXc!Q}7!!;UAqe2DYLzkG+}Lz;c}q}07yynQIRyw4jFKb0a?%*sCo%cA*jLab^zYv7 zBCVZV-nGOa?foDFm{MwCVGdil(V~6n#@!=_kAe)BRyW2bCNU^NY1rv$L~U1KLQNVq zTJ2_iGmPcX_~i8X&M^;Rr0?9mX?w+-XD3O7DMwmLgKfc-)>6rAHuroIfEksntZib- zqkd;@X)WtozVCBkfs%=o#^^Lj0h3%Vmxlgky;m&flQ_bZxvrcJw0|?oU`=C2z9P}1f)^o+O%_+ikE7#vMfI^!7^slxufN2SsQW*tN z6d+~^f*Q>wmKjIK57yU~{`)5%Nla~rz574^ab$FaQrc;?{dNaz`s$ls*WJYruP(lD z^3ctT*Nn*QEF757&~LARO(}>$5hYWZ1Yx2x*<9FN-)#3Zu-M;hb$ydazt?e#6W{xtclInR4MJEa z=RbVE7bZH6!yrJ&!YIX-AVz~`Dh*muJY1->y6rP>ym8~>pSL19l*?_l>Z4=R#S&jy z*-ZKYMw}2#30hrS%vMJ@=w_#L?VB^&_~BtU|u zn{CAImZ8)wX(Wv_+Kr9fo!S4iu@kXc&4-zYo$Zk{QcG&brhz4F6>Ryc%u1hm{XJ$s z+$x|*6hPP>NulQhDl>8J@%P?y-t#`sd+pZBzJ2?s46k0kQynTUudjaV!{55_i=T93 zG(9zfFesorj*`#=$_&QZ?X?)^40x@+v9WmX=0>AGF*droynN<2e&@u&U35csg{B(| zx31q>Y3w_2Xk%fH=7#_6AO7$Kbr~Rx*Va~+RyI68HVo~}GvE9dsQ`vCUS7GozS@Wd z*L3?E-~Dj3l>KTN;B#|Vnwx!zQ9f7tt>5{9_I%G!%IwUyzyE!Sm}%fvyH_lg2b~U= zA{Lxtc6#`X5K<#B&gFpv2L&RPQf_T|y*M;N6yNN0G>W-YQ&Zz{n8}UI=JL6H(+BhA z2bwNYa>Fi6Oia3Nh^aPIE`)wab%vyDHCtFSiW@B%J5 z0CqBm^BH5{hH-`!N{MdRg}lRK^+E$%D!^=fVj|&+X-2V_>(v{JE30GE<2;s?a@8HQ z`jHqdSAx*BvKcsh3}|M!kX_kWtqzY#?o-XCSSuF`Nz56;o2?nDX_OGp>s#6KP+^AZ z*?g&*u~~I=)?|3HF*Pz;eg8Y(4ilBhn9WuzS15&UKS_Bvn4UcSrc$6$HW9{-ZS=jc zSjdfzjgAgIg{?hF_?`o=9emZy}fY!Jtd-C#{BvV{y75S zQ*XW7ZZvuWKaOK_H>NwYa^Lvox9aQlFizC{uw2gp3YbjI?n%E4kBkGr$nY+DNyYMm z9}C4T8*Fu_e3oMscTo;YPxJBQ)a-*_wuQnf!^6)}^Jjr(SToaG^4|*!3(aP0cHf>a zCn=0gOnmjS>B%pD-~Fvs++6_e1wnz3Fgdm7z5qh8P@Fk<;Qs%YtM?z)MF1#mpHmd8 zTca{M{-ykeM!q`AuO8pNqzC{|85;$FtTUbdSgEFiwabtdOAlH;Ir*e(jTD?G<>ApS z1+dDKMpt=qn7V0>j17-GZ-kV8;xG++Y{GtQBXP#bW%lP@REhN0qLJ}WQD{pD`OiuL z3~NOG!(abRD2bu#`C>+61S8~!k!G;SiwL8!=Ng&3h&-y9QQ$kJp;F#zZ+3e9p5ZvA zX-FP2!)e#+PO*C8*em~|n*{K$3Sj?ifxq^^<~d;)y8e=j*uBuNQ(n?_?blziXNI9` zx@ip+bGpHpidWWZ7O{HG=FRzQpMHM6-Rb&4k}KpBFK9IC0N5b9X6S+^%PWhm&8DWA z{-EOrvFr9btyawcsXQ^CR%^>JbWPJMM+1XpSZ)=*SKM;CS3ZH1!@kIR6+_v*IVb$3Lz23NgQh$+h~4r;qza@Hn;tLFDa!MV>{{p zJDtsyQW#^5u>yq=R!Sj^lvG@BrPR~!m=Qwg_H<`Sa(5 z1e|KYJQfNdm0!89AoC={gfTh$`DeH9+$)vJ&oeVIp%*Wl&p4ScE?;}G-pLr_wY9bN z^|j4bTRuX$3lsXqrHh7cT%Wu7s5A(ZPe1w9((-DtSbW-+(p-LMWZI%wG2JpvssJIS z5GDu#LaMphL`-)Kwz5{=e|Uzfq}J$EhN~bs!X)wogsEX^oJ$@jzVG!qZK+VHG*l|& zEKwjd001BWNklOd90VUmV6#|Q&}QUW2Sp4(b; zAB^GJMy=CNUVZa}DEiX76@m0T4`C!ZU)%J{qvH7KGl4HTk2n{B>jTxxrMy&tKn1=} z8KsnZeV3U!V;UutC$R)TfP_derU;~vk`V0$*8gD;f&#z4ytX+$b4&t42wAp4DM^Az zBJ%osmXt_x&P5`*tZi&m#wJXi#!(OiQ6`&h)He+?W7$mbL`v1`c6BT3*c!rEaUMj8 zVHg-=1rnsHZPcq{V+;cq0s&5vm@-NTRZ;-LzUzjuV3Y*DtLb(a3^dcuX0vHj>Zbxi zh%tO;aeZRuXs%ESBcBk408Go)7~M^d0|-H$*ITc*kDh#ADe^U37yt#b*J)GT%4KaK zxKj8@#>h0;;%alx!IP6y({b|bH@uV4T3s)fFP%8`mhZnvH%r5y`rHjfv#+22mh0{A z2Ige6t{a)A{o3jGyho%lOnPsrzVGm<(XsL5DO*Ylj{WJc&SKpe9v==okP6ErN|Fd` zmWJf|+AWrwdgItD^^LW=*Di4-70CM9O0igCnm*`ugTVk9^zdtEw0Qmc;?nHw*uwSO z#nGulhYv=fq!j0J#ktF$Fau=dt+nc*?*lV+#Jz~;@&z7wag0vA|3NWp@h6};JqZ}Y zmT52DyS4AYz9@W?y87D4oSgQPt4W_NwD z8>(_K(_G(RhThnyXUav2R3yQm;N+`A1#4lssRS2M&~wB0zWrO(vYk8!A?ooU1iM~; zd~B@OSY51j4jnz*-dGnBd;P9JG?z2{h?};>BmT;PgICXgYTG$42|I&c=!PfGoQc|3 zmpaR%la)cIT^O#m+iQ;CNI9FeH9w52BO{^jg@b;~@$ola->fa)x%LGIQmIy@2!Uu+ zp^f!b!_MqGbTntn_0=2AzFWy=yX|Guu`*>jIkk6kd?=2euK5TdrlHA+X^1+PFE30? z%{JHOXlCdKzxk0tVOJp^LU4c39jXlP-+$;ygnV=jfBx}5tgX~nrPK}m=35E_R>f~acCH6CdIhd>*tE4z#VWYc+@9|OznMD zA=>VCV~KRjBuK9gVs?3HO({hg-mGti zk%$A)>kSm3Vs$hMBBC)vh;Fxosg}#;8nyMvH-&gHt9{1sW~0{Y^=h?R6!H6uQ%p$c zd)47lLMX)=qqsK+_UHbG-wu3V2vsT#X;$3Y+z^Q+o|0eqww?atxX-fTB&&Gvxlq%t}&=(NgX)1F)zxPg@|2!X~Y_s3z->GXm~7*>v8>J8jD zfkLj>?Q}7sLV;$OhGBL(o~FaV^O$By1_RLpNx%S?_f_8?{Z(-F-FT zdRnL53Zt-A+kDK5qu1+hHa0a~d)gHT`u~3XS9k6$=^Eu+fPz#v5Vm*ngis}U6epUd zBaF5rWe}tyQJ7$aFi084Az-F!G>JLYXcC1{oB#mExYzC6x_#%}ci&HyxM3?}z!=@v z9*x34?7B96CSZ)ao$l@1H{U#U>Puv81%y(|vOr0U$=uxaUa$Y=snbG;R9sXF$t4E` znx-RANgM;g7$E?J5fV~TN>!?FB>~}-bc!e?Q4~rA7|<4-926+P7!yL`Bu+0^pfJWt z%4ZNd!wCDnck$wdZ+`G?#x%i`bbt^-2!WI;bqQ4}tx-B~WXpIVrI1QD44Fy{q$7xt zlmZii0j28m2w^}Vl0+)dbv+gGBZMd^Fg&uRc~%Nyg7U{p9$Gla=aF6o!;CrKIP&kD3Y?W6yIhe{t#b>9-Mn zB3iw!o0O(IVo0Je;rwfrUnwEy&!3x`o-UQj@}X)!IT)i~T)N~q&Yr#do>?{WQ8irO zSg&ntyngazk~~VspI*6qSvT|p`wu>9$`OLko;|yF&)!0@__QshuOEA5dVCZBa;36u z87fsQLW)raQr@~f2YP4!9;HR3SiNuzv2_X`ml!vP1g$8I|TU-0d z-~Hsz|NP&5WtQ;Jzqh=KnHC40rt4Wp`_6YhlsxYDdqEgx@;QwV!VJL^1(3;P1m~bs z5PC^03#D@8_BLvraP=v&9c3jIg0FY8@>j8lXqqN;zyS1?K#;MapCQ%#{ zLj1u%cXFlTvz(>3+wK4Kmw)l@yQiI8xsb6E!3oBxsTmOI_d1LjhN;J%#}lw@Gm0W& z=%!BnFwSJ0h54H_TNtYpV=j&Bq4{hs@cKf5Qc5Io6sbYK z9w>dHT8eq1F^v!$c!872CUM|;zG>UJY>tQS?K_K1cP6Jtln_D)gs@aV2zCcO!^sU5 zcjLb*^?zoq?{T)xFn3u%L+L zfN?HY(4NG*OsT*4i~r}$nYX8>XP(P!rPP1^FaKp|sPg`M?>@6m^&@hIYuBz_yMFE8 z{NW!yGH0d!-~akwGnve{KKS4o*k<;EulL6GQ% z6$b;~cM&yog2SlI9645WK*XQ^<4-u#ih27de|2Mga*7ht?sS4)S8C+U``_XHl`HeB zubnu&xz@tOxX+z)GI3;lgTAv+YgiV zjZLq!-WvppizxK%{Ny*k@%l5g$Z@hr@kFXty*Bqn%`j{Xh*G??zMLsl@+N84n=zpb z(Y;gqLa$eE_S%DP`0$}aUo*0lGWJC0=!js2Vd2*N#hzyv+NpOw7^^(NQyT%H)U<4bpKneg&^2Ax z^@r!-^8$fx7@GFjoDpc6uIt9*(@@GB$9V>(D_w6koniqIEeeBPub)TYd9F}OhF*+t zsXW4y_~z|f^=3C;EODhQ%Py2+gppE-L?Tx$2`M*L?};QRWbL)(b*GqfTN~$^YXE== z-mKSGHX197D?u0&rWf;>IE)ZwnJn#gI+*E}MK7QKOnX7RrnJynt$yp~{DlkWrIb5& z%S!U$$}mDWa{Ip9y3+}qe9>?$UDuT4-F7Eq<@~|s?Ry)!SQ(bltFPV*vgM&d;Jbb>Kt$It1W}?u_IoYMwktzy@%D{`$4Meg)5;bL zJnnt|`RDj4-#-}RPPenLyfMDCBozQ)MraX$eLA&1Uc#%X( zF;g$vY<2lwFBotsr3mXyQLU5`0fTOv1F>xr7{sn0bDqsQQbadyT#mT14JMEv1O~nJ zn{(YH;kmry_FX%ZL5iD>6QQ73E@+y@lVE*q10&UGwMwOG6aTG}sR+TX zeiIV{Dpi70&0YfmNTnDhgD^k});0q|aJ|Su)5^Ymm0p0_cQz0v1Vg8%+wM`E|2~mIAreaLOz+GNzZuTXmj1b(b_c20Ta3Lh4 z3=_-~E@en4X)M$=rV&B`01yHto4407AsDdIi(wGddeYFz=IuJuHG)aE)-EkT zHQKT!3Qr8oN5NY%``4jBqbzNUr+9bwuqbm~r>_$z?G?vzytzN7-i(&X8RXH?G zTUuCKTig8N#!?XMuBKs`#?o3t(@iVC^eDv*P16=v8fJERy%j#K6^0&s<;d|<-#`lF zPNm~*(MUoN00;?;0_UIr2mv8d%a=+c4=Jf2HPm6isVb}hAr%6k6m6{62%#VS-fxE? z2%)~T-Aao?07~I)uAY*xpchqiYg?Dz#{pM`{{uCYmG#~`Ip6mA8hYy@cqEKiU z384rcbo$kyk$QclJT_X$W#_)Q8gX7K=S!7R62(X&9)S(vVS7)7;Ck4f+ZV@|6O;W01zP{)pn#arP9&~A(oT*)_1>7^F<2plziwEY$6G-~Z-!r=}*7r;Le4!@%nY2!p^>(>0c6nmSD)j0fEgqMAlv zv(+9Qnwa!lu}a4eBa|dUS6zWX4saw z^})wM;-a+1Ig1CL9o>xQObhFQH{4@0k3+uUrq`wvduzJAHhR`R;G*>A}>@xt(x zbwO zm{2F5Z`E3Zc4Ic?MGLh&KOFRV6eC6bB*0j!G$$DvO5G?CLX5FE3Ons4V=M?#2QWn_ zqjYz7GD3*&d2tkZp8G_R+@1+aSy2=QzUO(-^TZX#I1`0o7zCaxeb0M=HRQqw0zZmE z&jrtOm6Tx^Xoh7Ph7eo`p%h@83BwQ*>bc7EJ(0vw99woqW0a@sJ^&%j_DHj*3n z-M{_2|3-AXIyRy)!UcffoX1qNC=!eJuCv_a8^;dJU%x(g=^U3lj6+84TrR5_=AhFK zT%Ve3?~&KBU%z~Fadf1-G=FF6)i=+)c`^z^06>Il=oVVLG*PdDGBGM#h^fi^M1pJ*uzP3&jx)@wG-RUm1V()mO24 zYKj_VTDP|N(~o~aG%KIU+`M^jq^y1V$@y$XUtM063hmiDbLZx~naiy&tQ|XXa`o;N zU$9a+E4UCcb)=7&Zc`){?_OisiBl(!FD)%Akw~62Tb<*lzA-&fjpLUh#i*2$K#re2 z4Two02q8)-&J)A5hQ~(3Fd)>(9zXh8!V#c24lvcXzf&EP5+j*>^9Mtf zk>NP-0TD{D0u@COr4%6oN=z%nDCS%$l|CtmX&P}H?Qq{j8q@AvJ^S;Yxx*u)?ag&+ z7r*=6@3SWmRsUCP18IzW_N$LwFQJU+x_$Ju(|O0(Y1u;v1NT4u_-9g3%t$s@I{D^l z0?+l>rOdF$C#HZ|*^J&B4046?pxwe4hf%;VIeh#SA|}EtlPjtul*HIKlv`O?DHJLo zl0Y}|Iui(GY%7-5$jIo(#6&SWGCV!~;8Cp4G2GBP<62NBg-F5&&b0295E zFY_?4vc*x#bi?j;>PZ|Mx~7yOjCo$qB<65+!uNW$eh*_TrFxX{?D3FF65Sjbogh>* zbyg^5l?dX{52$jxT>%R+Aea4uS zT%%^_yM7Q5N=?Hol}m9LNTo1R2~Pl!ZkPlUArdaIO2Y0S$rmz#pXi3ElnjD^ke&Uc z0OMk%Dws1hJ!9(tdeP7|CH^(o+LJ>8q6c0%y1u$P@B$%u!V`pcDvux~1v9gUj=Z|Q zv=T`rM8u^e&ne_XP4oTl{U%bNq!NN-yhQ;>jfEH!DYyhRKDC!ID!9NHA3pkKYKD+f z5<;YuQV4`64je&A!U?5Pa3LfhV3aXRbu0VY$y0I60j2&_Y0x8-(jO24p2U^0amTT@ z3>*k~o=X`U9UY^L5kk>+jB0|B@B56g#~8*m#!>>Mu2ZFUa1#|2hQ>b_odf_)ha};> zUgx_XzSrsSy?bB5RAZFvJ#ZML5=uy^2qvlFbJuPWBH6OSAWSd;P*MsZq^7@kHY6n^ z;f6->*-t;Nt+l`)Q+sELl3us7vbr%mF{8YmCpb#bfnz7!#zMX4XEV9bZO2>&?w~L{ z4kFSl3nYa7fduW;nYTXq$Nwf-HfLMSW^><><05RWuGE6iAD)=8iPj(V&AiiXtP5aA zj-BW>RvYVW4soy7x3jsSkqRMXV`V{b9EEYYSP~LUM_;+O@ZN9yW`AvEqh5G$7zCy8UV9duf7F}?r9+hapfDDjbFpi~kkitgTrl#nRWDW$ru zzr1Mmx=tu%nx^Txj-F%Vsp~))V@%U^%=wF)6}rxtrcugt9pXd>1!EI?C#Da`^iV=c zDV3oEV~jDT>nPzm0PNX&WZ(WHLI?#&NudCAol;7-TKbfZRJ7A>FRs+c){*stNPpW< zJAVAizwpr4uYyqA*xcOQ+_-aRE{W3^KVK%DZ5M&l6PfKiQ@_A1YNk><5<~jHdQ2-R z#kE>(vr)f$cP@TJC>qPs)>ak=gWmj&o30lljMI=G4^`~`*Im11=hv4AOmN`!8;!>B z=u~02%(=u0gHjSmX{f5{24$f9NN6eyI!lY|xv@!&;gIS%$G}8WN)l!e%)-D^%qV7y z>uXEEG}FpjmO%|SP6B^0z>H>$GLORzw}qLR*YtdGXmMeoRa75+o-o|wMN5qGIquSrBujlCo2^qgt&wD?b|mb7XSbV zF@{^s`og^%ykmtE)&z<{?55K2rOmHEDL8YVXP?c^%nl7z9`=-faxg~EojaG!WcD98 z!1;@uV}#(f)wQ+twbQ3hKhou#l8YBF8iw)8p+mctjsP&hpM3Jk{{06^rQ)uv!pDHV z_15X{eec6(ss59p(b)W}zxwMx|MNe8c||;o&CSif{qO(%Pyg)C9+T!*zxue*Xnyq3 zN58gOJr4%1o3*vqj~teWI=M`_l#61XJ{U07bc&Yl-K=$jci(#B){W~{ZphTo>iSx~ zG?LGl2vZ)1gI-|gEz5Eo1JB)F9vvMXbUPBDGF%aH;)hYz$!k<~-5_JKg_T;lR3rq2 zz87<;X^c@Cg@Gc5qvM5@l}f2XC`JUCmdyZ~ovvY+PA(_i-qpFgduC@t?uTJAJT|5g z>0yJO?y zU!U}`s0@{>mCD;^&b*LX?ZnOb`72ki{{HX({$tYo_{TraX0z|V|NdjrIF|XH?|f%? zL^a#3gtFIP-Cu9E7w+DQ zBjIS4pY-dE=1^tQRFV`5GowST=H|tZKh0FCdtccT^m_}p7u)^l=+Q&{LHF?fS89t3 zbJwp+O&b|1eEP|!*>YJEF)*uFYbKWU+M&HW+ZAtzKH^D&DNP6dF`l&v=W(0}Azo@U zmN1MSHGiH8Ns_#fd>%#^MGr!$Da8e+^s9Gek|g(oHYq8DR1Xt;qBwpA)+GSYc+mUt zFMa_;ua1wHj3z=MC8Q9VZX%V;&0V3{@zaNAFVD@}hL!NJ-R&0&701?f!*E+&KZtcl zo0!=LLHowNm8_#L-CCYG{@QzQo=6Kom?S~}+Vv}#7@)+U(;=3_Wa370XsDEgUKqY8a~>`XBaN>+!*+G{I@nWGk8TiL8sCoLkE>oqf1I)3Ef<4JLk+7$Jh z>p%PKJk>2zXE$yxj#r&qw{NZ8T?)cv^5Fiwf!$b{8m@0{8dk1S&aJF%SQ=efY8*d) z;L7DMoKiKHHNt=+q>xf^B2CLm!v5vU7xx}Jy?=6eZG97C74!$aAbID#_cGQC+W;yh zqeQ;{z3&mq3_~CE`?_U|D2NlG6qgd`3wa@81=uu<*Rpw$@NC}kU0(sUblUCrDASZw zb|!4zaEj8PN>p=lVt@0(7Rf|L(&A~c=N zU%mLrXXgrqe81CTcJ_mBe8YY;$t@k(e?6?-2_^Y2fA$YtQo~@HVIMkj?BR(Qx}AUg z_)|@D7$ccX;lzof_ivzQ>rATYCPN^ou6VfCaPx)YpwkM&AeLZi+StS-V%b;-P1ie( znlQ|nsnMI)@9H!Acra*mdom8%9-5jx5b}^K7@M9ouroQmL+U#9F2|_bZU#}3&t*a{ zKn5jBE-x-)4EapC*Xd!ZV}doqSYKNto$PS6WDoo>3|p<9S+F#vZ7eVJdL5s~!^n^d zp6zwRIZu*ENR%;6Q)i(cG@8x!pl=)5WDqQ@ZVWgc%A2?6?`F%xI4<6}F#}S*Q~&@V z07*naR5vy{97IvSJJ3y&`%yFY{D9|kPN&t5<4|F$GkW0AD-83sm6dv{%af##&k=yY zi(lY_0{{S!rfa_Ew_8n3H!uzu({qkaFanX(o9$|~0s!XN)&e^W0?jaWjR}zy%4LF( zR0<=MB(Vad8H`b?!2`WXEmz2HQ@~OI`Z$afCYen3z85b84FH_%?g0>H_oQ0(x@m7w zLL4Up08S?J=r&P|aT2>ucGmCK0a4@E6)WRk3=m;cduA4H-K}kQl!CG8y$?@3!^%ue zjo+DHh`8)@`-hJnGM+CC1tq5W{U81){gNaxW7^iC4gw{CZtXbK@c5Kz=u%0H@X0sM zq{KlkI3+ZljsRnajsXDdoBmS30fa!e^Cw<=LvTqM+qnppLZGeFWL2sRownYF?X5(w z*K;zNc(N)1Tb7w#lyJ@{_59#5Tb>kz5WE|;u{b>W!{1FA#3~BIe!u(HsZ-(&#kQ7k zM*%?aWY6A%b|$Oq?8s{;0U(W3x*xV=!Q&*>n8vwC-Q<-5g0T=%DXEmiguPgafUOo$ z$_To8@q8d86|z0(uP@i~`RZ$DUMuCDIPg9{cP{ifHmvcH5r>dQudkc3w%!<<**98o zZr-@fBbg{3cz$_eOk-4Mc)iw8VIrl>Wpd0kLx12V=)IG#t*)##TMfx@zwHVs62%La z;l{!+jaOfLb9!v(1-6SP@!{idd@~JteDc`W_X8oR(8&v|!^3z{MZCPKer1Nw&K#JX zIgrY=vh6*~&e9Rpj~qU65WDq?8JzOfQMTu;1_HvYDs$ z!#;QJ(&cM&FDXa@A*9>w%+Fm96ZC6~V?qe&blSJ(=e$rps!&~Lb8|OB-*0sXVfa#< z#9ts%R_MhG=Onds-2$c3Sj|GjS8pvcMx|1QZfJ}KVTdpwgzv7@5W+(6IOePC8fgFi(>E$9@PQjM1l`e9~yUxm;d6LW%n;{owok zix@^H_>EZ=VH|{R3?V1K5L@ECCSHD_bZxoBAC+Yv4pa&11IB?>dXnPhsoO^2M zMhK;=jGcPM?f zwbf-i^OGO_@&6h{;aA^F2mvU^v3~y3pY*!z-~Qb{91Q#ij%W{kxL-r{;OgxJyF_}} z>anku`5esw078i8_awlp$KM7-Fw;xLV!}B=7-0mMP>ky93++Mj)`5Mu=f5b8?8#dC z^72A{Xgq5fQh|s=&yO=X2VtsVwXs$ zf|DpnxYP{;07Mcg#E1$PSJ$Se_bHKtacDa^gE7zZFd>HJM1%J7%G&tki~`og*$#Fr3uE=24}WW@GW_5cee~mi5Hc9F71DnANB@hG_$7IcT9%mz zdh*nnnc2O`b1;uG8A~^Fh2qee_df8w;Oj4VV(5l`?dlh|=C1$2AOD%_`T(hZ!j~K+ zGa1Xu{AbI`eB)c+_1s|BG=^z}F?#2{Z%<54JvgIzGEjsNWeh1Hm7;{ESt3ANx|&h} z0?y-vbJMg5MsXZ7jinBqseUEFnDazRg+N77L>MD@Yfv#p2mv7kq#}gs8rgd8AV83c zcOV3iBrzaFFi}bp%0Njeq>w^N`3ye47;kyDr#cMx@7nFKAOt|ADj674+a__u(!B=W zItN5j-gk0Egc2!a>Rg}Z!iCfgo%2`)0faFEh@$XGPLUti zB7`ZS^Or6(2hrrz*j)q!(IgI&C=h^c!|=RTC|ISG^9KFpg}?6%qDsa7;^KvDzT!}A z5Dom^AOW%O$Qx5t>u3M?lZnw;9{Mb28$`K5qUolEb=U32n7(poPp8vaTV4$OkYO$1 zes|Ez=c|M#dUX~4jm4Eg5KYbQiFql7WA2qT(yC#8fC ziZK>~CvmJ&nOFoE!!xv$MsDxYXBROcg-X>jG$B+<#biv!NZy{ijGf`b`^K+bn;Wi< z%EYfVTb1Dnong(e+;%JB%CPl(c?6>Fz2yx8Nu$;nKX~-DW5?pHy9M*ey>j)ep=T%| z-k^tdi^wDrkjpqciQ`0!Pfp&wex)CTjL>YcWIK-M4JyOqrF@P*5uY;`xG zq1(E8{W@g^#V|L2cf6Xt@c9MZELx^6MC1j2d$TDej7&`$1UOK|qh7yn+1ZS(cl$n8 z@n)^N=fLch3%BfiLDMJ~DxJTn#%~<-u3f#n_t;xwL-}U2MF@_3Hxl^3!9$FoXBI0` zN=YfXL}$MB8;JnZGP=EvVP-@e#BnSo2SoCPq7^brQfcv$5 zkyX9V!$|*PkQdMX95KhS4UFmN#I(-nj?yK@H1b+!FJH-IiyEU$w4%lkIPtlnIw88Lu#7#=S2CHq@)^g*NVV|AXTKPo*n^bp^g4;} zCK#W3@7toku~FMNeDqN0#`%0f$p_KicoM}?)U0g|T+g!1B$Ap=;wWC?3Y4&{f@v6` zAJx{EY`bvh)-`J9M@C0XJ3mw^!qY!E9tDg^;PzKm7AP~z#Uf7XB(^Lw4EV(4-a^iNR6wmKN3mK7{V)iEQmLxx3_}4E!ZeL1 zq3imE>WGq}RIaAp++h&p@@0Z?7zX)Dl~F8&Ozq#gX(3DuT}O~Ijg=GvhANbjBu*59 zLaBlQ#ZjOzDbuQuKrl$9c#;SqOG6`DD^4ZTl^Xy^A@cd6lmcg*a&<&0sT2&4U@0ZS zNJ$9@r9{9T4N_FslW=f*x&F$bS2x%1VQ1JdEh+z%9sA@^Ow;X*y?E!|9nU9}+4;)o zP+`Yo07)q|!_p0MckW6g!Ll=>6O;OLvSYDsefWESj6flbf*>$WD~Uq2rK1OyZ3~`& zl2*2qaU8*gu4^YwhLq_Tlpp#`)09-2ZYViA`-W497 znrRw>^K>~F_#UE~q3ME$hV2|X{Wby>Co#r&(C<0f!iyD^=SftkPW|2w{}cg8840Q4 z(EsrJzuD;y08_^_`u#q_*f4A*xe&7m6TzcOWh`H=8XBEFcpQU@l7wmc^z44Yg%C-c zaLX{mFvKLiH;83fLEuXvXZK4&sA*YB2tY_YUl71F5W*Lqf8q;?dF=V_=0>|vtnNE@ zq*^Zd{pRJXmo?2ogcb6|jIKAk9Y9gHGZ>rRZ<}OwX#qGSN`eq(E~5}Kbj|gA5yqgD z#&pBU@X+-I9DU_byWZ$@n@A(wW)~4EWuj|LC`2`V&;G;1m16uzZ%6?TEU8a~D2(?p5v15QRlKfwsd)G_ZQr$nB8+EP7)!6VOm`99r0ihfK-SbKXK;p z;gg(msTAF^SUx)_CfGEcl!aLMf!ibOp+G@~Oo^N~z_{wAg~>D5bW; ztRRFy(*YDnB{87@fCzF|9Ij$%SmTNoi!kY_J~5WpB?f(bzn z&%@_IYSBmyK3g{$LX>KTg%F@LlrJHGNm~3?8ibH(Yw0xRf&&011R;Vk#f0LgjjM9~ z>cuNp=XIR{>_(BlKR+HO*29-i9d-l8q}T1t&0S+m2`*Ez<^$}c=EIZb`L!T~blRPp z^EWgqITyQf-Zh=g-?$M3zVEi8AbIF~=%E_!{AE|wf&19mW6#lwoxqs*!QjG$^O~k< zx-K|ZfK5XW!{FSnw=_FNl8rw>3ft#*lEXl)81L zt!WxhLK(S(ek1a6x3eJy=R#n>KV6*{N^+ibTQO`im}-5QKKnYY+83Vzqcq+QxFw}j z4`OjkgbAZG;YsRBAcWXbpaQ@IZv}n!p=9tNB|>Op zW8?4t-ucr%{lgdO5cT*fAhf=|{?ngk{^U>o;8BHQjDP;~Uv#>ikACNOo+nz@uLlUB zcDt?PMN@7sGf$wB&DMTDcnM_s*9w&lnnnsBqgcL!&(aIHzI-_wMa-mGqM4;k0;sUUY zH=4c4iE&Uo5kl7uozgIhq>`F$#{Qtu9t>A1LdJd&7K$YT$`3+}QQ(G7F0<{6yagVjB^N~X0xeN^*{aFKVa+$!XrErFvgaqPMtnAH97U14q#bZE0@dfzVptD zonr{28`p2l&CmbnM?ZRGw0evSSu>N#eDfRM*u8WF2#|*P`|rOuK0f}`#!=hO6nBlX z^@6~Ka5C9qsr>Saco+%)`a(F!)h&Zk-uh-iBy?bW~qZ6g_mCw%3o3;-;=Qs#qJC`L%$br-sYHxh^+lTiK?`)Uj zWQIpZi^bv-_5&u=vhC{dQ`5ko3bvCem4=>w(&lpce7^89=2*T^%4Tzg!sGfapD$!G zna7vzWHRNU$}_Z-`h(8my?Y2CKUA?TLrH}|DNu~*O7L5^u7goJI8nYlcYAhbkK+Ey z`sVoLv__GpYyDP-3v4;Moz2Q%u)5g{ynd%O7~8x5*ugFKv=B-p!Hw%zO{eIXS{Qgl zGmzx5KpETMoO2<{L*+X+ZUkXMFez56wrzHM-O^AspZWUmIlF>$zU$H}3EZ3a7Kvu? z(7$nWv79#t?m!BqQ4L|`2Y%rC?e?HpDO84vo);Rr*6;Te;CwzCg%My}UtVg%rsLX`@+ z&1S>S7J29fL7=1nME4!sk3i{$S*lb=X7+Zw-oCwKE6eMenJ-!T>gLAG%#7(FB$j&se_n7pV*W2N3ko7 zMiCnQF2#mI`l5)L*;&qzLvoj*X^-wk!+W3#<*Tm0>GK$U$XkViDKvm8%&s)^1U?k9 zPUUf#C(n7!^SGV%MpF!zjY6sH2T8&#!?5$V-SgV5Za<%|Ix6v{uvJ{DkJqYWL{ZE2 zO6Q>gV z4MNpYsZ0m*9rtSw-Ok0UHw(q8reakyE9Jsg3!ks2lt^^p?B`s|j|{H|exey>?Dze^ zlUUU$VZ2MNuxQ}W>;CSSf6rCDn76(?`}OGfB*D;XcYGU!G z_VRX7D1>noxIMSKcyFoG>rsLj!-kGMFQTd@S*R-6e){})^eq=)tNbPD(Wq)w!CU3=Z3zjm~rTbzAF$lbUlfC9GO=y zTv%#s#J)$c(&=;#9((1Lm!70-_%z@`P8~P^0AU!GD^>E~o}Y1^W-gUW_mj{{rNQUD zHa@()a6bRIuTZ_V?{Nic@bKroHaxoRf0eP#TXk!Na>9sDEj|goLqo{pvL@iWEhE?*~5_c|_?_p`_bwTt0s(kusCZ z|NP(lOryIJxTMsye)d27dx?mu;BK#%&E~wmD?oD25h8^`HesBAP)z5Q*IpMA9Lwmm zJC>aT!8-k(rm6y4`I^p_e-U{KR{JRr~b$P@IL{qEUxBaE4*8jfWJfm^B9386VdjX5429?Sjk$C{=^VW{Y)sn3ECoU^{?nszn`J;AvU zLIBR@vQqHS59?ziED?4#t5SrXlLlZL5TXQKy>PDWdOV7QIO?^%VyQNLaJrDS{eI`% zr7Oi;K_KkdPAQXJZ*0WeZ@0ba{RdQ>EG{eyCO9Ahpjf&DX&Hv+1tMV}fe>QYRuuTL zKnJI%eb;L=*QKH~S2nP!1H>vJh)_h8iHYfQF|!v_F+dbW2amn+%3E38u#?k=fvD;( z6bZvBfMA~Z0hXCoi&_v=rZ=h z*PXq5y8uAbR865Q;ks#3Rl}j86TRE(2nh%yC!4bk<;L~fx|1CrhKqOS)J&mP%Xr=1 z`SX|FICGo;#)5=#cWJFLedMrh>WSC-^ph{@)nP+bhifAnD{E04gh<~v8lFFQuGevm zl1)JM+l?5=P~Kc`2Zn}fCQM^-_3nk>r)hnLoZ#0@uKI84CC3^*o zkn6c$ojn^dpsFr;f)F+>)9ZC_|IJ;;wm9cPVog=twWa39vXH_s8+UGtAoMz2e|335 zRa8n)6h}gcZ@>B)Bb3C!o$I%_RI|3;a{D}v!Z@K+`J2VL!1vvroAL5#3=N^m9k0t0 z){4{#;~1)h8B z&cf)_A)-(&iEWx(2!b&nB!s{i2VO4-lVYi`v9>}KE%ZFqafS+cjFFV!yPcjJj!#rE z#z`CqiBwfTaPplf^tga-s}URI(8zG$_k%EYoSdrBB#MNTl&anKI^!sp&r87)#x&iM zJYhm0DdLzZsv1Xrzt@iwrmCv0DTFABs%x4irRX%)1yPFmya13ajuUP<4vWJmiWF5> zRdV^--HF*_g;I$qJJS73Ypj;KhpjU4$4ow^y9UI-HJi@)@jZC&M zd-Sxwr}7AzMme=Yq0AmR?fH*?dTmQxUTf=yx$o#{Z-?4-onF2^KQeWsUauujG5*^@ zE7kh=zA{L-uc^41ISv3RjYEhqMFPSKB~pTufmXBIY-}7mam@FD5J=+9_5eVtJ1v1T4gi#rR7??V+ZRcY2w_Em zBo*dVMrkXB*Fw^j6p8U-@!(vlDBT&o|~H4Peio1vN|*}fh8x3;&;0eE2gCb zCL#)2op!&|iXv7V8XF%OVvJF$L~+EE@Z$MPnwfJfBML)A6(l$Zq^VR0$ptqJ^X`o~ z4g`TLlxvzwJMETb=L}taj*L>yl_(06BniWZM5hsmWMQL$DPc))`_5d}(Yx*b&8s)o zn(c|{eHqIVQlz2cy-t^ES|*!ClK1<4swkUuBWYF_Mi|F|dv|VbboxNn)cwH6m`KhN zE}Tq;#i8H#sirF`m4b&+WatKfh~kJ)l^}!=>a^OqQi&yzrfP1#i>aQ;IFH>i5<>GVKgPY9^D**haV2z>4M=cGj_$7Z;8lIX>Cj(=IEs=a4nqi|2n4%%eb7b{2><{f07*naRNioMS;rDW zs;Z6uN!~XKhYOYu@G(}3R=^980$VieTio!5_cF}1_;!pnTKVlVmX++-$wT`Zs|&X;ewAQi=*ky=`a`8QL<#M6J3+4}RdVX} z?}2;on=5mN4)348eiK>QsqxX&c7QSQ-S*1bV&vWKc6)*)5-BPLKZs4s=CO~kb?nsf zdpB?0p1)(;`7rFNnPRn49-Y`XH9op?KGidWs_MqQJHPquuc>C$%GKqiHC)U5_LskI zG#4Z_T)#&VUcNVH=1M%BWl)=48*T$Hg8;#ag7e z7MJ2qaF^l^C*PSlXD0t5lOIoZ_H*y+S}QZ=mzd|o)X7G^moPjzAd3*y7eveultx_) z6T&Eg8MuG6GZf^eq3=1!t2H8%0hSrI^L=7c?NVZ~V&d)wJCEa1^KnOWZyEu+2TGd@ z|LU#z5QB=1LP>aW0E(h0FjvOBLo-V!0SsIZdHGnPlGVD{df?B0Un6 z`*;SAR>#=1!*}Q5Y3cZ-xAJm6LhJFq^WJm+o&@-^BOOv&VaMjF*I^P*qNQ_reH)<9 zX4PmtfD9ohYW1vclz7#qKK>XDf7~BnUCZ6)3MkAKM-dXc}X%hM37l zl?VzEW61Sx@jl{^s|gWcWL~E>s1$?<+ue#pK{A305=k+~R6Y%JRYgudFG3`u3hR-( zo6YwW4)Mk3D`UUk`*FO56fy&4%T{}|Cxkz!$U0c~xOqr2D%Z@@NA>I5XZj|DcTk8$ z@|JAibiVScZ~=*Axf3U^g1?5xOt)0rb(}Su_OZ9-UunjUZDKv6a-v~V5Ex%q7HeU>8`E4!|8$#6n-f=TNRZ`z1Z zs2|~(XawjB4R7XCx!%#(9INiNJ;y6d2akr{o5%Ax%?$EgzvOq_&qNlhEoQY3`UJDz z-(uq{cJ?d}IF#j60hT+a7j>iX-U-Dws`lwV^v^LUD`nZx!pxLHxENu@1qv}IUXAKn zOJGaRyOZ_%hbpEA8qn|tZg=58m~AZ*04%!Df6{$@3(PF9a4P=ij#B~IsZmiMf2 zZoUZio?iM(ooM_!9k;E&k(!Dm(p1B5KF2t?XqVUbn@kslUqX)Aq5M55?`sSKwHL$0ATlTD3ScGnRBo;zfDYG)hz(VbNGEIp%S)cz3 z@ajHTDv#2X$lAR9Z{?P0wMo$a#^05yv9yAqUM*@{xK(oY`@a>NYP z4^GJRoW^P@F#O+Pg8GF@zLmhR5LEZ*s=>c#hylDj^H>ORP8k(81fg?i`*$+`dVhAP zNiN<^lZ|)M9W-W6E%NMlDgaS(wcMHtb$z|N?ew}Li{nnC#y0Ns+Q?ZxgI1tOUjazA zwm!>hNd$*ipCyX^3rH3H5W?Lry>Hy&w&-$EK-D5H7*4N<9uXGIgsTf!F}d`7y~+oo zcFPT0V?zg1c=VA=35peYKXCULeL)Z6E(J5iXz36tsW21fl*|}{%~{^`fC1(x*}8_A z9KPjM3Wy6#Q@I4B0>lCU&6Vl#@uZX`xI)fWoRs%VF!%U$Ms_bDSXiFw0g8ST?S2Q# zflq(ng9AJrr*HUF5xb~L>VGxHBx|bc&E|)u`OhmJJnbe-7)9dt1r@BWo=%(`DjR7N8@I_+LBcH?)h+ep)X@^DE_YA~G&Gs9=C zcM=Rln7u%)DA}pwE4v02q& z1h<0FU3GN^l#o4B4h$xM$U4ISUsJMdEE3EK@I&&?hPpC-kQ6o_j>ZvAefoT)2i(#g zqKWL0Q*ggJKGsiUKqn4?e!5JMT#%P}m_qLsMr`NHS$mkrh|mD&A!p@D|L}cbqQ)mJ zp(^Yf?H=HI9dlOJqzIaBA6yMaU7|F*lFgo;!=tk{_njv_bhJp2V)bW%O=kzU?Zcgs zhKCHBjlpP$$xi822Nd2@mtB4bDqOv|+e)?K-sQsbR#PYs7 zR&ORbCC&O+l{;fu|3g*((<*~T!@=UYS`Ah6=yj_Uze3_FNaA7NHw)qkMO73ONPjO=OgZLNIjxp)kg#>_J{e9AuWxQ>s0 zmj2g%RRMy0njtXvwc?u~Nrv)_6UyljvclGL-m{>WxV~BbIhvV>yr%->p#PpF&%F!z z(vPV6-PtZ?QgF`LmXsCnFT54eWeaR=9FH&{tNIS(qLJnr&#cG-CmqdmPL2*{7NKz( zwTJ2B)iGoFL+XE6+P2I&x%+Wyy!&JervZ|tJF>^cyj^XV5ajb;zbaU)4+(%fRCD6Q z&ftCz`4!Nl>ZTC-n<@%gK1eGWwNp2(P!n)DHg(uiot?u|nb1To%p;KOn#b!?Gkt&% zzJ6ceycK=DPUeiTT5QhAWQol(dW zy{oQ!;{%Qx1=^_Pp+DF;=NWOxb0~Z}cE!;OnGN)R-%iH|&>|_tD2GDe?hea^C=G@V z^Oxv44qC3OW?mnK?ibacx^OHuG7KiJxw}IcBp>z%8n^aa4n0I$66>(>W$UNxt$D3F z_bMuuE_)E_YXE?SjEoF#W6t2~VM}s@Yx57qLJvvMI}XB1VByZJyuVvY)JJ!Bith%M zsmK#Y*J3m%I{Z;y?*=ulTU|N!c6TdEREk#F(v@@jMH+rmbzJV^52H!fesS7BP)C+4 zgZ=#~clY4lx2v}9dK)8v+PcZ_+N?G0H%oc-wxY^AE{w_IuDjP)ou&aV&IIpSO04t; z)X3HG$(K&l7?XuBAC3S3o~K?a$sMeqkS&6E%EkPbjjCnOHSgQ@GUDeoWQK}r)(o~5 z#gOZ?{Gr`dH8!lTib3VJMO#~nLn!7yzT0-r0(vQ_D&ZXhdl_2N6DM9AI5PR>ATi*7 zk>5mk3TZ99_Fp2<%o8Y+9&^KpFO0?`dlmP!8T`DR(JfPcVUEfF$5v5+t22)PB*ZOO zreId@N!<3}hIL!&X~1tuqTf(kkfjy)Je!nFH#qQKJUEY1j38`dd2rq;6+Dyxu$=Sv z?_mxi;Wz}#WR+FABeya-nkO+7CoCJ!p0~`vO`&T0=)Q?P7qLh%Q>cYEo2v-+sxF^+ z<$+CH&?m`vou60LvAN{KumN9k$N?+raWdbv%K=i&Z6{-TDJ{+J8fEzSL;%2Km;xHQ zQ)6!3iFKU3HG~#DX&@~ZTf}a^)ncfZYaLPyyO=PTpO#Us`?LzjPNMhLT?{Vka2;)2 z_5SGh@nz1a>?qQsRYF2%L=@1KwB3G;aLOpH}K&71E9sh^#S;*zIs92+RMqgBzlagHD0<}U&wqSVO;4NeT zNPbmquRk`sCRdnF`2B~)#+afQZWww$b6g>_68S)IuoU^#Lv`VIbq)4FWG;C`FMl_d ztfuW@NhSwALSYPG`~=#iOayPU{q<(qX*|dK zKg*{OqefUl&3GO~ehxEXbnE$V6mco< zR)zNv<+bgn`^%Q<6SyZews2Wgh!iq4iH0I^~6$;t-;Hw-yVCB-_|M4<1 z0mqGGu;!j#dr+u+HQ>O7+vzaTN_@mSRAKO02bI z{gkfTAVh;7)dzAF$a=DUFc`s)$cjCErzZU=ajE4Pvzr&Eay}j+s zV8Kn{SZvT&0qjMU@vZBq!FO#a9iE8C)>5bu1-kR6GACs+uhsyJ&j}iUzoKM~WR{O& z(-I){fLq3_IDz3u4b96#WWo5|mMZ*MASNa9u!_>ktPp_Db4P_OMoCl!CXvU| zvr##7(}y|2&>#H1oVoYk^jR;ZM1p^WHsDZ|0GlUzFiUwbV8SW$w)yO4{-kG`1 zHq*dv%VZ!~rokNRJeLjb;aiZ~Em&MObJs*WY8%xtb+$4sAE9 z7Mx4wO5q;)#Jc+8^J_8ibnd57@SU+zHaj4IwhjQYt^Obc~Nblh(?sy3>cJK9pZuoo{e?{wWcG!E(F zAaLjf!{VrA(dDR5*E*tNH@(;cclxU$BR`Bjm&{&23<^m@C;4ioH;~C1OAi_&R%frR z_C0*XYecyH&8!%eELehFDIeQiO#|?mRGM=A=1A^tK(r}%L7~lL!831F;!HYRyg%C; zlwGWCS~N&huz=J{=^>jklScTLZbCyCjOfV2U|-T+jirlkbcsa z@no2Tq&cFnyuD^*M6Hec?sveJNAvzD+!*g0F8y=Y`$%sjjif#`fsrIxO@jH8|EQN6 z@zX#mq--PdrHanvFr#Uf;&NR?o+tu>-Zj;p-44tZ3RpS1g(U!$CftAhiE<#F$hBpG zMQj0a{|r{lRO^dbpzCS#oAa1*sEnSTUA3SOgsbQLsDHdSDqTI%SBndkCXj>hpcH#N zVJp{`+Nd?Au)lo_;1e@2HvORI##B^(RCVp+z^uIR?_WY;)K;0A-Hd=XDKb-1Ceeu1 zWx=vdz5Wnim5Q^4tq771BRbQC|pq#2@V#4#^N&eOleRqy%- z;=pIOT&_ZlC8iev^1DA$-@_x}zYh3R>^i>aep0;|Zh zCn}~+aT(Xr8svR1WkJK~ch6M3SJ@zD9m6bte7i-Tps0f$SJ;?EGQK}}B=B-|6dht4 zS7dtkVDIpmfNtfau{Xf9;;uxngLCEHRqu>K*r#^ho=BeQtn!XV7SwWcvY0jz9>!*b zp%c$Y zrsq6)VAYDvw9+#@T_p1JJN8jZ@edUVXJYcuihA8sM1Ae-yVV?PgKlf3(ks==jT2h~ zH{6wfIij}%eu*C3NQQtYk)?B(WC?#Ud%0n+Im`9APQA32)ZzK_ZFVj2iJ?ijv+*=- zL|8J8MJIVMzDNqdt<4`LlA|9dotBoCOf8jxNUtyUTB~*X@xArDUR25ua@i!rLeYw# zV+^H_LIxlfmYks(M&4n>ouVZ@iu!66iVQ0#m%a`KOi3XFOcLsr&CFO~f~8OoEWFeC zO#1T=xMpU6L2(@1jbb^f-xI3Qu*i489{HhK1A<52b=M)2g4MGC09Y!56~H6GeZeSF zvP%97)Nf?X3FIel*58IqE^QW)j5PRqTF2!u>*QrRKAH*@qo~dzce-vJrgB9R%1K_X zDae!@|3|Y2WsRD0tTt->l4ofz+I;4JWxd2frx0lqcsJcCh1m7@KIbK~qd4j*50yya z?O}M2gZsH6Q?|-XR5J!Y9;^NOv?Tn_d*H;TVmNe=c!YLnzCYfqVpN5^k(@WO7qJ!k z^6jCO>Ujl6MyI6RWWL^2Y2SsW7zEu^;b4PNqhNN0t6Oaf4eju(s=c2k50xsL*WqV3 zZ_{87jtGS2_QBND$-n$ul$Xd?#0}GIHt@+xNkdHYb|&**p5T@-4AwE|Lr=GGFSz?^ zLZk}~{G@)FEEZA~2GG{=y}lMiFVTkdApD7e*Ht)ttHA$EXW#i-97lj4T=PfSx@mF} zTSgch^y9lOkXq&l1WUlWXLy?+1XOtLSalVF=Xa1jL52+<2FsSfpvzqIdV1KR|Gi5D zhx-faQO*(09r$ACYz{_SsNo9msMV}$s4mZ7=h17XsGMXQxB1JMy}>8FZuKesoWb|y znHo!F*?II`w7;NR>xpi)m^M41Xl~g2?WT})h8b3bMa5?ndTX($ObB{OMd6g%FJY1P ze3v!PR&%_8yt6lnsoaRmBm*xh$H?2>&CT#fVhn!3)y&Af%cA?L%Srj}x#>Ce$I-iu zts2$w-yKw3{q{1SjO>X&CP4w*Cc>8{oy(CHj8f~Xhulay+75oU^w`2w{nRLCM$0^k z7!nb`C`l>R?2?dKXA#2$N?IEu5w5quo#~n=6p-IvX5~b4#Hc=AMRyAbLyRal_zwNp zz6-afrf~6TtK%;>2Prr3e7CUIR|cTx{P(Rp91|dvUNk)o1kfqsu}taP000^Uh#^sh zZK)jk8s#Ay(uO?;6B0Sv>1yk;t>7&M>8U#s-8#9g41YaI95ad;3bdzh1_jv+>rkd4 z_-)f~r`kVY%4Ld_CCy1QsbZ8m8KL{>AP{{p3xOc%iAQDA9OyBQ9MFw`r%io!JKUOP zK5h`l`3j|^Y9tT&-H1Ni^ z*veg5A&jZT#IT~aqm9RT{clg~$SslH_i8-3Uh3WSv)CD1vLmum2cH5lx6h_{*yMas zQ9y3`vS=XG0MUd0trHkr^i=B@8GG&<96yE6(!u za;d(5ziEBM^6*FUWfviA^&J5;@?XN%JzD*DE}))I6LFYX+yhUr4oN< zFy*beL&i__=-T!*W+NtAN!pB@zqC#2n z{w^MI4w$O!AlTjAQjqg};krD0Ea}A+cQfUxPWbcp7bkC<^HDMUm>GN6cV#4tsuXKJsc!!gX^p$*`0ddmz{GELJa0d~CW& zE1A-8eTX>!Kj63N0}s+@`0IKM;*5eTVoUzN0)*u3&I<(5klTn+LI)R(Wduk8r_3-E zFA0n3VWpDh5ZOb@C3|NBX4MuZm_6Pr_Te(r^tJnT4bY9&CThcq60}Zk88Y;>96wtk zfQ12mm0fJ-=DKrw#7V`Hj@E6hPRWMy*RiQJw#3s!QVHFAF4Fg5^0X;UEk{UzkFP$v zStjUd90Ac3@_)EntNsF9*IjH*om}(Vxl=1Z0#aWXl-ji4946bIRdcpo3?~{?-TYuL zmZ76-KJNW^=o_J1*-%^W_jG5uwm}?j^{e^k&xdVgak!x=Te3&{vE_5?}x-CA@>UKX|u2p9Gxst=U!{zucvY?>Acx`WdwKY|FM^4N# z%Mr*DPa*jNXG;*fhHkL2E)nkqxFqQBcq% z_io=Q`7};48x!LIM5hk^%NItFmQLg+ZzVsHUbB{yu~>%RQTrQO75^Or0v_eC;?Z`4%mG)O#ewk$}gHd4> z7~Ob549*0+-9^-!jSiX+mOlr?qW_HhLv5_7Bj*H`?jaI!eqG7}$%$fzZpJ!#xYRTZ z-9jb6USRX{=}ON<$1|GS8#MD`W@Yf5>@4pM@6jI=>A~dvo3Z7n3f$1$%eR)uWeBuA zbpl!C`>KHYK=}6cNV=V+)(5RzQ~l9&ySQqg6e7x!fQY9egRsbAb(@x59?k2Z+$@M| z1S_~ilQDI&V53kPJ^pM)ozc`ezfJFgQliwt5^ zB0%FnR4iD>b|EkqMv>;0pMKX<_W^^K9~v%O;i;7}B030(!2AhQg_!q471rs?Y4rOt z6A^*Hdn;NR8+$(EMiY!p&s|MZ7&u5(oA!S~Xolw%(?KMYzxWAw1P|w$Sixyn5 z?wTLawiL@)CZ7a+R)o`a;o3zW=vvLOoAO` zqMwu9*)(?xk(o#E@t+qXS9hzP*`OMKT-FfP6>_#xC9+tLa-)-mEN*Lva?Bu`wTY$5 zca&MW#y}6o#A4lX&J|;3-SE1Pc4MX0Ng2`Q=LJIbyba~{bD89s>}h9A%SuDRSv8%{ zja04!bAnl8Mg@2`%Lp0;3q5U_iMJB)FQEt@9;MK4IQHFwqK%FDh2eXhmo%2dW z^+(pd%k_X{RRqjeTHS0Gs@OWc*M&WZ~|oj91Ox9n<&yyo$H7Fh3#&-=W0Q2P16qsB|ZX9hW!Ksr`qVM2a)%q3Cfxb%s%sdbV5S*4>W=L<9SZ_NeO ztgNh`B6fImn+0+jZlpX=07)4XVt%z6!GF)SYE)JD<^@Hd{Up9lOHVZb zfUSW?vw`X>FCQNUK<4_eXh(UuFAC#NHwsQ{>t^^-ujwm&qqoYyZh3M))XMh z^RwJuA7KM>H0E&7Q~x3M_d>}F@HK>P3&&^`f5?2f@q1yMDh`2nUmZTXkHVUK5)L^2f{g(%$8=CgYr}Ebp*VNnCI;9g}+I?lh&J{jv|EG~+ba znE5XWv4>T;Ch2+ik)^Ng@#bK4c!PDwr%X5t$*27mb20f@2T?cUru@pXtL12Ti}5WD z&6M$00FS}1#iyHPR~Z=@9IMI`CBpdK4s2EjKGMDM+{#&7(cjMW0Fm3V=8k1SzUMaw z4`R3z26TtFKIt6B4`rs$QLMgfxz~3}-WW|+CRkar#N+u*?3G;l#~qh>-3hOGpN0hCe#!Jo?Iv(lLEQCUrU98_I}gt3270m<};9(vn z#fy33eTd2dhVXxKZ_P`u_2jNVgLXzASw*W9E1hkeaiuzT7PuTjEW*UW3Qus zdBF(;pTmjLprNRR%XLJwr6=xO9)%91MWcC8UAz4oL;IK`{YbbhR1eDCLNnbZmhc z34&_t>u31B_EPCo-ZKYyQ6l1Rh~t{Nj+b_-C)p^9A#wp4Bv1kHfE{Dr&O?6%WbG*)_(WVbQbBoo3(W{sUBz*OR{uY{Z?fli`l0#Ua}~CsxBT zG&IT5!DohzmoMRGzSUAde2lMqG_!D&;_S~h=WB=?1xW$!w7!YoTZ)iC^N!U^-zdk! ztgN{hF2s$9#;-cmnJ-vBfB%#akdTvYo3tlp)1en;q`&f`)}GhqpjR)X2KwX@r88%9 z?p_La3zsN^P=ev6znjK4!4VdjJ`dDes_sQVHt zJuzcRt#ZbMATD`4nAwqCrCNu5rUC02Dik9qWn=e%DH62#C{2!rd3g&gFbc6;#sdV) zMgWjwG&-j*3X6^2t>|a4&Gqx7b#QgsT4S~-GXyDa3gMQ10@Bd$1+3rt<}zEU36$Y( z`$!;KuzdZR-1#3&on{o|+e{E^cky}<^%q||vZ{?q?l(ouaeQNdgw1BRo5ry>P`psy zjxV?JHG&^WL`r3KW|?BJX!>rSh2juEQG~yfrDat>M|Gg_^q0J!;HXekNY`z{7QXpW@y$dS1vNk6$)($3rxV6&4S*r(Q z8A}RgV!#oMZ`12n*#zrgALO;^^}xvo?~qPM8JMof=$s@g%TGX`PE=jq967Ckv(oN- zztqf`kpgiUS1L%*(t^>Wv(1s`8?EV1DmgyavC6`PTU{^!X5i~c z=UI50fYG#DtSgItPZE%=MeTfeYAj-V&F7@#-cYZ`_=(X1uONdrWrR>i4s#`-6Fwl4 zDe*<53^hNmol9Jl+w*#Eu)Fs++(tozt7@rld;3bC++Sg$ys#n7>3R3IQ%f5`uwHEu zmo#a3J$u~>L>x%Jo9@DJ@)R+zS$6rl#iY(@)XD6IHX!|LxkksJ-cO6Zl7rDgTuAra?ss(&cu$#ziD z|62=}ba{838RCa4PtaS|`CR6hFcTi`w!9tlzCVc`xzM1crO~Afzw7a=y-CRP@^A;! zB!QVP&LU}S2U{*Wsdo7|C`!I8E=DKjbq^XGAGep?o?9{eg_j9AD)}y+%>(a@Qo};nI@^ulkZsD^B{N*KoHd^hcVT)BU>o#Ho zowZZS^;Q~rznJXk)jVEbn^N8-g71(H=^)b7`~dV`Cq+N756 z-IT!HSk-}N9wK{ntrv*l9|s)Y9YO59-Y(`YhE{~Re!2S0gxgqh<@0RcaqN+$QVYWj z860u)11e6s@tan#5Yi+Vuv(=Nr(x{in$;DSr~0J+mlD;ypn5~~_kF5um6!<$<(e`o zVF>=LnAf&Gr{YhNU#llpKmYtap?_x{L#Gno`Si9Ys)D51qFL6a@2>`XXWQ@Nk8Bu& zu^zwlD|u)tQh9ctpTpm#vd!8$*Nce!bUSJp%iQzHguK|eV4zrM<%+xQ3l&5`oPW*! zm!qP35}z!Dn(a>oM{(17wydLv<{f(nlL7v;4CpDDm8e=+8bkLWTE+FsSh~@4ZFicP|q$5t9!e45njpil!Ro5UX4a zzJPX(O~pdszGAaMIbrxnL&4lI`IPG0O+^QoZP*sLgY3ukBmScmVU&ufY0a#?>h_2` zA?Ap>^8F8~6tj9JB2}R7Vkz&=pFapV9p>L9OMiYw}U&8(*t7^0#t-wCOEDYaY)BLX;q`FN{sD+sv$! z?lL+$y~SV$&oHH4a5Xmedq8gx7f>{J7mccY@}!g$n@d2rSC|?rL}u6_Olj#^8VQhq z$3?;gEZtOzQTi#2mMtIS)`5B`dr;?}z=;U}g1096q-B^l#294}yf~5=8h*OcDrG03 zS|ueABraCn91BkhW1;EwdqNP1T$zNM{tE}gxAStFepK{#p_@Z9RpJRfcw9UJW1-qJ zGi@k2UlV>xh(vNz1I9NPkdCK7Ui_+sh;{>6Sh?m!eE@u56-`@bns1D+j==XIWfrUO zsHLK!6g?*!z{SVM{XZoTBQXRxf}-=@P63hu;Ns>MNf%mC~Z6NJ2+dp0xg`UB4H|2}CB|Z0ksY|}MsLOP1&?3x+mAZ&Z zp2q3elf0v9sb==_ckp*S9Tzn9rwl)?W9L=fSxUup?7UrM>di~HU;X$9!~*M4{l1WL zkN5dXB^vbEl{>(Z6F|fKZza^%v-9pM{&N?jxIQ~&7N*x1FxA7g8t?V~XF3?PKg>Zq z#No}26ec>2EMXg0;NG&6#0YWJF^iA_x^%~~;cw5q6}^05mwJMuPd$g%;kh7|h@j`P zM~<4Ozg|vJn$O-%gS_RK2Ok`+HLe-E(&lXUa(YrT9T2z-KmZb3V@vmT*)$W-|=;|cW2}+Dci(0PI7T9I7Mw3^QGC(&n%%SM1(- ztzPdmXN!ur8!L;B5%x~&?K&Q7i}nk-kexJ$X58jmJl+8IUoW;g|BjvkIhV1QPUbiR z&T#?}OYZe%g%?4U?qz!C)2!*sj;Tb!=w5zcV_nC&wdC`Gq+zAUSL%P<@~_LLuh;)~ zu2#JMddm6I<4j2uxQL#&$AWQx)cInH7_7Oe`tO}I*$-~U=guZ%%Q360p-9+hW zQ*sk0w`Z>gYo-`lnK=!qJE^HUoWQn#rrA@T{slUs25O+^@csKu829N->(SAe7h1?% z0OHTavR~Lb9_y|3yGVSRkEG4?cgb;khKCwSlI1J-H&fCedGm!6k6vn(-zb2a-x1{= zm4p&~By^z($N-^egreEU+)gocdwF>Eb@$45wd3e)A-`QFrLS`2{fSyU!xQ4{lt3B; zGrvliRE7?B-ELY7{zjEvNAsorO&F#Ldg?rGw{|sF@?dD0rtobKX99$*wOV-3tIgUr z7{OEq+afb2pK2o`1)XT~u0nu88$w;qtxW;}ATN4v-KDjxuGet^oJ9>=E9s6W7{j(+3Y9c!0 z{Vk;!YWq&*t(EQ0@pCrLfLgBiSwnK}8~TCwrzx{1g)9b>7yu+$bPcl&uZbY$Z;=@Gh4@ z`Mduwd4Ngc^pVeR@|ad zu2>lbwHrN`n%WmQ!SqG4dH@N^5?7?T2$Nc8TA(~~;^Rr+!=FyX_wPM$+lUn$Ph4f$ zFz;2@7Bq6*2$&nkwHudyPXS>22l*#@%dT2_b0EVv3{CE;thr{tq`U z!N!v26QY@6^YQY&pe~Zv+EldhmHSDBEf%{{mxU04R1=sz@d?{uCJFC=8yVX)h~lHg zkxTLw;5uuuWCufb&$krncEeIVGI23%TI4~M+DmdNpIjGTHYStH#>pk!sB_13luupk zhK5d4P*E+@M)rQ$2qr6i(uzyiTMU7Gk4ST49!noUAZ zPEJAQFwQ>CIYTj@Dt722zMIj-#kkO@WxlSp+(ms<8JlxThy3P3-7UE;st(uyj*o#M;nOPtfmN zx!5-&1w^84FbKW;(y%s8Fwy{hnXGE9gQVHW)2Ns6?m$ivt?CnIT7A(>zrd;}db~Qg z&75yuP0Fd8*!)n|=&;pgGb9c)bL!Q2@|n;S0ZYpDosQgIt=3&hW-J*;s63Qy%Ny*i zO&GYD0Dzt?G@NTa3}-Of>J6KB_T_1g0gV>K;g6vnxXR-eaD-BlQKkq#E6V* zSUmjqAd#QiZ&%OSYgg9u&SM{^dlectO-aA2(MwG;1xLWlRK|Fn+Akr*|Mk+5H7|$1 zt(qhfAM%=QvVNilba4TsUY_ihb>vu72SNEi?VHbh;U7eQqvpZw`Qi6w(P35L?s;79 z7ZH#Q36f_Cw?iABlHQ3KkGs3*gNnFZf67#RfQEdryfxh0^D-O_hXO4~Fp2J}+;S+~ z_m*mz`OD@EOD_-7`luZMaMp3Vfw@#yE?BhnDBvG(Rpq&c&cH!va*l5Zbl-ex&K(hD z;%#+xvp04BRwMG|hQaU}$`OElEoP@)^)L7(5%DM+7Td_JJ+FJ-vV1hv!7QJ*Q3#F~ zP?B6k(SX~$avh9&sf6#K0WnhO~YuPN$6nJKR5)l$5MCxu=5BdgLk*)Lgs?FQ2`}* zKI8l#1<1tx3{!30HMJM($KPwt?Rn?t`YNu^msPzbvGTuWZPir8d9WMbw(3U@F)CM+ zIe3Xx0AQfm6m+_ShwnYR$m;wy;&&B-^J&^@KxtqeZ!xD65Rf(YfC#RO#2;XC+~D?9 zRwBZ(u09XAMfL+@Qb!SG6mQ;w`m3xg%>%~G+yt}KGZJQJ2~m7(oXy{(U)4AOH%k75 z`uMwh+n8(hq0q!g)%a6z(NwarnXfxtbf8}Rwfm%j7nqZu|7ZVza}qPwq{HWEX-u@A z?UOK^3sII>Y;(UP75E8_FjW^z15MfUF)}$JzmImPmQXu2B=vBQ6uC~#MM`{DPvZic(wEycOAF0B}b)?w-ZB@OC=;>_XlOB zW9$uVvxg%V@`Bk8A4~)8b%s?Z-Zh%A2UAn^p++Ldxs$-7c((!sBx#0$y5&)EaDP=P0cs?|!RY8I`DbG+c+j`W$YGyx`HK zh?UnXe}hLr8*90aN?%{pUoUDl^%tCR%3Bum~$cSePj3C3*`GNxK}-raK=j6Iw^Z%}!Nl6{)Xs~fr`p`3rjD(mG% z%eo z!?zzQkJ2nV8iYBLG4g$%tIpdW8;d?IM3(T5y6}cV?oV#vm+g9)0IS90!&J6p!J6lT z{MXF+orD}hDJPTQ1FZL-Fypdc)(zo@-hR_ZCtEyey%tDkZI34#;zeQsO6ZC#%~7-{ z(EluAsu;NGexxAaqRc2N_1o>#!@Cy*U(X&Jw-})p1{hs1=eP|b39+3pM5d{ZNDRB{L_M^nVNe8h0 z^95@4ay2AD%dO8-4Bk^JK>rEhIY0FU#LRQvv{hq#l|r!Beozr3fQBqICEGNDDwuR# z8Pq8nDE2R?78?B?wld84RJ&gz<#nj}Z)I1amQ$BTw|s)T;0bL(G0MKF6X*_G+BcvfK88 zAO^e)q3|OQ(ebQ|URMWya#?aYQJDeT*dP$1#tMxZNSt{H%|n$!jJf=p2RQ-9M9u#xCPnQDnbU8N;TK@P3&YV#YuMn9~-mbv|94eO26k zzoXJ0+bku5)S1aBjdNylVsjhI%j9U(erR<;D(mmgkj>UwJ%+`5=#xkFfu%@;#6`*P zc{kT>E-R34zR9zbFuV%*5M8280~efOGO7P$G5oZ}0mU6OKm{BOUN`nU5ihZDEDUp<%(5jjQd{_;XRk(i;&hwQ#G^L541C#zR>hyjd+~AE}EVm-qf$9!mM$JO^2T4dz+SgGJx;DzLAYqNiOE zM$s_=tggN@j|>Mp2LBpC=k1T&*-J{}f8Jt|pte3Nb}sx$G>|wWx_B1N7|12FyxQD* zJ^nLT=b(J>cVAW_`2nX)HJUkWLh?QolIFk*shW)Zue$kuSK1O%^zG$7-Be#UjHJ)Q zn#+=ub56L?@rgk5S^_&YC{zgmb03AJ6VzwO?f z9DSxso%ckZ?E{_*9bUJjILq^bEh%p}{I9)#O`k_D?C|CR!TS} zDV72Uk^6klZGGkbL$~C-Ffc2{8pZ8j!qH17P8ZD$-Y_rW1GQnlm8FA3>Q?0`c=;D7 zG0LOW7_~16a(TVJtVTX75SLMwus$E8xIW&jmJ+MR#QrG=yzl>LUTnoJCJHB^AS*C1 z>iCx#VG)^vCr5Iro7-qGq6yMhV@;l@8s%IZZ9FdgWT3fV_#tbLn=|!MZ}(I($2(pll)yLM(S0+U^DNtyl zxk1Q4E#v*0QX8eA257TI;IKOklv1}<2Jg$TK+z=EwEA2EqyhYgAC60GakhXIBL%GU z*eT%GxNJXrl_n1bfI?|_RT;dHJ(Dq1rlHFFFbSsAB#4H5e7+w(h!LoushC+%ubk2< ze?z$^R%(fc-W_T$Z}ayX!UG6#{IT0GjSLyWAu~=5*{kf8d|K56NKvQEbin;@ec?C0 ziMm;!7;a5v3>s-RTZB{z#Q=x|9uYeBcy_5`+|-apPW^*uDvfeUGcKiJ(EKRYHqf*p ziRshC0wNN;1IYqrFCV4F9iX391U&Du*`DljPwbl@D0v-$)x1Po9LUAr51qMvUTKT*y6GF;|D1N!gqRs5?exC^hZ(6pG`vq$<-> z-x{EhFI9vP7!;3cqx92PU1#!ZY<23tP@9qZdXZM4N3ImNiTwy&17O2rJ6$FX$M)p> z8gp7@&SlxIb7f%nQF1iZ*N`Sb%IM$?|F6A|LVE^EDq!NxP4M`Qb*);89iB1Ej0=LL&k*xEm$8Waeqs#OXA2{W)!;gSaeHknu2 zLQ)J|Ne2SRCC4Jt{+*Oey$y=mim(U)&|xXtF))0lhCz}bc}A#o#i>0rqv^+7SV^L# zvcCx|X}#Krbl?0)L5@KOG00I1%PW>|i+EL`gUw6$A+;X35nK?FU2cFGtRA@?do3A+ zJ5WF%7H0`4l&1Tem@t$ImKTaDY#8J=!#1#?F9ZR8mi$bjjiHSJrIT9LQ@#n~!kE{i zfkfE;1&h7Gq_s|i0Oc@{xyKp=|0zc7xRqnlF zMUG74MINqPK&+6SBqWF&1EQvd{Wa>W-GKp!Y2&tp-frFN4F+f zW7CXzBYNc)lI0}b{Swkb@%%x!_eOm=1DY$#%)jblWt~v~z@y?aO@e>vJLK)IN5ivr zg4kO}l`fJ42(PK`(Ogyb>j*MKpelW9#=7n=@5h^B%itu#A`a}YDr#z|9h^OCSITdK zJJEZ=_W@^1JD7n-TrmfM1V1gLz{agtnKA7vE&ErO*p@Sw?RM!M4~E(1DjfyRW~j|R z=fBik3!oflD94?-nMBWr|0l9LO~k^5l$&0ezaQ@cp8u>-if3nM7Z(>8j<#F9rb#bd zx@4MWV|ixl?GFK^`0B+^gKnc(EWEVn^!eA$eD~WQtWncEI}z)jZ$v1cj-PLOVO)FL zNyr-3X({IC=YR5(pZ=%+^nXE8@Y%^;k5=r&#hQ7Rc77k~K| z+quIC{o)tDtT!5e@cX~Nn;Jc7{MCQ?&xT=aH;jqj&FOhB9L8ku zUeMsJ&IIf6zg>0=9D{uS``_>D@6!o`)AJ3X)z#Ji=~{pFU;Z;?Y)7OZ+b!(p{Rhft z+}B@!eb1gfyWt%{2>-u@e7RhH=bd+6?HWS}UB7ZiMdP}(uyfB*fVp`n-UDJ7Iy_KWF>cKCAoY_hiFrU+%G^_8Z|%`L{Ddshdif=1yn9byI{eH@O`eh7TP+dvr}9O=*x}=gZGN54p(X^QC+y<}%qHP167=@7}rTOY8L$`@gz! ztZOF{}Q zB{R+Cx#i)#W8LN|!WdK1YqU%^=k-<%E900{ND+jgVcI66aTM6u!eDI+CBW^>G}(n; z{cEZ)JUUoow)NCJZZ!@vp_ShW!a^%~<*P4aZ06D~VMeXi@7g;$k}IWNNs_oyYBy9s zJFHnr{^b{67^dr{Y{Rhn2Zs!bpDGh{8y7BL&*Vy`K^!MDG}MRI>-lRFQn3-5Ez86x(lpy>w3X!7 zFMigE@aRzfi;sUz!sC_#xJ3UwhAm=8eh8Gq0U?mb+=oZY(WzeSWo5KXm-m zcHMi*I<5Nk>sN_s*DAFzjN%Y}^5Y*@M@CE~L=PSrkQ!F;(i+)y zl}n$0md;fRrm@m%#h%}d<6~#u7%bpxH*TDH?QF{KW>U82bsDSf`;#|a*9oK8W^SZ| z>AMf_EX*AonUFGEZu`Y*>Bs-@qf&J=>#&){b!_kTuH~dK$adGWOjBx|PNkF_Ja|GOgpce$ik<*o zD^0BL{P1^`(v*^Rx8t~J5&BALrIpeslg%nA0Km!Sve`_`WhP~NJ&!SmVQ70D!?dJS z>2yjfF}DA>1~|6=2qvi4U*$@0E(_(SMQgWvk1Y@F{fj>z0R%jXM9jmm_r34_mSHjk z7z4Dsr!3oAo|`w)g=!Xe0yuf*oXKd)bq*fb&v_JcC1s=mr&Fop=a3Z24?ILn3Mvu; z5GbK-*D)#T^+Gi|B80G=lw%u0s9o+F2tg$Ddmnut6T%qlbULQ(Y7q-55lAVKn@%H8 zTBCG2bvB*lF;8bxzSl#GJo`Ef9^UNMs%~?$>j^a*NM5H)X1dMQ4|0sB90Uy>D0@y z@-{&YeYG%*3Z)nGP@#1+<__yWa^&QJ14nwEuOzoqFF_;nN{&JsvCvm;Pu7f1 zo;ZKx&+&XRRJJT$xWxT$zKYaC7TJ` zjFopY+pYtQ5Mx`v$}+|PfKissxN#JuQjZmP3xzxY?Abe>{Q9kLeQQ(iFrl_(1Hj|* z*dSRWpZxsP*CmsEqJxa>mcs%gL-6 zHY}%XZ8RSzBW$~l?K%KJsbe}0Y)l+LsZ;`hO!o02u@hZoYm3IbxL+9O3dM9fyF>Co zj1i?2zfAHHr7WAvzErCW!yvmPx&Z(HjPaKA4!bu>33-wjg&9`Xc;d#%F>1A1w{G6-dV$)>wfQS@+H5u_CvUgAJ+)1ci83;IYtr}q zg~g@ce1#s2k=OIS`tkx7l92x(;n*bi;FFI(URYYrWpg{Z3&0q8p7+&PU&TTa{7sP+ zQ%XMn?DJc!?b2GE^3-c?D2Hz&rgfV*Q z;ziT4ZrqyO&O0Ia(@#Hr_;9LFEIePB;#s48L*wbn7(p1e4_mEqOeFYA*gElMOEo}3 z@$&MLAEDRZ`>i;ZTg6Uy>tc&8F}ygx5ODg&dmlyN*2C&J46|&v+j{GRk327aHoUpH z4NtXa9d^3KpPpm8QA@-G`Mu6+qj&zD-vYq;xq;A4Be`{M<(4gZelMOGfz6oZ7gxSr zrHqlerRM4L9~Mhxxr2-eOi<5j)m#4S@BEh1F9EjLSXVnKY&&#erFZPqnUOuiJpTF{ zM=E7_fz0L#=U#s!c-8U2!<%)IMG>7XbO@n&m;>Np@b|)DorWXN@0SN z!AsIBL9a0zB&qiRYmt9Uu;2m{vX+~Ju~HHNTIV1@$(e+~fCNB_D@rne}?RQEv~NX3zYYpv61t5B-CZfam)kLQI5V}r4z zh}K#N4uC8>>FL10z}QQpV?(b!d1neENaYHyV=1K(078fmf&d=fzlH3=a4mo9_TAC3 z{Yd(=3rhn-qXZ;1&0e#mfH*0OnvRORrIl6RYkOV4wrB6YvC-tKB9-KR=kkRsoX4h{ z&Sg_l>SRYCgc1ZZQ+EPo?i(Gvb>qgso_#jcQ`6Jc{t=TQL|E*3kx=QZi?Km8pI=-G z!%nB=SB8cu54s`huav1}X7gF~II5%t=Tb_}#pdBa2utqWo1G<;DG}be_b{Kanyp^5 z-i+f26T>uFuiMoKTeg*U)5{C9)U*x82*E;11Skr6n3}HbXw7G*R;Xzv82NRO45pMS z9^Scqqck`%R4sP89wtQcDCVkEsgfNa$G0@4h!8@_=;~KrB1Exa7K;TT1O@<%F{YHD z#n}gSFFtzcz~qf9rM}T@%6#mHy_5mR-=edX4K3r}D*$Wio_WCX)uOIVE4arxYo5>C=D4cCOY};G7d` z$G*qoo+6e>P!KlE^kCW?^IEIF{Ku;Tvuwt>{KaRr{$WaRyVVN3wqoS$Ti?;$=}Wh! zj~qMHTwclb??I0vD+nXFdGXVxuLlOpTuMSr5&2Q%D@1LBMnO~3d@*hHy3Nmi@uO}G z)slPl;unSTfQd=R>ju59!1~yk_p-G6=@(aypE}WAUCC6c!NOdN>y^3biK8cq<$V02 z#Y!1#EI#=7S3jqwQ>)ZgSDO~tfBirHd%kag@R$d%+?WkD&KVRL_Q*)}iwl>_#j*f$ z>g2Jj7e1qQrq^6e<*HdHGq9(6^{X#Tr)Z{V6iJiOFz})vWVVB(==t?tjDqI;^xT4o zBZ83Ei{JhB4{DXnF78thA>{70%PXC5WMuH(eM!I&JdDGh&^YB-LC_3^Q7ILJUhC3l zKd(1~fx+yRi(jR4m5gC_!fw#%29h5*etx)O{_C%Pb^OffUbD$ecUART?e65YOQvD; z{4nKY{itnIYifCMq&5slt~9&vzVr4kfBHA6{9xKK7nfI#96zDJ^JeE8D=W5@4#N&{ z(hNZu1qV)@uT-i#PYoa#EzQn4v0j>fxcA73V!80@zk%=>dg-) zMh0IkY~(k=jSt%itcANEvo6aLG+ue@A zsMNYxEK6Rf?m0p!9p7`nO{e2{UGzaKVD@|8`yD@s43l-c9VeCJfhUv#t&~RDTuv)R zFj5*FI&qG3naibHjizO%8G>fFWf+E(Dqk#vioajkLkJxk*`LW}R||QrWDrJ`YFX?6 zjKt$8Um52;yuu(`~oc-r+IH=W{_X5Q1m&WdNMb7nI zLTe=ydh^5Y#zLEx+3B_|C#~X;3jrXt!fqym0SF;jADB3liK8fA%(YuB${d@~X1hU| zA%x5q%LIuZ{P6cMp?ml2OJ{Okd&Nn01_#G8xjX_Tg=Qv=Ja4S$Rf;tc``s`smCJ8^ z_)#idG%3_u%}TAW*KYWEKDPH@E|Uu*PZOr%NNSYJ=U?jC#ko9s@=U&5?s{IOR(geG z8~_k=K5^*u;K+Wj>ub%^nbgZdx&B>PEacG>uaEET`avipcWpyTwfQ`zwM5K5cmDnE zfmSS}0)>=RyM)y<)7-Of5NS{v1~EtpnDlK_DJ38TO2gprfKq@END0;cnv$Ra2FaSP zvJe0WFouM*Sc$dQK}wNrJEmz5kM+kfNC|@kl6p3R$5H_TPzw5o`X9TfRh0q_&`$;) zy8s|$O~Y9VJ-l}u0bmR~euDglF=RWgVVbT>2}wV3L5NT$m(?0FS(u%jtv6PW9Np7u zt(E8>sc8+ccN74GfIt4Ty&3=m#2m)=A9!5Hy6kh(1&l#T7#Qr|C?F-^3T(jSlQEQX zSK6^k3xgR0qk9knDPVx~KQ)X=P(mr_8?5O~!>BbV4SmCX$+d{!pa9C7hS7G1`i9mf z0@iRVfcmOq1h@c%fMAGYsMJbQfz~jvXOMF!S4zpk6B014Bm`;6H0?yp5!UWFfKWQT z_duTt1(KL?s6y^$W8W90!@EY1@wLnlbzO(MC4~ zre#^S?YbD?RVqJNR`Rv792b;M0RTp+e4&6bAOxI)RC>+3WxFY)Aq4<#DqSj*He1?#{pzLvkxFqPUV&8c&YU*tt2eJ- zNvG2>=UY0pEbGSgD}nDxAp(C(xefG;ob$h#VNAl%yL{=(zy5#zJ0POBN@QMVIh2eU zQgWpZlN~sbyJp@WBwCS32!w|*E`IUX|MR~Ad{bn_rfGfk)t-N*a(63E&8e_b;xG2NM zTjvgKmpno!MZDSWblyCBXg7=F*JBvtMzgs*d*|4}J(giAq%DIb(JzEa5(bK+Fyhj6 z?bYSwT&d=mq}A>?Zi*75wboK81*XM>5K4g%ai`rDO1o}~Qi?Gsp;GBo7=?yu;p7a7 z*3=%l-L}*ym&s~SLP$!9lu{~X8m5$@)oiA+1(TpKj19|BQYQSz7~_PD1R;d*Iu}EA#i>Ja>pu_6=A>J% zF8gwMbuVSLzW$k+*&|1fy}0PBvudqxZf^eYk)zKk({8tymX;45JoIa8)o#r9gWET* zbeC6W1JO5FrHn=)M@kAQG%->pou7TU(h)!S=-Zvu<;K$DTofzqYq0a#oM{+>N6mU0 znPhNeVyJ5U?|=DnXnc6}?n7*)iU@Ary`Qn%dZt$@Wtxqqo6fYB=2^NZI(3$-^p%SD zr>48jb~=}@udb9!RjDGwG3V~g96kG5tFa_FcBGn}nym~}R~DCRgF_g{aVV5V`C_)$ z@ghG|*na1oEnqC4efIg;*UqO?JAISycDvWEUq5;B6{A|7vdfpR9y@k?U|_d;l(%o+ zE|)8Z4n3>VwOhl4DhCbhar=tyorkk~_wEG|&M&U?4-QeJ2%}!J1B5xQi3t^<-|TeTjd~Qz zQvbkE-&#}RI1c^p+}ylU(y*LN%3jL>A&6jt0On_>eU8Tl%eU^_9~#~3P&G5VQ0*Hq z8AgOeo)=4$&NzTDh2?}Hz)Q6n5s?={tz5vArqWNO(ne9VrJ%Hye0jBj2#o^o z!PJ~>U;q$;bFL85m{5a}xtZBiE@v4mIkz_(jWCjxz6#PBW5RiCm}X>VaFjyN++V5sYhqel$Lu+;5j3YGEk(MLD$M+Q4kE-Zl7fXap3+~Pu$Ys+DP>B#7ame>!yR^syrow=dor zKSMV*4ulC-;*+2MY^5hhhHHc(04m}r3Ovj#+hD6JQxVP^=T0upPF=rpsT;~%hIN{~ za<$*0MyK2EwmQ;8Cr`hX!JS`xe*MI$!w;|A89vO#>hg-GO4-!#-if_0T5yRi&prC< zfBYFW-CDIWHM2O{m-?Ik_1DxexgRy!&3v(MAXn%KKMW%&cyezW#X;=rY$oG}9Xpd_ zScg&6YDZ^}PF%ipr83sfIqEJhg_6AS=9#J4nb7w&B0;l()5YWaM}GCi#eE0%daDg7 zbgS7^*eDdNR@YBwvvC-oIel{S^0ltlT4^=M4xRY!2k&fubEmmbC(gf~+#ziDpwSv? zeSI7Fh>3|K$q!GJ?;jX>{7XLjz0q+1I1c~-2lqX#5~!4VuWxYU*L@TFHNuRMgZmF_ zt#x1dz|k$fjTB+SU%l?;o7uEIG`@EtJ-l7XuVV;JP2HcKUH1IYw(aw8 zy+1zu(vQ~vV_O?b9FbL|4_};w}K#XEO zH9xahDAhpn2KImuOU;JC7^5VN0y~us10Ml7b@sJpb6HdBX0l4d_8?kBF?{yv zubgx-mrWUzX)PrXN)V5^Mrdeo5Fa zbb4NG@Kt}S5juYQ{K%fwMysb~=-S_iT;cyejT*K+v3^n-OvnoQ`<^XVsyybQDV5g> z48o@8Lnc+)YTjMPHZ6N-d<}9su;yb67sb-!?WR~~q4?Ox@ZO0ny95BP z>sVXSE*X|HKE5~kx!G(jFRvUsw(aFh-|%DCLqmOQ&+fj*C&YHi~Wkkig)02b@lRgfyIn%4);r0| z+6-;`^&9GTyO*w9O=U97FuScfS6C@wne5)RtMS0z;ePgy|M-sppp+&QEBRPSGZD>R zYyXoK;>$MsfN?{Xf?Eq&S+YjoqF7q@-hd!@+5Z^8)1 zVZfW+FwjoSiI9e6k}lWODW81(J4y9ynuEn_Y%%M?8J zdR@!57{O90N-4%VnP^6_);f+QGYCdlYstCTyZ{gaN^!Fr*SkWHcqagMLa^WC?Owdv zjy2$KC>(29bhQ;Mw<2P5z6&_K>#$CbYZ5g*5rnUDjTr`6ZiUTm-151<&FXa=*6Hz3 z#?77xo>5R7?bURPC zM@djxZ@?%wgqf2fNw3lR^IL1c1eDZkVC8jevtCQA+8{kgn1GV-xWp!U<|I*SyYB%Z zsONQC&1DPGNIo*T;a@{0sM^8Ptb1hdKNfWp?^|0JuYpt$SYBh|wmY_9Qt`kQg zk0PawqbE<0P5EF5A%nrf{L*(m`n_5;7e-Idw*Kggt_Wd9HpzCd2 zb0&=h*G?++t#5zeZR6dx(emQTyYGKzc+U{$FZsq1_PX^}gg{Z#vQ0Bt!U?(@A=Ip| z0JR(g%`L7BkBm|fEA>XPTm>yL!cpJ@W|ozp0OKI=JFTVyl*tuy*^HEmQs(!9px2$A zS`l%KD03Z0ucNaQ7wu+UXq-)1GqdykL!-8VW~Nv2#WF>p5#nK}0NIWug_ME^LC|eC zg@SZ0k3}3w$hav)uwk-|U5_#5_j*wjcDo`9H|5nKzz70AKo~7AM)UIv80#p4!1tBb zYruH~^D8UqT+uR_l1gcvJSr(;7-KCZB1FVd91DaHVOVQqP#OfG?Yar#9ut!EOG?EI zL-Hu*oEaw4%I^i1>rlcF(n5#?;hbb}hCzS{!P}725JGx>FOHSsywwd{*S>pa(Qz_y z=!JnVm15L%Qf8^(HtLNy=3Zl=(F!K^4@^Cn>UAp_!&q*uYAJ%*XrGZYwBPKuO9TCt zQnggBsm@BHv0BU&?oLe|IdX9J{%t!~2^xzuQ?+%VTfyOd!>#4H+bfN}fic%6H^2On zGd42X|KRSuTy2P9hQ^q}TJKDDt|!7o%elAgwy>Hnp5g%1xMicd~OR=|oZJ z`+m2(E755L=`f6fAn10L-|KztdY(1Tt-$xAFzj~0^Stf7hnUcASND2bml48_qR{ty zUialir)ALl>5u*f+v(as)gVMDq(v-5ObnYMJv()i<@TICcHqI}_1l-fkf388VQl8I zIc8ejW+U)?>acysUcs8$t(*#`SQx> z-r?!V2ZIL><8G@NLCH;5M@IIH56973&o@rlo1q*4Kn=4ofA43%_}|oY3fcULMf;<3YFg(-WSI)8K)RwDXW7Ak7^~8EcK&DP9TJ&lo%6?K}w~h zcmjxrMnLN;Li~+tykkgq4yBLyt^IiL?fS68#>*MY7!}kN^M*0U$zf zazCoIPH20S0)!Bz46UP1IOnNs9zYAhlgb%005l>90JPRJ*+B>)h(dB%%hb*P*Tn z8TrWQenLP>jS$**=!Djgu!Ug+N`X=e;eiPXf@_446jEu008vU!!=#3F?(Nrkynzr! z$rU?BYo~mrwNh$mbb{dIl#BKqIHoit_)E0m0^zZJz_~^kDXFrj&LIGVk&;p>McD=e z7&T3cF=km5!Q*h0);eG6f2)50089&l&~LUHzx})4YBko7tO?#U;rk*Olm;brBBUFi z6{f}XIv`cZgbWRm-e3fBeNAG50N}_85JFDupHOmBr~!difC(T-u4Xg<5Q>u9B`E~} zY?*052$3>245Pg|J2`pFb~3=@Y&Q4s(S1RUG@}C8ANzXYaj5Y5_ZsXmu=;NNgWcm+XT$o?F zai5a)rTw&^+U8&NrUDx`d>en-!U!R&t1C0pk3RqGt2h!**6>0X&;IEt+xkzGlI5kP z>FGz8E^at|!WjU#u6g_RP0#Co`thZnx8=L>6PKL`C(mm1Oc{9QLwK_N+qD*L^Ya#l zF%HA-^vq19(r3FF8ApJaLXb+kH*Q?*A34}pEnK^N0qN&e@*8IeF-m4;rmkGRP$-my zP%mse#@P4Ub2C$yFMX*sd5IY3llR-tH`_L*ryiy=xlX6G8zO5rWj=avuTgKLGwC3B zm5Jx3$?o2noO<-&;>AnbkrKKo^TGYQrtRbkg}~p^J2EXgJvDXX`qg@U^`+6Vq2H*_ zJz(Dq%Q-@**=+iqm8I#Mzcz?ELa5bfgx>0NoVGD;t<3bi-rR$muSB!!8#RQG=Xu@c zGW-9^yRz;$j_X`&chB_fGgt;20do^~(WFGJmP{p)6-Z_lPs@YPu@n0o zN0wv7$C4#Q3qgtmcYq)P3})+@>AluGGzJ`y00?l2v8W~>2181(9`5#v&@mDPIkiRTSmEDh`xwN@;SR##RUjb<3#-5U9R5Cnk`k~0=> z7S9*QQ4q#j$y%+Z*QyNOT@7UM(3&&WSgq9?jWCKs-|KW;Db@Wq5x(z-Tcl1ATu33K z&~LQbJB(c9jH!N0Hy(R7S*C>$y8p#itS$-Gp99vp1*#(I#jqZcXQ_C=~te8I#B=-hCF!h7ysT1<>=UO#x@yOKx-u! zHcS(v>(?%LGV}V&&&*!D1R)lJ`#~>dJIw~;U}UNa<8amK9+*B@ z&ZRD%KhIM%lg-GGt=z61efAWEyxw#~98*GT_2zRgp1HFyuZT&J>a|@$ac#LhJXRtY zW77;>cVf?8;Wk!Vp4V%|3cmc!zo-;4074V%4}SG4H`XK7p?opRVgZy?N@#3mEV6K8 zZneYTeB-sb3$s!a#zh!+FwK_=d4m{2L{76u(qwdeW~^*}@cYlkCdZa>(?cv9QF*Yde|JP$5gdI{#Iv zGLlKBAtJr515FD-7DCYKo- z-*f!<(?<^+urrxr(OhZQtlUmFx)9-9E|;~_Y0Ju_O~FN{+qt!HebsSI)2KIEG-VH0 z%DuMZGj15f@47)4+4&5F7(*Dxv7O0<9rw=SGQ=1WYFgy>;;kSGqy+Qx*A|vm5M84% zaf86Hh}&tmTW#0#x;>vz%7W1M!lm1bo*!UDv#G4x^NbV?g3xo?ckV26!IoE+05GWr zt{W7J#eOP2pdc9@D&_K-av|q94#q@q=DBXSwOU_oj!w>;ditdhFQo)5nfLjIx>3x!GBbsfZ)rk8_36zWvj-oz7-5 ztyZJubcd^BD2}eqU8SZ8M9gAd%;vM%EJU!;Y9maQ;Ip57JU4fFw>iX>RM~vKSWGRq zSIq2Vh%4JT-gxG~Q^TdK?*?wi@q@?dh4p6+f-UQ{Z-1x%@0O_(CZ_k{ep=*X$4_ro zq>rsHzlASpWb@}005=|0H9KNep5LB07A&7 z*Gq+=u{T~{+na=8)af{HzqQ>daZ^afB}4|@#r0K^K@R|M`q^gy0DHeSy^~sl%_9U$ z18X*TMKE&X7Ie*7o^gTJM9n>El7uCcwX841?f1^QLiEnn-3z8i@1!Z!i_z-6RUc?Zlk`M zdMFz0K{$>>Fxq?`J{p?MMyKO!FWGV0oU`rABrT<6*Q*=({L2gHFI;|Nq|>O|?OdMw zN*eAKA4N_ zPXZ7EgwP*8`J(5EY%aGG(qn{B5O`mHF^i3#LinVjV<{z{e)7rUQnONdB+_Zqq+fjT znQdpTFVr3{u{j}lY3X)tWyOyG+k%P4H0kWQrGE;ZQ}tV4v7k3ahFTEi`sO1o_- zIdbgO@n>F#K!N)b*n{=hPLNQ>DzN4Xwf;x~0NizAN?e}7z|u}AsVy&M-v8x~e)2CY z=9@10>rZ9`QS!`5b~l^)Ne!x4`&ReaQ~RI>S-QRW!GHe84}bE{aTMR9FsYu&8o&L` z``u3Kt?z!n*Ngk2?y;=z{ndYN-|MKgy_47WUR`j<#WcVed%go8`N6yY1T@iFZP|@$ zX*kpXhrxZO-ZN7DoycH&A%se=xu0*+z(n`}-@-!xB1kD=0=)6$V{={^8w!)M`f#U>iDNXGq(ohVrUJ z34l-ogb-LGokkEyr4T|oplgVN=iv6l|mwn6JJH86+$Taoh9z4LP|;qXABX7Fw#ot zyXpBf0DyBr4GI822uaSF-~bRQq*6*si69h$Q)(p6ko{vL)KV&-p;n$7rtGX~(l87u zH3)=C>m*o&5F(`zLO=+kFaQVwnLiUw|-`D7SHaHlQpj-cZc9u}nr1;{c>(k@KKm7jFY;HL2 zt+xFjUnuav_aauv<+|NAp{7>aN?YyK=FsGrWSqwllQNghE5R@|y{;1lygWJ_haNWU zvEeEUy9?!r|}XuDa;Aplw{L`=)Tx98{T zJ^spzFI>HJj;0D2fo5|hl^rT%ZHx^i;;!Rb87o^HuH=l_3m5HNdS&5GestpC)bOS2 zcTS!7`uxpH&`jF~>AB9W#rktEzA%67Vy;jD5c8mitxVdavE(cWGr1B${Kn1s;o+)f zSpcFi@Q9JpKt*nEV&9?BN_i))7Fq+tAm={%uXJT%T3zI->IgdC+tM~TK$KzkPvD`UI$o( zRIlBr1!=n&bX!bBLL-WZoyif4L{W?oTE2Bvk@WCTe*WsE>eviWZKvnRC=?hLh9-pP z^gMU$&{LY>>gZ?^venmNipcK;%C>tq+ci6#i@Yvlkx+mVno3(anhwJVVboZj_c@uG zEZ?5LR;-L00JeH<#Tl!qW0?^Rd!1gVI(1|;g5%>8^&3|qkn@W-jtuSStvN&}j-!s# z#73%=FCeJn!2jyPxooDaMGP%cU#(@+X{kZ$&h1Vdj8rPEM$^vc5kRQj)=|`H*R6cX zZM9pC)zLkB{ccMsN)epDvrs5imT%pfoUE=c-_cb2y)g1zsZcg!He2;L2#A>xK^NIR zRl#SU&mKN@H17F=wOid5B}T7HTkUqCG9nnm5c!T*Z!B@BjqK3+@c<$M1ncy|teu{} zc`apSSR6!QAeA(zWm>3Q$OU1DF?Jfut!}h`-{|7PLXaEEQKR9u6yxDieDGM#rmW?( zhsVdNqq;J&r`NmVw3a{l&{s%m2nohdMZ;aq*LXIeHfvgpXs#*5VD2E8;8n|*TYgngiFIC zy&E^@SC%P(cD_Jlp0D&jEM%-{YRnTV*lPl5CYEEZfdlW8XIT7^Y@I!TI)Cpsc9*} zlbBJZfMHom3awP3G@MG?QV2@v(*Oe;7-JA(;b%UihoOh7c#bZHO9BNvSk~ zKq*a43uvjdDi+ID%2rZfN{^ou8bE?Eiz7^^QVJ6Sw0`^T1A=qBpCSZ>7&~zEIp6mw zHKpVbVoE7OP;hqq^vfro#SkJwsf?qp>lR97c>0W#T5EOo^|ufNLQ2z0X)T{^)Ve`D zwP#vuwPSA%&6qg$@{5(B5yoTFOzrlhy*(IX6H^B!rVen%m6Di{C&Y5{XNdm+3*to# T->7T)00000NkvXXu0mjfMlFhB literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 425c0389da..696c47442f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -89,14 +89,15 @@ After you've enabled the service, you may need to configure your network or fire ### Network connections -The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an *allow* rule specifically for them. +The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an *allow* rule specifically for them. + + + +|**Item**|**Description**| +|:-----|:-----| +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. + -| Service location | DNS record | -| ---------------------------------------- | ----------------------- | -| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com | -| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com
usseu1northprod.blob.core.windows.net 
usseu1westprod.blob.core.windows.net | -| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com
ussuk1southprod.blob.core.windows.net 
ussuk1westprod.blob.core.windows.net | -| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net 
ussus1westprod.blob.core.windows.net | > [!NOTE] > For a more specific URL list, see [Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 5d2922bccc..5c6219b989 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -69,14 +69,15 @@ After you've enabled the service, you may need to configure your network or fire ### Network connections -The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. +The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. + + + +|**Item**|**Description**| +|:-----|:-----| +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. + -| Service location | DNS record | -| ---------------------------------------- | ----------------------- | -| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com | -| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com
usseu1northprod.blob.core.windows.net 
usseu1westprod.blob.core.windows.net
winatp-gw-weu.microsoft.com
winatp-gw-neu.microsoft.com | -| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com
ussuk1southprod.blob.core.windows.net 
ussuk1westprod.blob.core.windows.net
winatp-gw-ukw.microsoft.com
winatp-gw-uks.microsoft.com | -| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net 
ussus1westprod.blob.core.windows.net
winatp-gw-cus.microsoft.com
winatp-gw-eus.microsoft.com | Microsoft Defender ATP can discover a proxy server by using the following discovery methods: - Proxy auto-config (PAC) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 9c5a742c97..96ee924d6d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -228,16 +228,15 @@ is configured on these devices. URLs that include v20 in them are only needed if you have Windows 10, version 1803 or later devices. For example, ```us-v20.events.data.microsoft.com``` is only needed if the device is on Windows 10, version 1803 or later. + - Service location | Microsoft.com DNS record --|- -Common URLs for all locations | ```crl.microsoft.com/pki/crl/*```
```ctldl.windowsupdate.com```
```www.microsoft.com/pkiops/*```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com``` -European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net```
```automatedirstrprdweu.blob.core.windows.net```
```automatedirstrprdneu.blob.core.windows.net``` -United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net```
```automatedirstrprduks.blob.core.windows.net```
```automatedirstrprdukw.blob.core.windows.net``` -United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net```
```automatedirstrprdcus.blob.core.windows.net```
```automatedirstrprdeus.blob.core.windows.net``` +If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the listed URLs. -If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs. +|**Item**|**Description**| +|:-----|:-----| +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. + ### Microsoft Defender ATP service backend IP range From 0ce0f3714e1885c59fffee47ef1173c070be4e17 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 8 Jul 2020 20:23:54 -0700 Subject: [PATCH 018/102] Updates --- .../images/mac-system-extension-intune2.png | Bin 0 -> 83780 bytes .../mac-sysext-policies.md | 65 +++++++++--------- 2 files changed, 32 insertions(+), 33 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-intune2.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-intune2.png b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-intune2.png new file mode 100644 index 0000000000000000000000000000000000000000..f4100cb60f35b7a8efe86b4de25aec30c48bf70d GIT binary patch literal 83780 zcmdSBgFPArMo+&yGuY&>5%Sjq@}yN8@|Q!yzhO>`OZIZ z{Ot|PYpr#4%sIxGd{LB_Kt{kv00RRR3a4eRL^0>OKPlef_>++II-{F3O>y5z6{L9c?3R?ZiVlUBpQ# z+S)6)Xe*E(I>7Rj+G{P4B8cxQ8TyK^BVh@Oa6yk&iv{PFy~UfOOjCJar3sU3M#PV> zp%Zb4VbZv`xGKJun`dzlXpNA4*zX{C5c;wpKNX7pArLwshr5Tk4pYeYCps7u8Sx4gxQaS>zF=UGalv4)z;ATm z`#uNafA2!vA^tj4Uklz!UTiZq|+luJqOpWdF_NfAe{7>|khbZtG}nV@>>$ufZo9Cr5r#(wBn% z`S;&?8oQeRTavZI|1=9|Amhs&MrH;k#((k#Ugdj9xIRBpzfa z0y?y?Fd79cxRQTvP8>NkF*Pxako_4WI>mQtYGEP!5lQiWVrt>FSQM_S{n{wqt)#`~ z=05smtQyF>a^5gnY?Z zkxG-{J>WSQLGY`f6&ulMV04L};1=G9`2bb=*jXT#-lHcMz*ZP^-?{NHwI6pyv|feb zo6(w~JWi=VgLS4jiwcGl00r*n^Zck@a_L8NtO#XrIhw`qfi@W>7J&d{`~CMPjhBgp z_T{>}PVp?A-GWjkiH_u163&u)E6(Ao0XXfgBnl)%m#{VhJQOdu#tw-e&Fx4zM=52S zps+$)4b{EKZ%ztYV49*uL#?Tf)k=HEQ_6LHyj-s+eN*|d%KcXcuM0y*ec;9VID2eK zuZ?6H82#-?B^k;ZY2;2{B!PkbS{Hn~NbR4b&JfhW?@G&ky^D>5x98g%*KX&N$2>LX zU!>f>epN>|s)s07I1XcyJR$GWsl8hfu5)_5^I=-P zT>7-v?78;+^?ZLUnS{~soRh%g>|!j&2{_E!^`c8QxfJ>sGV*pZgU(N@BwBTbcRCFh zR=h{VKqu2Z+~tu1Lo&V+iO(J;T|M8ypj9IabQ{myH#)$oB$GPZ~YuI1w0pav~V~EGGcrm4I-1}eTy@`HNPLkmq3dp?-0LV(4t z>LaI=Zecz2ygieNB^ArpsQAQUv!tzQjOoS4Rw87;TmI~e$%2hD`dEEB&ST~2<$y;k zU1K@RhEU+Yn&$slOY+AUlkwIkiYPIJ$X(KY!KXE=7tyCTiV)qTV|y@LZ~U7~;r9C7 z=&fSx!SzB*r~D6zN}1GNd$TK<8c?E)x-|%Cg|udc&xxd5xnq2(N&*#`Z}T3MulQBu zC^W0FEQ`x-K_eeUYH#ufxk6S`9E{&lPb$U_#3g*@0o0$EG) zY@;6vk+S_P)ijHFV4(yLUSsC^c$tc1TXX|>FcA?)WMd#v(F&t_R`B^DPfdLOT7S0_ z_Am^Gbq>ucY(M3z5dIFTB+et)G{42EXe#PkuI~dY-0R{{-6#wosd&o95^dL0kbtLT z)T4(iOFC1%!#2w$QZ1W=n#<&@%I`A87FrXkRPB2EG*6pDbjalRW{+$9q-%H+ff&@i zI-6x(xvj2KjE`y>m;9srH!A^@&DuYUNy`ss^!;o6v{3hUcDExu+<_g{onEV^xWG%E zT9nrT40^Au^(hWBnBs`cW2s8F;+EjL@KA5WQOUWQaSlK3oeJf)@ip_B_|&82{ncTC zP2u!YrPVygq014}FgPYw-G;s?$hLYE-)4Jko9`H8%jb5MZ`2nf4ExD;vz!&>L^wnw z%-j3m53{fqPf6Alk26RFAC>RKcPsitQAml%l6Ma?P|U3Y>m4>#-m_>7im_vC75Fw9apACHO1Wp^06@_;s3bWO-eo)%=R)8m5g^;FX`o5rRfT+k73@!Y3!<}zF6JModPupo~DUc_{LC4>CVTsGZU_09F~8C zP|{)fbtPRDJx`56Zb$Xo7j;fWYL!m=*j`_R>$R(0zX&AkPyaYX2?-gI&}kf~G?ux9 zjtDt(!JtaDP0g2D?@1dCLc}4DcS{*fW1rW|;Np$iDR-bvC;x)ce_2j&cDZn9zwX3~37S2?U##Pd1y0Nz6?C~H9#Ta_p4XKUe`81?K zRQ0E}=HvVuxOrk{)|MO9A~jZl+r@<{rsL-O(yfUaE8fU+rCRIp9AQyafw>xU`u&-* z8NL_+T`t8>HCD@C8PC($e-5S(r^_@tA6ulni>DeqS?%2D{UM0A$y?h1lSrdFN9`BF zzBHs+CELi5{Dv~(*U=UmW3y6T%T%)SIp^|k$E{RzAJ3=jVd`~;L~4=x6NtN$0Qs|! zA9;x#3VbAxuqbSdoyD=!i#-*~9#;oRTQ)5}7=1jBqKCCU;H5Je_+RYL_hw;F8V9CY zrC2UViAUg;Znxh3%w9R4*0R}mhs~(oo-Wm5Je+T3ydM$*FXgQRtuO?g>9Tp@UZdnI z<;~<|uBb^G9wW7Y8eT^|aKa6cMf3TKHb;RcO?*Z+gf(F=)<;8Br|k2C zgq`f}*9{QSD3m80#xd@!!nh73j1a=3voSf8`HAg~1d;O~%q;p* z?aeQ@u4_&WgRQULk9TLCsDfRZS4pv|)9uz*2ea;|>v&)GZTH`4l;^lf42^s2z&nfz zGf8GM8wT^;A5?wr@9~{$2)g~8CzsB#d%k-)qc_9GB(z*^5YTkefoR{#EF#=5A>fL0 z?*R*9JCZPCtu7H1zQtkC#x>}H2uQCq9{k+e=@kqP2E#}lUuK`Du-?)RYtRlqAYd|j z`Zk1@0Lmh?4Y}%JC7?lH=u`Lf#M2fhe2mZq{Ck-(5Sv*{3tEosz4DczR{!(aAmheQ zx7{^ps7**zIoe2FEApwI>a2no{e{i$1J&6+%3`2_?Y*fYquDd8&jxFTo@(=PXDLBX1Jp)#jd3P(95d`Y37`Ku)dzVbNJB{pTGh?i0QUPnq zHTrc<%UZU;+6fL?gMX)1T(?beeOzJK`#lad`?1I5q{^XJes`v-ezT$=8O?j0k@8<+J^C2e4V#dwb5Kz6Vo7GN;fRXF&=c0^)N+CR+3gM5D6km4iazQHNNZfhd%$NR`QX>Xotysf@eVv zKFr~W&&?>LVvlDtuTpZtu(SC_X=ADn#W?zwZmi11?%d8S;s5Lr+kyUGHs2x%?ebM*$ zLU2krXB&*et3OYDO#GwZ?)hSmC8(8Xr6=#Js-BH4^E%%Nm6&JyJZT1!-=(n_{0?fz zglS@SGXE0e%H|_v=R4&A9H>8YgjS<|2&MW9X$G%B0-MbzBu`@8opu_OZo&WvUfT;N zU9!ao$U&Mc9aO=G@&^AldxY*K6@BDVrMzI8-*r)VFhx6Lbkl~DMd}KP`PtrgQi+~7 z-wd%)_OY2T0$cpR5fW&I994@ol-A|41$0b*tyrK4YprpIfuDV@;s!Tq%1IHf59lTu zNFfX))}fB*Bk+O_D^PW3ui(Adp3(D}I@3tTpCs|28*a*tWG;eCN*V4D+GS>yf!D0H z&RpuW9ri~@@=m!G(^}E>W3j>VswPR$wT0oNeVU`zYw`Rk+X)9Pw#2X!w1y%E3gZ}9 zSLm<3g*uBAKnkW7+=Kf@;5Cdepz}kS;t=O)AhIPW^(!z*XX~3frP~W@aa#PeKdgdc1 zXYyD(;M9+Gk z;+2n6J$v}6DlGYNTOM;vxw^#g{rYaxC%WFL+(qdp#u4$m;~Q6`(5xv+GT-|p7bU9e z{;(;|VEj=T7Br#A^c8J3gs(%mKZGEmaEP5j6OB4Ig~DvHVc3d+GRw~Mk%-SIbdqVB zLDtGpKZV(ll9gJA92S-6H}!r5dOVL4{;#%GD7y1ZUGtt65tKy9YD#Rr|Fo*%xAd4xAP{4xFw_KcDZ^(-~0 zI9KuPG*SRThL?4(hw7zU(RrQn@a8+4jL#Ri+<}CT8yx_PSDcFzXRFZRUl_MrR9znYo^y(WNxAmt^eoI)k(0!RV!JC8uJf3JE*0?LqH8+flH`UB06u(P% zXls1P_yz({_m0aJ;4JRh>kM*`DmJG$_`9&36B(o4AZ?iX_?@n{3-zFE&p_ zcJHz5v#~CA7S}D4GBFYD{5PR1#;AUYOUZ9p7&+=_^iK>omDZn8{IJHuRQv!pL7pEO zQIXi6?}Q})iwNQyRzTHvgaw`Ql{x9;k<4$xkLnw|>qp=eaQ5rs`cZPd(V&Tw>7U^s z*Eb)#cRGT!!ucUfcrmS!f>&Tvi%gJruawliQlC9k`tctRYu%3~6g+kZajeamvF6nz zx1V4;=#7&Z_2Ql*l)>8PuxVYt@_w^vE&GuAmP_9^f$_RHbv13R>8)w6B42S?B`XFs zf6BX#Dj2VsnKnqf692u3<3n5o0=g8%xEKZjE?DR{+r+k1z9JAf8T~!RLp0qjBfRH+ zuQ*46&irG`7LI@HiNvye^@u9|wDW2cSY>8&i>KC4IkuCV&lluqbOT zu$Ix^UI2qYpt%b+Mij#vV1{|S6K`fZgyx4c*Ey2=r~34;Eb@1O>(VF1a8#HiChweR zQq(#dgOe4xHiVfIVUQ@OqSXp?8WCbzt<$>YhTK|mN!SZ)jQcVXZ_rAm70+TB_SOzM z;S9SApu3kUy8xtr(~`?O9t{3{cH3c^5$1U1fcNd$=B4rcq=x+bFN;EN7gwd8#I`u- zB6NZB4=chPhCQ-gbsgOsoUE6o&=Zj<4Z$FHSXNxuy&t5?rP|ycn)J;#75z8gK8Ck6 zhbFJh+tf0Z(#RQY^u0L~E|l*vtx1@{`4WktwS3D;$>Om}6+ii|RQ%7UDwRW0|7gMb zRcUgZQu6o*H`0$Wp55{X+t2EbT8VS?9N=&A<2yP z!4;@*a+qX!XsiGRYI#MX957(rYYnl@;i1|XWNfeGf^QDpTDCb+)7M=!*=Yuh2WC3v zWB{m-#3J^p#o>Mvs~5G>3hd?|nk~Cs2;+H}Qtm5nrz9$#-V|=%U-*}8&C#91O{!s zI=`3Xfir@k&;k8(@RkypP(1%G)Bpz&M;XJu27*Ao$(%5 zvpsc8vBTGW6Pm-ze%PHTO#Ow{{NY`QhddD|i6Rm$Nbrv}hQBwI1*hjjCWMS2rV6#* z$uZwx?e{!4GUf`18Vt8QhmTAgX$Cyop-72*qGu8(fI&2>YlZ`!kGnMo+e^9kjiQrh>A&9he?d|P`PRmVG5I?dFr&J+sg?f zgH~+r?*s~fG@smlJ^Kp{K7Oy-mA^98L>UU(P1Vm;J3m zI|#1-b|3K#g!}EA#FiC`hO7=R2t>g-RO!#9+Vzt^qg+tv?iKe=wJRZTaLfG%!x$-e zD>*6yKJZbMAAvy(^30(zm^inYok#R@Vp`#jFol*6G?cZVYt}2F3~>J&k4fji+c9LbSz>R9xgLgPFzo`&Bm0U zu3O8TOfzj-2@mBvl3LZv6gC~!5dwwRJAx1|c$}Zwdz1gv5vfkC;D|8n2o3afTS8*D z`=LI4At-)u7EnPyR zb-)C{O2f63j55y+2*`M5!kP}^hgBU8!bRUG&heFe=V&tJKCsz#GQ9)5pWuB_;G}T! zJK|&24{ZBsnJD37_XfKP%xr(z=UHdbJ*W6nJEZ_xd3VR!O~TC%V#^++ZpvZ1;AY2~ z>p_W4q>Q38^GP6tCA4vO8`waLv31$(ao-#qq~?%O8;y;QX$&?DYWWo`scmiLw1dy; z8x%;zV$L>Le+RXU#}U1H=5$|{HGy{6O&65Dv15nSYuX6g8#eY)!=bu>qD6j$-Fy7E zvu7vi0LE_%@nuMqn8|drZK8>cWR(YECJHd&-}iy0I>SL~kcC(bB01@T#m{*v!oE|O zNt_u~h!suUk%JC{s6qV|h@2Zsm|x>qW=p!WNBGLLWk{1nR3vLAzkIVC2}R0Sh2XC7 zK5&)vK)}w<;=9dGjgrS{M_ppomi6x32BCT&P3khKd25LJWO49|#F=4e{DQ#Ji2jY^ zdFcmWnGr$bn=@Fjj8;txhK3}ho}Oc-V`Yl!g&I9AXMU)(2|n9AP&V5c=Hkvs*TE`< zPpq<4lE(^y?7W5##G)a{>c(&E+F_AcO(K@XQfe0JLfS!1p1(-w;!cWSM}=UaIUa>t zm0&aozt-_4g7mieC%Vs}-oAOpse%W~;3ORmu zP?dGMcIG0oi};;v4#Ub!M=@9HIHg+2@%#cCwTg{8-1PYh8++R`kwE(-LUj3*vMz+r zbki2)_C9Q#o-m6H@T@Z0bn~@M}YTh=IB$qW_WE)UOW42TU4kl{2Y}Zqn zlNxp_SYod%v1P*=IGy?+tvrXbLsCV2f;Gl?TC<869MZCBCJbaph$8Jo-v2?WfR~)8 zT{(WxAEim~YimSr#bpI!`B#9lpKy*UO!3<1L{kmK3N+RNX?5*M!~uS~+j8gJ1zT0$ zbSQ0>ax6NE&rtsLjPFYdkmO!SNMSmgE57NNuCq8%(TBz+^8P7PcdM`uJUrG%etrmNoZ=@TnMO_$(NOxjBAUb1 zIpA4nvH)QamxJ= zliK`#Pa;&Q=;Cx`daN55w`4f`**>f#UN zz$={T7WX$xEA$p4XOTkB!k5`y@H?uFnO>E0<8_7fa>T>z9eWY}{1LMr?J zGRs0nP-bJ%5ol$AwfQgEEQE%>B5)`C$Bd5UuT;Pu75Bw{?1MYyd6f!90#5UPe>lwB zD9|O)qkPp5eQ=8Z*9HPv1V;9dzHYY>FdP!%p);@gofrk!ngr$J4QRE;%{LiZSr#epn^?yAYqW-!8)IcigfQjMPSIKRH zz_>l#p3uA=O^TP%oVBE5dzE}cB_y^i2-2l^)www@eU30(<8|+RYrZ#0-6hE-tdPa` zj)2ork_-Bi)W4J07iuj*$Y1>;z4bOYf{?cdc@@CPm5*jCS!`FpuIq1j{!|z?%BHe# zPgn8!JT(Od>wdX(%!HS}zcqC`Zg%P3wC7ehPx))ktT0f-tYAGBsh14^+5)U+fHKPO zp10{&QNW7ju$o)Kl7palP96WY@%wA1-N)>L;k5pU)GBhN-1l~As2G1w9Z6iMPsKag z{2m-DY40hDO>-4*mThL#SWHLg^saWvq~gf!VCx-s;~q|XL6wHRC@)O!{X-BU$=Px1 z^FSm4=LP;*2;v}M{Y60Yf8elLqAOI$b`Gh9H83y$3?T+5Ct-Z0Sd~Kg{<&Wk#sJNI zWJV?bHW`CTzRritYe+VSF9d~f{QUXhJo@4BdihOq{&-4I3|1GaG zorw0+-vX4nbEvqUYB&I-PXI&-d%b!e0d5$>Gl@=fjWK1$LUGdL@_>XYB2K`3+(;^w z`7K{zlmOqCv=x|aenPtdaH zG~1u1kK=Lr%nfKj=sq^Rhc#&VbHex6>JWNB53LY;PS*2|6%K&;fqq=Hqj>TL#vqT( zus0$W8WFpXb2%c;ad*5v-nZlF>HaX^WcVWlv|InUF~oHi7Hv{vr_e0@Ll;J+cc=I} z^_HeAy$a8IBwQv%wK7fGOo5x<30}qX{NG)Um*VI&Su{;L=yYmi2NLLM1s^ZsdHMBV zadCzELs%m0WwXwjA3pCPQq+xEl=X{pI}8AZbi(t~J>Yrc(eZnD(Tob*7Z+>POUDO7 zMDYlb(n5}V7Rcgh)_?xBRb{^^eS1DC$bM9tCoZ*4DYucVXKI$2&S6!so#~^fMtw`j z<2+fJTRJMJCp<@xqCN9;lqcb;o$ zlGT=b7N46 zX%^%bNpvPL%zBGHq((=lhNp4epKn{PmpqJj$G<_~5NY%$6Hwq=i}QP2#r4Ni_QPiK z{8ZL?+REu9OZ6T6UA|hBcC;QX$nZkeT55n=^5jiamc$Toe(s~}rISgZjM7zmQqS*~ zajG%wPMF5b==#WUw-NSAAM!Yn_dZ@Dj{7-*tX$W{Q}Q`k$zR~;9|V)4sQlzo@jb5g zeI|o8e{Jx78pLR{bE&FVC1(igM3R=&x02hNKUFCX+*2HPe(Uy_rV)#UVRxIa4`3W! z3mEnwJz71tk=jrc+S%ESK&(7;M)Q4Ql$kEpyu2Am9Q%l=^5@Fz8|3!I36^Ke^Uw7}0Q$P~HqBi1bQ6;8S*G#_JMkGKi1-F8@zvX6V$ z{&Y#YozfnoP0N_!1tAlznyREmg(p&JQyVy2ww%R;CI9v)(u@B^Zqw9hsoz4--2S^=s2X%hf z8}l!Z7E^J#UxYI35i)0KN89kn_jc!w3 z{;ovkgta%h3%UEaTe#O7y|2L(9@O+l0ffHDLVUzhg?5wZ?zCyXzElm67Q3H{@6b$V znF(H4z*NC!7q>C$M`VJ@87AA__7Q%y47&qvPs5dQK-uz6wK9LQSV_kPhsF?lU-@sF z10BWh{g&XjC9G!}to!vsxpXz0s2&(yjWs_Qb8)e9jmwSxXUC%c?>EJUKAy$&<)v(W ztPRF(Lml1WIF7cf9~PRYAQzaJI*LU;Kv|aGqt-A-eqQ*#(OLeF!3A85k=f2r-;EUs z7`_r_wk=8#PwTiG$;%dF{nhbc@K88_h1EW#OGp1Y`8{CK38mnM{$=C<_HsC2FRy%N zOiFr{3_%JQUc|CUuZ5fKVn7zQzi?z^UfGJ^FZMDTCCn>1sNc#<7Ikys-(H(^zJR@q z3Wovtsx3mcFIi|Gc8|aIYJ{NT+!22{?W@@ox<$RJpd>N)8*1&k^3ic}d%RP(M4Z2e z1-SN)1JiNw|9{WerB06wdgWk%KLb9){dQ;3-&5kn@b?!VYqj4D%iwcUF4b+uPsqXe z^i@<;)Ofb?8#*?25?XjK%in$6F4l5nK2Nsa*no}C6q(5LMA&7H(|RF>Od?7WIJwBh!V=B^^+?~UXb8DQ zjpf;IQPh4w@w2frMwYg<+8MH$<#81IBD#E#NoIgIL5-tQC=IizH0r0m` zLjpj=3EBm3fu>+?{4yOSl7lqA$FMOE3D%7T!~l{UDjXZ|++KIp4V3Nt@46DOT9xEY zaUY&$CTU%=761{7noG@h&Viuzv8=_$Z@<@r68w;T&v~5>V#@btDD<8l;uv&z>aC+X zJFLxg(5X;B=Zkf3C;`JgX}vc}D(e1N-I^m3z>dhtH~h~Q8(p$}W36xqdg9&U$fXV_ zUdWt(PLVD$zxNDe6|vbW{Wf#eKPb7a7r5{M=?C4Hf=blx$`Ac%)UgVN-oHn{na=U{1IW&&}u&DNh zevbDSyR_*X)(I}lUJ|2*`rwGyb*C8Qa%pViUqwB*4Ka^0#rs26+?Tx{jQ~Twa-Mqf z=H(pOUH0+Sy?$7ywF)e{JCjicVAuF-5C3+dL>$^di?UV*Q5e*yn4!^$0vW(8+gLwZ zG~OD*d+`GZp*-)*ZGLDLB?Z%K=GOhMB`uXmlbE$XQJbAWt1b`ADTmKF?SOk=#1fFM zS!I&$H(>q4YK>8^LK)W3)_l)w@4gr0V}}2I9+9z$SkH4-0+vVc;iNg@Zi}Elkv7?K zxkYFHX^3^S53ZBjZjGG9^QL@0Mg8Z8cOp7B0e|g3#944cW6?h{xE*>fH{ul-@LbM*OWWs*PDDb>sjQ!96$Up_Iym^r0~jlplQy9V>3+F^&lMKvzg@-0p#n# zWsy!%fyF>VKgYY7{4W^n2TRQ!I^XYaPS}f9Z8~pCL?gsMc{{fzvEH0!P`q+epG8QBfrvvL74q$noUm?o=gWw*mUC*1fDd~ z*sXHIKdgQp2kc{($K>5KLb|nyLWTGSr@f!FNX2u4a+x%?&r;a}&E6TCmA&&d)~fri zPY}1pmwQt$x=BO+(V{9e4y1t?Mm+&1)gOSoHp}{V`PYUEzQ>D+JCDJwVUD_c-pcA1 zJ$5GY&cdxIGbHwH^|k5R;1o1sOgI)T<%^_u_MK^JK6@3i?aXYePb+WhoYUU-M&yME z{l#8c1Z_JeNU+*GU~=KlWbOBmf{tJ|qs&lNq^n)WNPlP@WBGY}$bJ7M|NR&AIcr+= zQb!ooBkJvcjr~><=^--m9?;*LsGSIL&wpf&&;qxLJ6`am!m|>8b|edAQ(u&G4Y=1a zr}ZEnqfknf5_fiP$CI49Y0)3UpRo_IIT`2_MS2x(rsw**(uX_ULF}~F zb!@bsM32uv=|d{x0mPLwI4ESdczv^rrvwz)rcPglv&s{mE6n3(H!0t{thM_u1IO6+ zd*qQ4W^3{1`@4PLFxcd`fg!x|SqpAWJ${V}fGWhe^4)|#G@@g{3b6Ub0BV2f#RjM5 z9=oiI-UYm<-oIz!sp!j0)W&92{W-~E*i)ulCGNx=Znv44L_c|l%!x@092jGr2v{^} zhm@Tq=QCv?{X1jJ1Bh6(eXQSPq<&8R_y$m<_(!o4L~jl-Rchs}s^S$;>t8(MlbElc zZ_88~lTx5t{0Y5mi6Ay{L9`==9wRfgt<`{Ho7n6AA~w3gDS5KM^SJ3eDlo;bmwLSj z^@r6!$n!_7h7VFzBP%(RWy?aqu12lH<1+2gEV%EbRnsyM+_dCgRL`eV9qPD$6^p0n zIMp8gBelR_y`BH3WNhx4cVmrm%@8X~j*ri-iSu211Y}q61c=Dzf%zJ4Ap2DZ2oX=$ z%tQ=UeiFQ;?Lp-;EQok>6)cfeZY_#O#C>M*PNl{&@DnkSwB(fPzs4;GDFGy z6zq1nsrOv9xf89_LzLVX`ME#$L{G=m@rl2GD`tKvzki-TkM%Mf^-Lf!?1?z?y7%g4 zZbUUF(jYLnp1H=FK5r7-$}+eGh^v3#c;X{CsG!{AvO9p;jB)B|Hj1;GYS%pi;wt`z zNWo)q8GD*l&`$Mqmp$`RO$1jPzkE15{vgVv_t%4dP*TKZ^ml(ap8+#yvUwq%LMDlL zwNml#rjy$i!aOxR|k55H>Lh5W$v>rWIuT z+PA?4l0l-r5wGb4_*lS~3j9Muhw-m5_HzEcP!hNhMvkuGm60l_09 zCmIhXNo#0mK)fRie}e;se%E{g#J>yz0Xo%t2k}cDV0FNrxpd#1Zd#_-%3!t+SnIdQ z+irHw?rHNB)4u+9T0k4lw*OxO} z{0wLG^#n!5B$-ZE-sAL#)HA>~uvjNAFknBE-)26goyIv$qtLil@tDz5EaT=*nBEs(z@FyQ{ho6_(J>2O~E7Dq7D{3ZC`zIis zxfD*hz%eA#dA`BO&=okDs81p@@TG=L4dg^BBZdb~FVqNXZs$DYZ7$U`2uG+vvm z1)pa~zxSv=nc(XQ=_CQ2=aP38hYkWJwZ1~{-8Imaxhk=_V%bTJzZAq1dv|PF69IgD z0HBZQfen@dhzN`asEEGp>`Uy0!EDcQ(fEVY{@y#_Tm_f~L-En7qlyv zbH3-B^`kczB(g(>?v06ML9GELiOyFqxLzq?KkgA z+U+uoI^G*bw&|FTp(Y?D_yg=qe-t6_Mi?Fx7qs;8$8(4ic2(GY%8o$oI^q=h&Qrh` zUzBR&fr9>>Y&@fWhnsJ?)TF6n#8-%^kjX<~F;fbJ?(mW^!Yau@It8*n=l(z(fM!_Q zb3UA#f`j}H_`$e?9mdG0$wW44A2cu(w|t&%B|1r?RNBmj_onQD6}WAFU12&aA|kRd zqc|e?bR&B5yQhkyph?b~+`@L4BZ4>a6_u>Mag|)PVHJy);YR!Bh z=U`PH4GcI*HDDRF;bP?oI0v%$8!vgz%GF3TGHe$SV7}K`!~U#2Yt3~MyF=4RQFOV` zNl%jNJSRA4$8~z&AUQEH9&pCHe>BVRGzWg#vd%V(jW< zMY3#KoLQa8b6F-XEz}TD+NCv9x$qgaC$qZu6mOMS_I=Cm{yy?+gt+^@%YxV6!rU;(_N$9NdFW^kxH$E+ zlQx>ky#8JC;I$kg$y<5-h4r~uvvL3kXzB-~m$q5c>$|P8$$*(A{cRwT!t3q=aLQpz zW&lpk8Zn(u3}JVyst^ezuvTM1LV|Pg_O2g@Vkyps1$my-*p6U49cg)hd@H43W=>YYRyL7xIMUY=Szm4v(MFyyZy9|_s-Qj*hbDCNpvSJ zhSsB=IZ&e;rC@V z?sMk{FijN7HPX}P74NWX*Me9tx9wP~C)%ikGG(?jZbOZiXe=A#84 za*|IXxg+Hqg!W~J({p_2cK9afMOYT29TmAB^TWWc{F9isxy0*nF zcKa?k?eQ9M*Lz{mT=PBSqg4VGa+UiOjSF8OB&6r@Y?VY=-m_dLk81R3FZECNMI_IQ zw`aY*Tajn@VoE;q4rUm6LJbqPL@DOFa-&!0Kzwq2Fe<3vaj1!SL0E|@f4xYj>6fU{ zHNwD5jU2%+$f?I>urtZ4Bk=Ty#g*u0?_3;jf-MrgP|5k|&)3#M+0?ZW#M`gK#DLV> z;RQ-4Bhm9jgZ(tW4`4crc6Q6D$$7fhml~f12TN6;Xejo-^C7V9!O-noaa?Mhx84Rxb2=(%j=b^Cd z5kY$JIe};HxcZ5w#M^4Dfk@NF!_n{CjmJ%S+lS}lNOU?o3ZaHbEF;C2e~>=2(Jv67 zEfm(74y`Eo+}{Uyz%(hLHAIh2DfuA@iqfuJe8#-Cs+BvprF=$hOz$m#uRSo!xc|#-m+C(FF33H13?pP$Yt|Gtp zsgKW|O-8TjSDd&(a`g5e;;7#QjI^m4Vr5! zw;%5?j#CnXkP+-0-+QngUkD|KLyYs6@CuRLfq3oQT%weA+n+>D~4J0c>ImqLYzy(OeBy z4cu1Rydw>x1z72esqo zBB?(t1k36;Fk(Gtd5p?kej42!8VnblnA+4)OI=l#99C6e(?K=7UUvy7BQZ4y zT)A>X3C%QJeZ51~W_8mgT0c61VX1X%Oz`zOqX>A_%I0xyf-m3pFL?4yZKIi2iL0K?pab)(eyb@&-1CCB?LVfXVRv1xTR#N4`hc! z|1p0?5yms(m;C5@H?**iDE$%p4G#X@0P=d>qw%2#NfH8RTJrT z2}F^%OeUl2mX@{5{SK-WjzK+ZYnw!v!!`J=0BClL5mHpuEIqzvii(U_;Fgy|qUnvo zFKk}{VnkLTc)Fw_!@QALV8G7<3j(|42un-;-f9ra5F8VTsS|pBN`t-AB)68lFhKT59e0{cx`+&I&y`C4}iU=`fTsc2`<;{Ed*e zW4^rw@lmJtI%arz#>;GfXWuLL#Pi{_U?-rWkTl%1i*xy5RDxy+3n2Ped{GmOs(*08 zZ?uTj=d|iGMRA;94)z1Gq@w_Ug0s-8H2?G9)y!+@ftO4*OyD(^eWQG#et@d9>9R4f zzID51Pe1FS>vJrKm9;ce6xBGQjQ~PI(eakW+M=D26(Upo{go?P%ViwPezRdvW9yO! z2HGdH?w|n|zrY|28R^(CYqKg$0MjAA-qXi*Nz&nbES!Nge#Jd^nM1vVxsm-Ry+yL7 zkA?ShM&tj--CIS))wEr^3GVJL!QCAK1PB%&cyNc{1P$&E!Cit|@C5fD!Gl9^4em6~ zF5d5X_x_%J_MiSojM1aJ2VJXHRjql?dEI+u7neEd#Vpi`9w=HG@ZOz zn?G4{vJw@+?RBXRJVxO-%v#FDK70?DqBMWm9#9B52P(6K%w{Um`bamLLA+k4PPf&x z=9aJyld!sKpdbWmARx}Fc-fsMO^N?AhR~&Oo8(;(;wtBTLTp01U-VhS=dZ~kA z2`fk$aqSZjHLA+l?;#P2`D8Yu315s$#&cU44oTT8JSUaj7b#d3>2nQOn|}-P__B*r zE0mA{?+S?o`tg_s}!LJMvO!@gJot@-Q9O^I}xG}z(xZs z8QUggKacj?(LiOYXtFChgL`_{=*044Og`fYPd_);UUSdEo+*ySF9V8>3SK+J0cwCC z7+m7gbCAiNgGHJ=-5tT<5p|HFS1+sg?7B7IkT$`Q^EmBg#7c5KolUXT*7w;p8{yJx zb_U@V5Aml8-5aS5_zW%Jh$)987ZYQyOV8}ASWhoB3hRAw`|#t-WM5Wp(#@gb@Q~bi zUoaAGJebi$=GL#un;;{dvU;jEnbOhv2~(w$skP?gPL&*M6z$pAykzas0j0KQeZ=;1 zK;oTzuU@CEO}yy3c)Zx1EU?RJzWsAUH`Per+v|;;)c(F!je!O0$o5)Ua@ExgZZ$wE z`BL9QD%!}2oSC^wWq zUkjD&L|FTESPH+&)YR92?WWp=#f>4&ibVfFxP6fYpaUR`;pt?*KK?_*^RWyWBO4MI zUUk>0(`wtt!t%vUrq0~n@@_)_k2LM9pFuXAKdwMA?TrHpKG}VCv%uovcd1h5J$){l zUPo<@)qu`f-^nk$4)8KY&0r;X=qntUs$8p9Y{ltAaS$W*FuUlzMm%qkcL>DfN1z4AKs8A11Ot4fp{ zsy}jQ)WPeX_GJuA98UYt(@Bb8jU6HCP<3DX5XHQNPu0X#@P*ud27L`X52i?u=4bpJ zJvNT??xV-v$aoU4E6Q6hHC(Mo>ApgvnTQ#R4!|N zZvkIT{5aFs+dl@kmr>n_H0Yx(t@rhFN z**a8TQ@b!E+HrUr<8{+L6yir1O+}#IMbR@Dp0L&e?9LoL*%S86j2Af7g6BQ;gL^x+JKX*03>*uJ1bO+(M^j8wYr}O1~Ekae?)e)+YFt3QAw?Mjp%dnTgIg` z=o9cr&d8t4LlOsWg^wKRY5FEu0K{iom7~TMCHRj3|B#ti9h+YBrBheu7!uq=A7inY zw+Nk$mY1is1q$tN`xE2u>-+i~w}qMvmab>j0WYyO?axtKKF$oj&U_fu@gW-600Qb` zzC~`XyWID^>8a2qt!o!s%-heWSiK^FO|#@bubywb08-`QgF-Z|-^HCf>DnE}fAW9~ z-H=2q_dRWC;*w}|CmuEIGeB1@Jx;wOjzXL+Q%?bF+1qEXPiE6vAd(x!Cqr|TsJIQ- z9R?noxgW6=Y_lAJr7yPy=GwjCyS()}e4t1Eq~&&ezL6(C&U<}qu?b1-uN&8f6SI&O7U2H^N)rF) zFiPnf475V=9Bzwl@z;~B@|p8_QfoA#IPxXxeL(~-Lz0xPETOqL)9 zpJYfBr{#&E+u{J4aJIKkpiHtT9vY9`;v4B05=wICy;nd2kGGkxD|KXd-mYP*UTq^H9pG7aSn9AG%(~9P|yP1d(so;11E+pvvu;wj7TqCy3I#N+Q-!r+w z?&h?4gAp6L(E=t6j3d5kowfqhx#$N&av8Is?>Sz zT;-w9?`6O|#ht^7<(ZQlUY+4V=cD(Ls&9I4X7;+;`k`UzbH2%Nk8tLk4=*g5Q0U#a zI2N7OZ!OC8e8^*iNo-Z(BNvq)?rSVZB05|he@L2o&lllm9fMhq2Wu?0dsakdkl|Ta zMmS*jqc0*&Vp{TUy{}u2xw%#EvF#yoBdTgAh&s%4Bwf)r54}4bxk~{G&rq{cP1{#y zXY6Rnb5Ua*NSGh7<`q^Np!5H3rrc~B5_5^qtlJKSv?F8_Y#z7_>gyJ7BHq0FJ^Bjr`rSDK7&|;XNvc$j5;z2HnmBqk&S_$}G@k{ku-UV%*cCew5 z3YXLgV6vu?6A(z=JdWG^Mv!MW|Csr{)g5uZ)+O>hk(sZq%at8h+n~}g+kfumHe_Yz z7l=!l_6=)ePIRODUPdr``$Fn0q(?1KU5O>UISgx{M@GzN3W7@Qz2qs56G{>pItX(K zW?8!^kf8!!m^UM(?wBe3WP~i67ejl$XZqz@ZW%WxHHvO$Sl-9du@KSjy&aw-&; z>~$vBO4&vMgFuV+Wr)ss(qGc5b}DixL}_^A6&9>?YH+f7)g9 zRtTjQQz+i~mDNv5$Y!uuZN8R#B5AMp+C~plgq=teZ;5J(Pc|FeDLL^_|pDNIo(opfIsJl!U2O8ck9rSMW!FR{$6+c=gRBA zS^1UKH4qLxuELxGqTbX=-S%g(MSGt!MJ3hCS`$1ID*f8828pfSNSki}wm zaE~5dwJr6cjNw}EjL(+{zPoHLuiXB>ljh&P9JO;yT~OAmQkrbV%K9j!`Xex3N)Dg* z98p~kT{yUrCYHZj`n+JFQKe6#Uao%rVXCp+zSVq>-zo>2E~oQB~usxM#=3 z*$}74*{d#}n@0H6JVa~8iXm`3jeE8?^u-bvkD=A$>i#+DVAHpqdJ8}H*I-VP+$&e% zt6~S=6EW<)NRk&0@&oc%!+f3jZry0bC*{K5c=HAZ(gYXU!zGsoza`l{qjo}yugk$B z(!`GjlQr?G<4?NbTk@)7ft3|v&39iU^>IhRw zyQ5$ptDqJ{ImOAlT41aU-RSCArQz>fe@qaH(L%m)k$N5+i@qihx{FFZIdTXTSKqDvS3V17I4VYa#M59hSig~{!%=Kq>F zwd|_t+UGrFMvji)Z) zc~BE@CL5c*w{DDwgml#)W`!ecKRNbW5jwdhv2O|CN%$wDxc}6Mrgu%T7a%X~ixED9 z64bp;;=lX&x}U7}YLuDEKJ4&Z8^C~)_-VvwolWX;udDm{&J!yeQDKKs;4Kll>XhqM zXPR>R{f$eA`PG5;S?w;dgUNiWSsmQ&Vqv6VI{D-`vmxR9N{Xdsw-k#U)Ew>C4_?#1 z(?Ugfzg~{_`EPlTq)(@_G4HACf0nJHYuhFNFrU~_t+M{b&&Zo{TflKIq52YqMb4%&iM-BZFEpbS)k{M0}Z43_-&&Mfc*wVO~MR0m& z%|2YMV*7K!41Yh<{0i;BaieN1BlzmpsrSL(GuIOm>(U1oXnG%FFLWiJ%$njA~*2+~@#P-a$vbJfbqgUxwggM~gnd^z{B5CK9uY#!&QZ3S=E z1=rdYgnh+4rzM@oQEqC_9R40Sr>HJ%FE)g2#AYO@nnGS?lRIdCvv$TIkf!oo+*}yyM9>-Z!y(JtmLoBg2PkLOD)~ zpBXMyY&UvcLg$L+Z>WiNU~CL~W5h>RFKN2|%_c067wMH~Hx+6ktjihBfrFoQT+L+^ z{=l)$q3hD+q>`$O8{8NvZgpfpgA+LPy1=gt{A_IcYsZqO^t@BR8$2I{ z5{`8a?jasy!qtIjuH}vqDxdSba;Vxnc7nLPNj3xw&8vl#WOf@qS)g8EZ)mJ?`6!%8 zwwU1475ibjqH|QzjZTWjZk)BBrtOX(|8;xJZjo++450~euWiVWhgRpKw?oGb+-f@C z)mkjK?`<*t=OD7M>;nigl2`%Po;h!dz1ol1>dkTk9{p{tezW?^DIDpH2~)M8p9o73 z3(}0c!DplY_NLS4)7dsGCOyd9V4#zz+(qNh-Z|bp?y-w7$81`_P;KU*USn;2`k9LU)#y zFon&&&g4`ZZ(9l~`NaxdGE9do#b=nK=HABNJ)K%LvMQ5aEY1J2U1<*cErt1WM3hjh?@GK=fpGtcx>JIc**%2j?kPXj>b+iO3Xe5j7hb_! z-TgZxJlgEr<3wR&yljtKv*lk-9LEk&b5iC{?GMe+VGS<)j$MeN2Pd+9`hWe8ZZYw< z4AWn&MuOkbJ^%t$Z{7hv$YvBl!2dGY0Hb(JXBH0|94RZ_|4#pb*8`u8@s@PS@&9^z z-m{B7(Sd{gUltD-_-D)g?{~~J|9bgNIQS0wHDkknIX@84o^zP_Sz2=cdN~XWe1}SR zZ|A>#DI~xT0xu&}llbqKX~1{n2Sxh-+pfa@Y_5-SHD>tt%W~j5WDxP8|LrMp0C8V( zlEa_x|Ly8Yd=9i?vBLe!h3>yf0Zcvo3*m*Y{w zf8_*Jo)ZCbjRgN^1C218DInQS%EPE{_)K7a_HTgbr2T2ULA80UV-MUG2mpoqm7RbG zbIa>*IzM1=mJM=ohf;=srQiV;F~a)U)5$si!!{!slCnE#29#uR6<56fUe;F3MsVPW zr->LM9!X!;m<86xB%s!{9SSSG$?CkYnlwFG6<3KRh$di7kq<#7X6zWrCXJr+mum95 zsRecv(dte|9L6HExoXEiCqYmgd`)u?;u@>X0wEEP;n@9K&z=&1orFoWmq2sA7{D~E z1!-26?Wvq1ps+w6S;jqA@MnRcCEv_&`+qKSm;7p_>IIvAEB#l^s^u9fkoQbxlKz_i z#V?`rA6l*1)*$ZaYpKx3gA#gwDgK#4BkJETKesc)7T*R@jKKo zO8;DW5Da$9$~*38Zm866aaCOXQ4QSQ{^}D9)s=R@Q1HWUiBYps*U>-_L=j0iG{go# zO??xT`;V+g1FNgq+uA)Lb~{#z`ygBEv?dWo2K?o+7;r}n7+O`1q#Eygql<@8?+0BNK8vVxJkd&Q582l-9{*Vbg6~ZAX)* z-}`Io2yzP|Zqq1mj;#RHit4-W&X1mm9Kb8!e&Sc5-L?=kUyO1QaI;|(2*yHlKm3B? z$MUGtU)X*gI&5FFlUdrg=fF;2258by<@OW-PWj%zS+L2)@BVf4?VpH_N9aB!Tn4K7 zPn*?Um&DL^jh(q{c^x|874LX6AFedWcDw`b<6;vS))#z2Om^D#s`M~tQuxnNP*JCM z0?)IdR5v#iTc=+>!0bp$NWfIAe%@+rI8o?+cq!ntdHiQ@hlTtZo$wz|pAwX;h|<09 zHEQAan+$uTihGU6xmGEVKPZb({lok1ax2mr_>PktH|PeS(S<4g1KhkiN&-IWV$lr| z&&&9Q@B4GFE6lo1A_DJChs$Q<|NV`woCZa0=iQ4;^=meG2tBy4i_l z8pg;U4;=(Z>Nw-xh+nYhXDc8}TNKXS7fs9td{6P=*d3~3>&-6vgGyo#uK>R^fvx=> zX!&VWIlePO6567BGm6iC%;N^@a-_>MT&At|yCYSaANosz=_?UQ#>{_=mGOPL8V4WI<_w^-0r1tR2Cm`-E9rRMNeCAuBRAh45_zcKtE!!+F zP91wki<+I8651{709fj;_})mxrjY%cs`fp)>k7RFefSsTKI5{F?1yHB!1Ox+a?r4N zHhvSlJnwY%G0W7;m@K zvM;h!BMI;JWIa<~`r|n9*!M(5F#Er2`!T>uf4Bf8`YJh5{Q+c8GI{_zGS;~PikSDj|eUEX(>357$+#J#)N&(3sa zE%p`tnPc!tS)F_eFQLy-?Vb1;oCixS{iJXjn)JpiikZNuu0G3+$Ev&99s^B(a~RF3 z{Oz;Le6>*<?+FoXylM30 zQ$Gs@W~<3zs5b>%pPjF%ema`;m&QMJBeM+z9n(ICWf$cdX}7n~6ZKDY8ZB$kf~vJX zr5J7FXc?o7rA zl#FRW^E0(G5a9or(zvZ^(Rf$w(P*Afxd`46?$6ria-jg1P575r%(eObQMmN?1l-0L z@LTQxLQZr9=3jHqo$-1(%Hsk|rKs{5NV?}j*N%xk=~fst2}$;MrEwLj{|cp=&$m#z zS>emytnas(YIHPF{{UDz)=%bco1 z>a8aB3JrW8rW;#=N;tFl9kE;Sn)Sx#*q=ypwd_a@3*LwxJD7>FrmMU`Z~YK$;=zx1A8Ei`CUz-o!NHebqOT zK9wOho}uOJvQY%qFCMK?U4idQ9Fl(icMp^Bbw8}e!%={}n|tvdR75_=4uYEBO!2P@t9ih+7#D?z9QxaoQH>fNtUbEZ5@vJfjWtUY~mp+KFv?q`4f!A{ahdA-k9(Pd z5#~s6mXzMK+RnI)R6`0uSCyiAN-~$^b!jH=p~b`0wb<1t^t*_>-5x0nl#<*{n>WfF ze*P3CsV{mnKXs1z<*k;tZ{L@tzT|*Mp+G>&3yTPl1E|vgISd?VtXB-VPzGY&Q-XZM z!$D)A0WDSe;Xt`>xF z^}U1LJ}&ZK+Jusx!vw;f<0EvlLs6DPAz)Ua6K@B*2I=0fQZABLwp^vFc{$uKCxzo8 z!Z7w$+RWF!@9=rhDi=+*)wQp-$s@45(fl_2Cp4FEbr5D+f8$T|mKGoBQTtto9SzaD zjo_+-!p7C7QOIQ;u$QDDTAI;!IJ7n%FTe*>vTO||CD7UxzJN8{oe*vySwC(xq0WiA zE#|Xr)?u8#z1;Ks8to&w#M$+RdMqo$?Txu^MsAQqqHO8AEWyt$GcL>N3GVe`SQJrA zhbT+V8_|!0GWsC008irZ+U7|`N}9T6@Fk@eJcC|Vnc6%f!6HP6>`hX!R3x6L&Bklr zDpkI!$D!n{70Emko($I!%`f9Az(ZJ+4Zy);D|{d86FO!pvu2Ay`xVurcy`+f{;I@X<)-Be#b1&DSt1&E4P-|?rQSqA(mK;*F;A2+}h)n@Hz z)!{on3os*RatEy`9`4Qs-I6Qy*v=tq=(MZ+S71f?-pegwa-rS8+%!>n>XD0^k~^& zu*$(!P)GFwoMM&?Fro6j{B*v5+VzicU*>?2ed6bLavbvk02fRNKRaK}**g0p4lgp~Vya7k+%$Er8Hgl#X^mvj% zx)t`#rSJVCn~iURixjfgVQW(K_sDUF?H45}s;X6B8_-uB$>F3V!?7j7?I75Z7@Nc9 zJoQ^y0tDjwRdn zY$5wfue*^3hG32|o0fy-NPAD-2>YYOnZaZxCXywBSGops1;gg*ys2!u^~#`X`ku_= zf`gp7@(E^gwLM=x6t&N-33Xj;gKW0wyJXujb>%9$c4}qM^EK zmlAzyCB#s2qk7BzzUnw|?f!EKzo0@{XB5|lw~>X2EC7mFGn6A1Tt`X7bi#;T^HhiP zulKvZH|%zFywf2qeNZdIH~mgjidD;Ph2ZQsQEs8sG?&HSz4!Y2o(HyF6N0rqMgZJs z18L5uphfwmqUF_EFLn}Q8-u+SvCDi_$kNkm(S5r1W|GoS7a}I>ozWfnP&AKZt?xMS z(P4_|2bl{m2CbOyF|aC0Y_6m_{grhwx+(4h0-2y1mV81r8I=`E&aLg#118NVa4_C6 zb%j1Q?^n7o!MS*8J#nsYP&8QK`=fou`l@n14D%NDR;!7rTcS)0bjDcZdRqs z;|;xM=3PUX z{;|$mh%lE8rMz*iykSJ;y9+#-=8aV$E5+?qFKZOigk8(b7#v7vobv&eWf)?ccuhA; z0Q25sA^QKlpf91!7G>#fNC&vW)QAEc^m#>B5a?Bo@UGvTXDfc*8zQg3KgM_~K+C4n zO-HO12*qMmtvmLMnZz@EAMNn~VV#j+HNIN&+&oVPx0cTkj2nb*!}J3juhaSm9Q7S% zD~H5w@Klm;){h=i%)E-Dh7oYw18KZ96xkk_ut7XH*)>oL9qf$d zq`Y6BL0TnK-jNzjuZqxDOI66;`o5-n42MHzAnSrutf#hxSfn#`NTeXN*Us*uOtPjb z^&38a&|>VL?ZFA(|Ddq?eE_T-!St-wdVYlNSBc<6G0!Q_pq7C5v|!g|NN~g2g_|p2 zUvt}?KnX?nsZz5#U!C=W%qP>dHgOslTebTs{s=IS$53+JUEUv*skTHY*@Gtc(jUKb zPJNR^S*oZkQK#|-6K8TwE^9LQSHYu)ZE6D+9$JoCvBO**qZ0d4p53hBf(j(KR1zyj z#bci9e|D~yk`!UDN1Kjdm@FXwSxEm`Pr;wgkcii#%|{insLfMZLr?iaKGo*m(&LWs z8i^f41daqrtgKA`yZrw1DIA=a*cZqVnY~;v|J@q@XNR0Iff;tO5V0d+O8@Wt_~*V? zR)$d+XQOw*8++bJ|JhHU|7gWxvWxrvU-OXx2Jxrzs&M*OjDK(WF8%CIUcEh#%(NIr|KrH$-CU4UE_o z_vC|jsdK!q(iE};dFULJ`umXrec!!M8&1-~zivMt74q?V0CD8F?{|j{EBCtIb4H^)t{+WJpDZlm(T! z@2_`=*uQ{WX9gGp^X56~*A6*;vi@5DNKq>n3fS4T?Z-4itjT z9ru?41?a@k)Cxc$0hFfR1?=R=ke=?<4$&DmZ>GuSPJHp~)61P4U+L~skZlS>1T?LL))vNWSY$J=#J*iubdL+@WSDem*9HT`5vZ!t|aU^t>t z)rQ#y@ju0G_uM?@V)q`u;HuGq95!BpUNvxph{shGAh zgU@oj)9tEIKIPULbT2Xk^TojW1q!L4+O_>uNnEDWAj5mma)um^$v0eYWUqEyPJ>G!RX2pk?Q;{Gu}kRIW~ajb-(Wr+tsJ&NmYrs_ zEp9%ap+uF?rJkX|vcIj!z5o;~%O}v>Q5DSjoK@@C2hh}q%E0HQP_0};QPAz^V90mH z8zKvu^?0>l8-Ypz7>O$P11(3x+PsIsLk412FO2J$&05A@=;$#+6Gt}%O` zx&pq=h1>~<&m`)8`&)fwJb&}0 zDJM+iqti?q3?-puD!Vz)t!3QKjv(OVt++IxC?d4^0w#Z-C+wjx}Di2X{n! zSd=D;lonH3@v2HBY*2iQJ!$rP_os}Jg6C1CUz7)Sjf#bg>@d|D3 z-I8BvzTGPqdAbAro$hr*1DdBbbb8OO6&C3A9vu(SlTSi`*T5rndpM06EZkK)Myp>p zQUp2q#6Sln{dW`&AXmHfH$OIJ>olkHW>gI|jQ}tG118FWUr#yVz}f zx9Fa*llhajSId$gR8mccm=a7$&k(S8B?sPLOhQ(CSB8{?RY{ZtcVCGeui@5$JL&Tc z#(YFmtd9e5v<`BO2~(f%jHLvki_Q&6{X|#I%p^q9OkDXi=t75W_=4~&T1aGd>lTbzodK3_O79Z{ ztOVFQa*XR-pvF(#v6eGoN|5bR+Qi}eSOtl*Z{Gyt>;I)ASmz8&ox^-hfb)TTnIp`w zQo)NJ*AeDC5M%K4*mt)urS(Ov!G$$oYdUKM)1N&ofMr4cKr*0q@wqT*zY1OqVV_f=Y+v_{3vu8OhCQ~-y4m5n2#W~ ziijq=F-nJb9VVYbF$H@MxI!Da!UT|~M~E1?P#O9cHYCOXWC@sZzZ0mvq?q`@xT%!x zUAVh2V{AU39>>6y?>_W;Cs6JrP}ye;q)d%%R)5xg<)74zD|}A6;2*7@UWuk~qkY#4@SdR~xqeHedLe&}IS5xi7)8Di z?qs!4FVKzJ>hEgwgjvuCsM;K+2j?qvI9{M^9pFW{9M6f1p5lUbudsKvMr%cAIb(<}#4mGLhS_A{f3V6~GSeaAQRfw6{frCq%MSJ5MD51zhYFJxGV zG*omvJ=SKs#jv$|c_&dyOqKl>a(qnZmI|-&f#BDqlGtJXq&S$LJKx0FB?WP@>4MCo zF0mzE7fKqXHQj7ywDHFBe2Iz3!zi%XpmwI_HnM$lXWQ5(6SqY}YoChua}%Qol!`tZ z1*3&Z<%Gj&k_&RaA*okp|GU)E;0wnU95-E}($n&j;%5kABy6(p9z3nHagbOL&*0!k z_?6$zm{XK+(8)Bkd>S$sd4?Y_QcZecnJQjk$XlS`4feklKS7%S>+#MhKj8Uz>tt?K ztk=IZ>lX|jN2-a#qoggVFl6~^JCr<9^=F+Nu*^Ut^Wwf)-2axydWFAg38p)pVq~C6@N>`CopAXjR4c1y>fZ*BCj9 zYmJYbs%)^%J<9IF^%IxB)d~Y>RGSsDg_tSIIe2b^Am~J$RFT7XqPkpl;1;y>Dt%=r|K8f)c7d!Z1ogz=R`kESS1rF|Lj-84hWOszdDljp<&h%4qO&?l;_p zy$B9gzg7ffJ9H!Z^r9e(Nl-Fz%MFK~*lg?G2F53gg!k8VBOarSDHg>2w8w!s3sX-% z=6|Y77I9bX4)f8|YA^QKZA}RZ4~Z^!i?7Ic4Ai`ZJBK+V{`9`ie8g*|kA7fIty`{Y z8Gd-9;!CM`9D9^lH#`1>rYv704C`G* z+F(;~iI6GDC8~uWi=Wz*17Cz=beeN8k77XKthxLmxBi@pL@bu6KjD^aN?E~=kb_Xl zZax@X9*^|Z^YFVSBOw8snVJ!*Kh8^01z?uGjK#=HD;Zy>Og6#1aN+S2SJH3xiaJ4u zrE^X-Q+~Z6qJSw+azvss2xrt?pdn8Xh_&T6{xiukpI$nG3g+w2*9cYODKv^X>J$^> z{)#R6*W&DWa3Tf6v%cErU+Gq>-;fs+)aTzSu-i3z>PArXYJEFIKrjqGgQpH~AeNP3 z{$3|2DQ3K$PtGC0F;A@}aS^M~2YZ;GQIgQ7R}DZ?kpY!=>Lq+8I!o7YnV#pLZWBci z%q{Z+`o1~|O%k=9L4-WlweZJ#xD~o3Yu!aOO7+}?^;d0?a%`oKYxSIK_$nrxnK3@G zVEGhX;)xlfiI!C4nzOh})1QoHfWg|bK+wZDkHFf9s};W$1#PMCSRMqz8zvxDTz#)1 zm?ZdFZM1R-;ptx%^pb?i)9jw+Fc^i)7`+(~rwptfhi51ot4<#vL5`jN47ZbGcwgda zo8v4jS{XgDRkbT~>W<=Z0=G@uhy97bi%p@~xXj6~T}dwE209=4FyJ==EQ>-~6ko3} z{|@{lSR`RKf{qjRRB*hM&WB*IQHj-$ooi$IQ1z!j$DU#bD`-9`e+@GNemk2g^ox~MB{zxBX>-X|6{HWX|P_Am^SC-Xt_&LX`Z4ZFv zj9l|laql`auk%mU+38xZU=v$&nJ^!M-4xc@EpHKB-WSrQrXb~P`m4(`=q;>?<|ivg z=Qyhev(Awl8eV@{ml+C*_Uk@tdDkwxdx~bDoV-%XmcSb@3l8ZAn&A%9FOX@S>8*7A zlHN}=PO|IPypaHl)jm-x1anEI8lC>C9uW!ZCnLN!A7dr@s%ZS+S0p7}g9+~V%C1(I zd)i?1_WT27_UKhl<_x(Y&^K!rQSvs+TJ5v!C3@eMD7Ft~Ou~gonNny^x#LUyP&W53 z=$Ka(2%@0@@KVu^x}0APb1upSlDY z0GBWVmdK1`NT82MZ!0Lp&?Tgpy1IH$rct3^bj#50r+ar9z6sn*P6ZWj=^;E_qh1#d zRk{8Ro~%Y*xs;BxfRZZ<6slIPozj-LW;e@r-R~AChW`FOv@q*FW+^3SLEpC#z#r`;~IiBUZ^*6Q!V` zNjIZ>^Caz_iE*gWUN@tHlGk;QXD%nw{1e@V#cl$lO+dG`F%{xmU}i1`-EUM|QTf>R zQ>r@XZAKCat+sBNv!98-pVimgH`?dn<=9m1@tgi^0tt5S7gW4M>bnyabH>$)g766l z9}C3gQj!@3_bT%vFw2QQwvCwUerfn&Fx7~h%<{)M&@ul=Xn&_=CBia}^ z$W^lS7HTh!C8ezT!;)a?qX?)$!f=(!w7Gzi)#+z(wl={goHT7|D?>Mngx zk~7KgXrj9zqX*WU^-iUe-ad&iV^qiVbgb4F(8%rgC$2%3xOO~I`je*`iA>Dn1;MWi zyF-$(+tHpZMkAyADYp?dCS;m$-&~oi@E&o|Y+=G~o$j6~ z%|13e$rE$fP4VL}cO=Kv!1#uasg4!YJAUh)#(+k&lf$s95g#;fh27{~D&7}!JdNLr zV_A`37fCb3(vfc-~yFNCVOX5Yn><|s|PUdlxLTsrFnk+sjh(s5a zK%nz0pysx`|CaVsJJ^ujsT&qz3E4$p$xcWiXteogTqvnW9wy&57ZeE9|GMv67>!LY zVTVy+?o*rS#^9$Di}@5`jCIT(2@^4UTwUCkqIx;wPJnk$p2|Fo>f4=*&aqo4k8F+o zfF6L!3Fm<7S1)GD#Tu5vedJ!1DBJu&GrEUok8sS2@0L)0f^W$=p&v#{nok0YHsU`s zN2(Ct2Tya^fxq2?2(K&7wcn{Q0mDV+g>k0g_`n+m+OdM$b5Vr_whN+OwrXRv9Xcd(vk$#=I8$8oi#;;LGJ#E9@KmHPo}ANDm~0JDVPxjaeX z#5dwe3{G-FSc-qX+Zc4U0G(Ue7p;HrM~ubh}w(UolG)> z-QCc|9(ha6t(3JkU3$M05>td*HwQDBq4ZrZ86PRRm>WV^4B(Ib*pNu%9`Cl#Oj({4 z(y)NK`F**GCTn^$pl#-SH87yhO~R~QI187i)~l;E{-`vgF0slregET*PtAh1#`~_U z>Xrr6`YA~FvR`2x&Nh>;(WF9z(tOsK?)xuuZuL3X+a@cMM{7UAP)W|A7G--FXl^8a z7G_OZ1R$FJph@tC06*xrJtt)Kg*wWz8Y?)m2a@r(TAl83@ z?pj`+O$Q39jP&+}Z9VsNsl{AS*POklDuX$S0)bXNPpRlglEG`>o@P_HgWvy2LcC4q zXeDH_{&D9F>yKvOF5Z?qljT!*IsDde@^SBJwhcStI(EBKyi2!HLc5UBN-Uzqz~$kd zM*kVCTY2}R$j0EI+fWHhUE1-PnMNlYab~QKAPZt7QgSSN4azssyfrr!d5<-A*yyTc z7)5kcu`;h)(WAjq^y{RrX2#KLn(z#&4ytO4PL8_iyV-$eiypsr*YP&nZjJF?v9f+p zxntsHVOCoEG47V8U-Lt%5HrQ~eGcMwnr+V8+Mi|_8r39gcM5&Mec{Azx1#PNv`dDq zC3pM>`Q0Hoz0Zd@q+-?gEBSpgQ*{bM*qToY8+5@;Heyk=Z>@bCy(-zgDXkO=hf*L~ z_v?d&r-8EpXEV-+BS>s`zxnSw=`)<*hESfE4!pip-gn)1L;h#b&Lh%uHYVWg7t=Yv z=8@RL9*Q|$=HAbrwKe`2hD)Gd~naciC<|u@E2{TMTvE|h!9n7$6aiAjGpj22eWO_pg zHBX^DRT~qd)D|*?1ra8()AM2Lk?U+`_S@2{MW{Z05#7Y?JQ^?6=k))TQv7vacbaDT z>imXz@U5v9`fmZ}KMn*?$Fab8>&q-Vsy5AN{QoP<*zhBy=60;rf1jTESCPdKTA~x? z0kx#&TiL&BKg4KIw14gSZEbmY{#BEi^TPl&8R(BT<^S{h{`;xUkU&4gTjF;*I*O?O ztAxW2!%G1(xU@+>yLSfwOamYSnUpLp}|j0TpeKt>b=uh30`sr#(#IcI&y6LhgJ2`>B?yV^kBT z-mnX5cd@BXsmyVsPn+gu-XbUbZr5o=v>sP%LWRIdjGVP$#i!-zWu2hQ9u93ORDU4~ zXia_QvaU(cW3pYG;}c)1T0988kkS()!N|W!inWjatBQ8zlQ;e^vPC|0C2Pw8mgcnA*yL%em%m9nPBNP)Xn=4Astdm`Wk@g+ zB!3IDDsFtU{Ky=y+7UJMq7l@mHbG5cFjNV&s(4k};|qj-*hlSSFG49VS-CqvZBAip zzwYLWpVjwdSy?3qt;3%SHKM)Xy2?)$DN?^*VJGXNU~4^*Fwnl30JJt-+1?xRXyEeo z@E7?511_qQc9WACBN5afOT!|S=TVczo;EMvRGa~eboC+_{<`oFrbZT{nGB$ol%{kH zByZiwwZ|Q?r_({agdykO|0vBz5 z$_0Ra+m*O2$0_1`%@WLujCx!~xwAt8k59Rd)5gKuxBJ&XSMoI3lL2;mWWa1}-@&d| zv7$mzJ)tZqxYZ!YQMe_7i;e`YyuF!k`!|c#Mm?Lo_y&o1EFT6$?+&ovIc51OrF(85 z;cxnPu>(3rqIG2xZDH8nA}LDX>Jp%nA&#N0x&UeU^H-9`!6#54B93aFd5|IZ-o!2W zuHOj%b1UU=mkW>q!;z?fiSewjIN_Zj!P#95!XAXOSGx;$=R3K~6NJq(&v-XV1xvrOClf zLiMk%$WyRuzu9hYz7S(pRJfvHc=IlUSMj-|)O0Z+FRwdppy|SD`P6(lqXTQ?GO5VN zVu?lU+zJM+n;P!{RAo9%cz{gfYgRd;R?5UeK@N&OPC&i8yEP7yjNu2$_ZHxfC9g)D z0hunV3@iCF4a_OAeXB|;apyj$Yb5h6yGzChY!f`UQfb4aw8Cu!RKYweP+q)Tu6+Vk zuYsXH{m-`xt){WGyHY9z$FwkmSBqaugv#zgm*oDo8UkAT9y zJu^A}RWkTVI-2MgLvbe6o&<;Im5tbMa2{PGbDc8+Zb_Nw?Og3svvz06s{||d_ z85GyH_79?=fe;{gaCZ;EJp>J|!7YRk+}$C;2^!o9!7aE4w?J@r*T#Jo_n!B@_nexk znyUFSAO2OTqAK0JclX+Rul20wXDPOCy0A{(CtGgN(ybJ#1-LE!?D(28@nztVG0vo< zkiw(%6L6_Yr&Tnt5$A-S@hrh)hA|OWgvrcn$(Zmy52Y$Z&>VioyN0nnRuEG*20ARrc!S4S{+#a8-q)N^^$qPs+U@>kmPS7;a1u67cyJAY-I+!k*n-V2yRs}!KQm%Zx?t4Qg1%mBFAc9Blq9& z?^nf?a*Dl(!SWlnYS^a%MjtWX1ys3}tlL*s=EEDXLXb8PbFEenHD))f$Wr)o z7|DOYa~Ln7cY3#(=00>`5pP>y+!2I!SGyv(4kz42-KP%3tsdUL1*Aipea>t*Q=Mr- z@*j5@dKh~%)rAiWm1YWBwKkb-(PF1@pv&72vJ?)O1K!ZgB#|d-cVd0FCR*e~#|9xhLcB)s@ICIBdSY?;1WvkkC?|SslMekZmLo^ots5%27#P`R+$JDp zdqu|6=Dj_PAx6uhZlIu_LsF##WCxA>CfKEsviylH3*EIo`R+ z;xC7f)UNP65YpORULX4}M&PrzHzX)M>te#z5S~HW<+qF!_5Ep%19Z{FOIcfA32 zbH0tDdL0rq?1f1eZw2a!OH`G2>q!*zmNOm2fb|hv zSbopz9|LUp(KIDe1D!`m?N5*+5$28~gzsG*@Ok}?s`y{OXmUG))|NegCX5EQ!NWO1 z()KEBk!b79pIFo!N`ccT7D*WXBs^cpb2vu$(6+&)R;Yh`$!kqMVn4EWq4<{&8dyqG zvAK_h#f^(Zhhui3$r#N(42hJDOYi+)VvxxN+ISLkF!;#&&|mx)-jW}I}ee8eFY99)1fxgQNY@)JKB==E;tjdM;n2bCel2h3N}sOf^A4{Obr zVw#LPQ65s;P|8(@)*Gal$Hp+R`JACd8K!&A2 z4|uZ^SvIg1fQo`;l&H$1-{?}VG4(lk(VB?e)gLXM1d@kRek=9u$TYZz@$o-S4P zn{a3dLgGkw6&mI}dGREUhR*U0l_!pGyq6q*)|3ytC#(hk(KZEd>a!9F?eZZjM)+s@Ldi9vE60R<`%;!3OuI7BrGHFS@9V(P81>7_rSq z&7Qws>1-h!6(G0)NScLcdvGkDFBcqV46`S;mq;>arZ4lpj60^#T)zJ{yZp9U6>Cgd zM2!Ld!Rk&@N&4?Jj6{`ZeL-JCMmza05k0Z*;mt|?gxRgw1X>RjFA0zWBwO>+#dVZE zCpNa>_`*8-eCMM*s{=|1K$g&1nSCmn@(T4FD_v{JzZ`PD^oF0lg;Gjc=(Iya&z0Kr zHe>$-ZC|OS!V3ee&fS<%8oj8mF1{N$T(7FpFkQ4M<0BK3xfJk9bX=YJ|}$-D=HJ zecYq;feLL|_25%jBOJ>~q51Wtb3HTGdoWLDW2cSgwnJ=ukx85@cV)-p@pEzc?1*(H z`bxiFvSkDZ@7%l9csao!(~@KW@DDuUDTMrZQHbr4SD%R^|8kLZ=_d185h0ZmqF))DaUcwQkv9h1D^~+#a_gOl*1@F!a}k4pT*;Q3U<)CRHX3@N-ZBJa z!|g6Rm_N$|Jc!#ng{9{xSn5JWd~6Ybk->_C(Dh7Su33(Wtqr*LP@bg`29UA&)RhZ_ z+Q{i{i!1%=g9~})NJiq4OGzUUpp|&{g*GkmBYz*Ugk0Arwj8-N3HM6m#FtxUkaamK zhN$9P&*+zPVH8kHu#O=UsD3k&19cluo5+{2#8{kY}CHFv(QDUoTN zO_WFZ?@lIT8|9gzx8EJCx+Cn%+@L5Msgk zU^j^58D0Km9D^Eum(o)Mhqp^xXYtKQK)%Ww7n*o;Y}6v(q6zxW1kJLWrdK`sL5zI|s?{O_R_s@q$n;`SvAlvZ(&xakRnX^2Fx)V!&JD-%B0r!0e{IV`xC;n1vxKR6T#_9r| zz_P#B6JO7$C2^S}yf9x3fdI5^odV7Y8{PdU;$fT;qD3rOw`?qmb{`^-bc*cZR*BJl zK7Af{(ZOeb-^N{l>KVy+s~B#bQ?UO{`WhcQk#$!k6V^qYj?d#KWWDVpX zxNHP&YMh+{Zb#&INQyq#lsZ~u0jn7q=(r5uvsDqk*!h?zez1roI5LID^;52oNyhk; z7&dhkS(cmJ*lxb-yzd;s?x+#^G+yOC?gQ;LTD*CmA6yWI#H_@6K}+jN5U01+u}E>5TFVW>_w<$=6tmS9{WTNXs) zC8Q04N*%(#s*31&jpoTfw$hA{j1IdO*Yccbd9E?Ipe+mCMKt}XH`pL3rtSNFix z@@M{1){D)NlSZ^(?|7krX6iA?o^zPUxs`t!xU?fs@x=av62==cseXz1c7#Jo zhB`je7lT|m8AR!Dbllj4`sH)%96EC0%d}o}LzFNjHq~u-jXvx>(qH`j$h2%;Oe30i znjxy4^ocANvB;y>_NAWByNFepFy>q(lP&{R5<YvY)q8G{8#Ax|$2Q&CiO zT2O*Q8H5WNAXjS&{Ori=$0I`TxS=LQOI~86ipuK&ja*EJibqm-C^sHA!3X}eat>>O zWuX#SyBLhPwa|i!@5>z;#0u8}JkR|0vk&WN#<_HbM;x{qqFzuWBB&Xvnd;zZwHLHz zHnM5Td%n?COlyOe6$n9RQMyiZASay!?wVwq z`ylO)@Ul5^Y156SbFKsbfC|{QRn>3E&9u7r{*5djS;o%MyT-507ejYSzx|Y+o5~+J z`tVfp2-`)}@Mf0o6{;<@JBME^TJaLLeDk>`@qY^J-QpzLikhE#fMSWj7k@zVRXY8~M zNfs-Hv4on=@)EaluJ2b7uI}jYD}?~7If*U8rMKEa^ac8X9Zy;;^z(F<@T#l|;-tEh ztzyS7`69GtI$wM->eNI>L3;6OM@BHw=7ZTa%tLH2GX0N;oXnVKrf+x9m9D7A)n?g$ zq$8Zx{;2bHYWpJ=>vVY`r#zQTBN0S}=jfE7i2@?bLE|_^=d~vU0fWY&@VYIh@RbjERJ0+pE;xmae~GaKaMH64*mmi&;R z!niCRG>#Ms(@qA5-cFIje^iJ5uIns~QOJe~lXGj_6M>Q89s92h8a_HPp$Etq6LUeU z82;PH8y+#mw!Tm{O!eoVBf0#1JKXOv75&br=4(AP@5M0N{CdBZayYJ(eQhP{6dMxu z$Cp4xBeB3_e9Fdy6IEW4&#&h1kSSNzi&}S1+lN4iLT~-s?=`<47UPTBA9U=?7B@@X zeK{Ec*1|#sOHaye@laU~WTRG|bmR`yDjr9k(f57br>sNA$9swbo6b>=9TphKq4MM! z-Z7(vE~djM$R>}FqSqfM>Ca(Aqs{JowmN|za zUo3|R#A27`c;y;qmxM{~L_!huQnoS}rJ3w2;e18VoKl|qGX}kjrNfFRjbBo7`4YM4 znipUc>eCo*A8kxjrtecve)MF1!f%_r)d&9mGFBoEy^|dOl}EbjWR8~@Ul>=HK;Khi z3}1Y2YZv@N5sb5?Z$H0zC$=HoK4~$$eBt4H|02gGRY`sITBml<##5FLJ^45|s#!OC+KxyVX zfnWs=1##QeXtiheIN}JN8@5cdZLZU_&o3d+#n#oa;t7?~0=$EuCccmOzdpc6d{b0? zCm^2JUK`-&Pw{#he^};4J&5lu^oq& zSJwU$!B=Rm&JYDDA%a{=%hpFTF8%%64R!uZ3VqG)6m|Y5-ww6%^h2-+&8Sb-bLZ#1 z0;~JBV)Mp_sN3-3uFXb;a^QzRvuLw^8c6wJQBY58M1#;@MU1NLxr22A9+Qs+hHfASjOhGEWc8ps} zfKt!!3;RCy!jwt7W5ljKRfZ*QvgQ(E;}b6eN$IO!onPEYI(I9j8@{{1n*Q;qOm)xN zi93}$Sx#b>IOBTTQP*@?zJ+b$iS5cP@1+ogXo+?0Hv7|3gP(h>$1dTQc#W+Sm%Xx$ zfJ*ubjSD@8lIZnoooW1zqhKDAlH)BE+t=k0wBhFwg{H%7s6@dN!17MT9^&9acx8j2xom=%e5aTD#RlC_B7yfAcemWDY+T2?M6+q( zHukuBeq=b@iOGSPN9?)qmK?&SnAv+|d^mFq1H1R-Be7L4MW!tPR3#M( z(agxJ?v9o6fwi2Owq=0FFh_X5#zbf}{UeCy~I~dK5GO z=N-JaMl3iNF>7`+=J~zo!naXMNw+_ifo(~Y($sg6gUui7dC68^AKUOd)q?*E;{99N zgi)s7#oX3~4?;_iWUFXX9h9Tj`dB{?C2`5#-<}MIjotvwK`w}6CkPBjdFgzh^MG0p zFsQFUI>68H`JabV0H|CG0^!QIhCcIn%c)k2mnVUcM=jYFA;G`Zv46?4iWVVjDH+0_ zrr2CTyDuQUaRIQ(b3m@8U;n`E)yewf{=Jyp>(+%pz@^M#e?|?sPE!7*aL~dq0cI2{ zfwnqE=kw0`q+TF=2--s#*#jbj=z*Lm28eq4<@xuiLUEbD&RVzVo-cZPUxD`7I-q(d zJR)2G4x^SNam|V32XU>g>v0-uKz71kyGpjP{X$owMIpH_D6F=YibpeUP_mJ@;;w7 z)1#vizg^HGZ_N!HEP*TmK=!DeRR(_I@a?N(yMeOP+A!?F~a=@5790NP*+H2F-vuf_wGVs#EvZh z04E78f(?`xFt2m`f-tGmhz|E6jb8KHCc}q+n9MxpV<|oI$gPlrgaU@LR#ehQ^G(cl2??LYLV4QCI@ClDK;QllAWt zt%RS5yw>S)dUr(x*9`!WVzsU6Bp&-Q)1N8_*T6(~B*t`q1oA(TAKY}L%VHJ2adfsU zfX6E^#*z#H`pR^gaw4`C`L$p9c^DH+A!~FfgSF zwup?*66lW##=m3~qTax*NX5m2_|;2K#M0RIK^_F%&rex+ zYNs+&0rYTN~{WpMXpE>|L+qbHZvTkySuqPfUryN zcUL+|d!!!s`1!&7to4}ZYB=|V7^VcwgVzH2nizm|Yb*l9~?EJ|hh1jv(IU&Z@w~-*p4HRg-f26WyXq&3ViqHO+3jh^4^|jdN@p zQb}M>;p6StfyR9~j#wfpHj*)vf>8A+SV4qA6$*IXAp=90tn_SUrwqs@UHgUOU1J&5 zl@(vFjCRcolOV*xzhV+6LX#mne@#WtB2?!2*Yy6^ACs`h>og5{QKd+kK_OsWzn!Ot z(dkSg`%3K7R85mi9K$1@!VQ&wOV@2XSBM1HP5!_z5T>8=_&A{(N-DWOTXUiAwg4K4 z%h7F92D3o4@$ih)JHWJP`%^8z+8&aXUmYb(V%gLEah%lMyxTeU?M{8t;#Qr9#Mz$u zISwJ-59Y5g`f*DEnRJg@zNU#c9$-F zE0?j_h%chamec&J`Izu2!zdl>u&F2Pnf8|1G_$4gE;5c93`nNuj61uDgN!*k%(JSN zE=Wt@ah;g%wj(CS>AwHS z{=(nBMFz&>imH#n>8TF+^IKu3_2sCjNG+R*W7TAeA1Di?4F~`vu1bEF-z!=st!u|2L=b^D3#z8SnVV zp&(=ieqJz78~#r3VMDM(1OjgRT+ND1eN#DI@z%@SoKh40r*lwM_dTqfVv) z>LFo`ccVLo|ET*A9$$b7nt$=PvIrlp&JWasb)#R^(f@fUACarprhmU*@dsuizjFz& z-j>b-Ylr>DKs3<5_5r&>8OPM3qrV0$7u6T&17&h$;&K3|pkm%>RvPeNa>2U1oAcaM zo&OyzuXf(Q-iwV12f2J?syynVE5K^q6TyE#2hxk0jLb` zjmp)vXdWnU-a}$#5Ku-Eg1wp)pLjKkba}MA_R_gbxUKBNJ(e{kEfY&%KDL@&cCW3WW0cIvmVt zfl{PDOMYRL6G4UxF8%g0*n#vqJ1niaR&}xi#Tv2(2WMF`D|WE2s*p53D+j7NDzN6% z?g3sGwb3;9=D5z5s5+9k0lYX&y2qSj*;;Z`i!WER8aFeX=JAE6O$G9md2|I#kVr3? zPy1k^$tMmoc4zir_5>X6ZyEY?5bbMlRTS4CWyiSbx7BlwAp*3rzaRGy2ED@P+XWk0 zD)mW&G7Yd~KC?u|G3T|Kc_eXNq6QJbx>GMOP*FYw`o>Dms<ya%3;KLNDjucowV>G8`#vdgA9h>PeEspk8vvr0kKU8( z!0VF<+Q`)QRRRVTlD}JaJn{V!Baz!WP40Rnw3;K4_rx8T>`lBI-fz41g*o8c2u^Qi zcKXp=?yyjkG&WLQ|zj=Q=IR1A1(ES{Gzi7;ANwJ=ya9N*YoTMJD zZ?#~oi<_ysHaKMxCN^L=VA^RpuJ7$`2b;WiJG9xmou9h%0H_fLythXY1-&1aL0WA9 zGS=<%45FMK(9W}_cL5HU@^30Tjs>uV0GuejD0WgWd@W%QPt)|7 zF^jQ0qx`!X!R*A36El`JE@o>Db`S9AeMR3m*L{%=So2btv?Ma*Q|meIvm8s4CTNP6Lph99ZQ^3)Uo$2Ezykb@E=l=?oPCl&(2;o9@1j zCii@foyF4hu>uvzXLe?ygvH(voB9Z)4agCrnC5vyRY|mKj$)6MrA1#!^?j;^SZV0` zE(=SG8O=b9SNc#wzEB#YTIqvoe2JzOldD!%r@v2x+6Ko))k;pvt?As`R|``QFQ(PC zEvb_&e|{?pyE2s<;_|#ZGxSSFnz&DW!5t6g56Q=kK_u^lJIzmIETQv7bpE2Iz3PjF ztC>}C=bi3Hh3;dGLS(b#d$n-pD7JZvc(M-dZvfjSxfD9_pr_HHEX|sLZ%A)lccL0x zcbmYf&C;;noUG$vi${6@O1UV&sg&_@n0zEwT|GGaE;b&|ScsdpcVn%6&yI}WOy6aE zaBd5{_hkD6GLd`1%to8;eO~9?Si^YO3y4^#c=s$IYVa#Av$oXDIq@w&lcRX>)3`sw zJo9&Uv*%D~KfLMb_mPT`H-ysp@~LaBT#~|qmrL+M4-9dIJw48ne7l$7(BJ;(eO{I` zJ+Zwprkx?{c5Q)p(vb~^PH?TFqj_(&uK*L(lbA+6k>Hn=+1!<1p>(0kat+nBK!~!J}2-pWJhQvuJ_xwW+fg!M7EE3Gz0308_KvE>6zj ze)NJ^OJDEOr1`daFTI*Vqfk}vI<>iJPu*SR@cCKSTHvT_>%~x(o;;0SbLH+KMUC@! z#?5_|x946G zPw}v;sc_zS!AM$@sr?1trt7@IvpR&szD*xGQj}X!$GB_GDtEEI^m%+Yc(d*|Nwoz| z-F53bub8bjEQ6(`b82pN91fN$DtgXmji+&1cAc=*YZb4!a*VDjI6V5qcncSwE(fT$ zU+{bKFTeaoE#FH<3dZGkd7n;Kih4?H4DKDssJ@imco;g|E8m^Fx|Mo**pwfvbF%o* zS5=^5s*;bv#-8fZe(cx6E7K~0r$;8}Hn;CR9d@zW71^IK^ys)D29hPhwnr<}`aKRW z#asf^b4k5!MfF@w%Ye16Q1Np4@Sp4f4)ZW|OnM`KXB*0qE<@ zx$QFF&x7vB_Nq$BG_aQS<}u`zV$>*cnAqcN#AyC_#-Ozn8|MCfmFpo66cN3EzPSdP z6w(sgo3V*C3opn4vk$MVcD$}pwfLQy`fasXy;IZJs+hs6P=S@ArAb}q;(@z;ZqaWU zB$Ew?fQIWQ%pjBg_Ri{uLd&K&I`RW>J9UU@GB#*(&xPiuZ1S|F)rLFGNYg0X&(yt3 z-C)xv2$f~9Yey5h1a`pm>@S|Sr9Y5izQOTXvTtA|hGbAdLu=CHdRQmk6l#>FrP#E8 zfqq^k#K$NT%IpybW|)qW$!WCw{6gagtxk54t8t{^q=)l_!wy~kL9;JoD~E(;37>f& z+|ZFAz!}4k57F@>@CmZ3{f-MttLb=$dF-CnJ#8g{}iCka^F_aVGoNtU?3I(21SYciKLLE8Kn@H{I3 zT5hrb*2G79UTgh%Z7V%Oam}DT^NjWEV6JKF;OFtD5$*wfyy2!un{W=LDsFVNj!pHt z%-goF1+Sn9rqI0pi>mi(xi|OK9+&9#FXOYF=ViKvbSU(1PxDi1-P3%>TB;(eAX}QI z|5{r5q(g=J$$;nHo@a%{*msZ^+lTk48z0;Q@RGVl7BO6t;me)mdGcEneUlBO>0Rqefo(kK#j0m$N9TWRA; z@j-|vD05AEeox;1_##BP_pw_Cc&9j;k7VTv025ylZEOa0Dl+Cx=9+~aM0+M*$decv zPkP(h%g+QJ2=k7R5;#FCewl#sw{;;wx@f*82t$GwI?jB*$T_U$G+k#1#A5*|9+UT^ zsPa~L*bBJbJoHEM*Q-fgN@Ty`cg+>Sfe$y+5I67?gJJa2FsnPT*AX`q-+oCe!l*m< zqrN7nW}8bwC^5R`onQ4`S?bTz_Nz|+_ip`s?bpVuP!ss@{yHL&E{K7j+m@X zC0$5w*Wv2y*I2LSB7WM2bWX@ef4KT>LcqZUe0oK7JpEAd_^1WWq=8efFMYcmL?3Hf7>D7f5HT=i%`f4F)`zw7fCq|h4NzDey zhQ_Wig4GTp$2BD@`yKRqub#rvYXMAX=J60;{#b@#N32D-P)9Y=a&HQ3jX+^|R&?DjCPiCabhbhvgQ(+Pw3YW)|Z6uNL^Q5<1 zBmJ%MVDjd%6o-j8OJPPs1CI24y4#NQ;RZzb7yiilO6aY$cI_QL4ker~dn>E$3)9F} zN@H((bqlj2K2!cf+-&+iEoaUv_w}9FsNoaX^kL_dBnXS(_J{lzg#9)437c5ZFaCtX z-1aG(A{qN#ypwoEcQV=e54%BU+k3*feKZfvf7q6Hsc*)Q*44<V#61HzQP1nu=c*CaC=ECiurj048PltYqV@AYVE*&Mf~My@I&p(TQz>Fz?x zOA?Sb1ec(94UCnbKsNH+^{K~|DFOfcBD{_A#z>FJVk#a~p|R2j*@dLirO_z$FT{n4+PabrAekk@^~mM?40-dxjjoY!kt|ig|(?)}(iF%s|ck0FWYBG-=KFh)= zc(<3FK5DK&^H~iqd zfvXH6>CFxBRnmxXa{rRHdz0c!OT@myENaNc@B}Ob8FBXPS6*!`xZ6fO%w{p49;Te3 z9cT@*3Y%itFP*m+7x0?8HVAuDsJ(Bx-T7r-y?luDzKx5ljbVP!ESK5gC%t83c4|IH z`>`fGj%0E598Yiikc$JdsPTjg4h_Th&h>avc>yQr4!)k(*=&<0AQ|&l<&5^dcG~y1 zzuqad58tg?e>>_RwOe};Dl|-{CY8jOkU5+(`>g8W++vRYj{8O`7{(aK=wEX-gLcZ7 z(!#1^do%w}tjvvvexB#kwEDJ3vfWuiE=Oe6aqS8B%faq9Y?@iqRVZM|R?#Ej zQCx7{Bqm^6qJ9XA1WrME2S9n`{bUD6!vXJhsH5so$Tj}BJN2e7+4@<67i)7O3iO~S z+RK;?R|epxOtCk914|Km_IzXtFjTS5>0 z^V+k+#o^7);F6TG2N(&9pW33^vlm*d9^K1dLsD%1G<&*la>V98HD`;>Dl>YGKl`~5 z64$)@XiU%lbG2wC?fXLv-SKk)IBe{qwzomow-|RX>w$Uu~6h zz?Ku>;gRV0e&nN;*bb);z1>()pH+n>``W6>P!yda@jIui0wkXyHf|TaWZ&bs1}cM& z0(%3Q`ZSQYK5?YK&d(#C zA5ekD^GUb0(enEa20~+vB297yp|dJs#GqA*n_8C?5_{lM*}IEFm%99%=+eQKI?9ku zw|MjM_3nc8-2yPYH~sA*tx;qZDRf>7G6BamdWmZmHv(_n51J7Sn7Q&>7prBbd*F~Ik9`Z7xkGw<;y96FU9dENBv-nSzy#u`X> zSgzXkaSU7^ID(l8oicfJZu?)7LJqM~v$CwT5H__Gzi$#7`VEg#S(Hw4A|$=C1e<{= zHtVVb3?ATcn=5+v#IF6A8v1(mf4l&?r7Hz5j!O6$Q*pkAUvcYrr#kmrY|2v@3y;WK z{b^D{f}yE07AZC|@yoIWSb<;qBbKSJApR`B4uk2GEAMcqPwaW=%?C*~|R zlo{z21Gl8+Ofj@QSlHJ-o1B}rJ-B~(%T!u-GRoVG<$VEbW_1{OvUj||3f)PtN>8`1 z*4j$5-x+rQgL~5i_e*zBzqMHMPiXxUf5UR`_w737i!QQWdU>H|PJY*5MV)XXUuGTj&(mX12ei zz&h&U^!ANUObCAAfT2qYTRskLoGl^kgXQ?jfVrT&`}QdH5JfdddZAodE#&f3hy)o6 zgc->AQlBf+Q-88}Q3Us428VG&ziah_g8XJ1pB{!0JVznS_MB$BIjd$_tM)|4I&yIT z8vhw(Q<;SB>S%8P@Qu{o?4Uu$3nz4zh}ul?P)92}vbeLITvjFVs@esjp#f(EGo5$m z9(NK;5;c5XnAJ!@5mmb0vMCMJ{@!+7=2OG5q`e&y^4$gp6lGrHdsxmoYt88LKlQtr zSKhbT33k^(5p4v_&5@&BP6E3w@N zxkOrwUzWVRHJ3c(bG8gi$*&dH4~YRLpz;pP`;LAvVuB^`w}rz(?Qf>)TjWv9zTqOn zL832e$4g}A(5sf6-aopIK2WrlT9MqGs$!i#1e*BQ8ke>%RXQKBNVf1zCM7>BUR8kb zEl-=(ID>H2Y{7XMsF;aCiiMEBk=Cyszz*FBdLRhAo`QUrH?0iR6bHdje zbu)F-_{G`?Hj{NVDuUL%-TkYNBmqEyw=TZR?o^V&It_(all=oao-zo&(N-$_LJ_oe zO*|G_=UT|a_O#5=6`C|bBIV?YpPR!Ry)$l(sl2{mdGC932(;x+?HC~^K;S+-yFX!_ z?N+5Q08tHRX_PN{b%VoeG>^%dt{z1J`Mf{vC1Vp1Kr8b(o%Un*UhxyeV44&F`8P`W z;&&St6{hykFkhpN;peaZ&8?u*Lzs%`IiwD^p%owj?Or4U9~dHKo84tRwCS#2;>ME{=?{A+aoe>g<34ZYD`y}7%f@lOZ5Uz;9HD)04o&%x8ye>SPh z_?Sd$x8B$L*wR_=ONb$M{seqmPOrBBPo;8LfSH)jfoa5pbMO<81CM5R&np)wQvCL2SkjOfC1+Exu`xCJ_O z6=9^@LW?);Yid!oV|SR7UWbh*5l;y?UM~Po+Q+_PE^r%t>`vlPNrxK$7Y-#7O&(Q= zdna43!<3)y^h4n8ROPDm-Q~?8hhaN{R=q>PEnt7#--E_cFJ2y1%fO{q5UaRq8lyT> zLd}AkERdN#KdXP8HkdA~py#oSNN}}$J=h++*5?0ym=*mXYdIOhd)1jF?LaIn zZRKP|z1kHKH*vF{fLR2DsRaNKlk&RXrUh_TT8c*>yfCAv;r9{gMfNC_@P0VB9NI0c>$>uV zcCCiDrFW#8h!W^gbqkq*Ry>--d65~3*dq$GEGHWB%49ff+g}%`)I^NgoS`b~T)j+v z#S#gwS??o33W>xfgVlJt!ZekCs95OR@oHBu+B5NhD_D5Fui$P_9^zSjTGv~>?uUqK z@}nd00#C;!^C=NeYm4x1QKgElzLO@iqp20>?xZ+fZ|fxU3g+TuO#LU~c{!FU~-~ z?BSgxp0l;N_^{aQUv>DqP5f#nN`uqyvJdnGjn&X2V4@}RPI-h(mGeFk zJlyS;Hbcz?fsp;4zg_sW{baa5g}0@zFOG4Yh<2*was_p?2YEDx)_Y&)vwRE~;cJ@* zXD_quiN zPnD(C)wLLT2X~(LQvLD82$RJ?+y5u{?FGBXrA z9P`D`@mhs;X?2Lh)+nvzK|>z)!>p5c3%PyYTCd&sxCVbhrtJC?voCo9k8Qt7v*B|; z7chv@!+K4ot*r^Bg~dOi+d;ybuv>P$)c428-RWeL{Q5_W-uh&oH|J*u%#%9q;j>h; z9W7>9bf*XI*=xQ?BvHnZ{CdDS8+~(8xSbyL0p+)Dy$%KN&`o#PU6>EHuAj9Uy;%;{ z)jfnR((;gAQHf0hJLgG3Tvpys*Qc(pBY3h@7-Z_9m{E3uXQ!OdH5G*$7Z4fNtomKC zt%3H~U=f%3*3)Lydb(o$ma}XI(6H`2f!(vG$DPPBm{)@Ywqm0gOY28Vm&k6BwxL$@ za|~@Fq!F79dliK#2iOhWB;Gmz7bAF@xbJOdCANABPP17!-IfNQuCkR?ImkO1X*|tg1Cdj#coeI(Aq10 zHxNBhtSt+~>K<(Jvq~}y=|Lmcb_|1$JtqysQ(e*0qWIrVv6j{vBxP4e{^&#t#?ZPq z#7jDXWa{q}VQwxCX)R}~Fz1T=cyOwSmR**t|2rOlqgr8!=CZhOXK#?D7l8inL^bdxGM0H}XsooWc46 zFc&~zJi#5xCu-Md0c-hv8hS+9nkoS#0WUyj3*d?;lR4;)vm>jF(`9bHC!8AX6cK0l z>%Qg7|( zZwzsciL3G0Ickh2-ssJt4c#jWvuXv(5+vR$y&i3S2@f?^dm27dST+EgL2bSRF6Xt* z_CK^s(=7goLp#H7{Brf;+H%;a%YAuSyxsq*p#M#K28^xo#U}Tf1HCBm#MK8ttc{h{ z_aNsq^GcsuktBAkszF(_?cQIY@R+r9C47x;ZzZC*J8^Txn9Prv2ds6?9*9wIM3G4M z4tZ@6jnZLIx;{Clc`r5(yNNmgmzm?kYo3076lAZ{+LK=+@fJh5n?2GIWkvce&9h`W z8Vk0~yN|#wYKjr3!xqM)g~FrZ46Q##$nW901BthLsIBvx|7suk>7OT?mWMD>$0>AB z>1t6MwzL99XKZw#8XGe{#yqFa$yL6&7GRri`R z6Rf5d(HD0gKDWKMGB(Kw4><`w-T$L~pTwtDDwBhyN(Uw%2a+?xvR4s0pgZ2u;|y`8OFpp5VveJ&)0n=; zUYd>-1CzayNp(t*_C3aF8&dNF;{O|5>nq(V5g2&MviUr*ItW@{W`{1YruhoXkOUU< zmj~r3t<$HmV|pD#$K~L%#wO3x(Wr>AaOsk0%7$&}!Z%(_TwmmaF(Zs~D6LPo*qQh^ zy6ReIjD+B4YR-+4Cl3?6He5gLQ(&GLbGLD2TX*(h3eTD{$GmvHc3q;j`F z-{p5ib@N@}qxl3cLRQ;8ps266ZONim-{xOEPnmE$`maD;za$v6y9}Cv>lSG^ww>^C zr?5m%{M(6zJ8S5QtI~fmgfsoX+Z1h+zf=7!u-JpZ*QYbrLyK_W?f(wIxZ7% zS#7WpqXx9P=pwC3ue`|!Vt$i}0fJHQRv76-wh^<<7MeEC2`1an6&kf4AmvKHv4l4z$qB>mKk|F1}EvLndv-!*L&v!uG~(DnXTL!XI+>{KaUe>OPL zQKS}fJ5}5mOl4G>%bI$5YUn}A=OCrm;&wOAKqTOz2#Da+fv9*Bj*r_dqplEBj#Cg* zLMMyM8XwQBE&cVEw8=^UGVW%}J6Lsa6aD8O1|7JYW?Oj-SEyWX&Wls{oz)*hEsNh( z$1CT`?xp~fr5YuQ4>3!*i{48auOo}ONG=CWz;0ty2LcB5Yy0Rv3B^{>5H9xB%clQr_| zYHNGILTn21#yF%MA+Idw=-BRK@})9MO@R2}F^};ZyJvmtpENpKBg>3*0as=B7D|Z_ zsy}&ml(K3h+}zw(z(U7lZ>oI9rNAS9h*~y&kCS3JT{yu|JUGNcQ$srG<+p=?jEDl2 zyuJ}*N$RlC?cbUHz`XkHzV3yr@EE6J;6~oS5R6|dR^)>6h0Y4 zYX_R7(#b5T14&#eEIK@_5Urj0!Wtr#{U)!wcO`mt4CbSGIL;SZ*BlSbv2#`aIqb zaKR!+Pm+-$hRF5$doVk4y<5Cy6wh2&DM5V~CyU4Wu_=kmGVAFg>Q{zwbiNXh5N*qM zH?%)n;c>+Q0xqKk+|T8LXR4I-j@=x0LpGTeEJbRp#+9uKJtp8fUYN4#9a+LVt_<%M zB+NCrYtYE27%2T>y$f^WtFop=IzLQEVAYcX(j3#lo$>nH8}!4sXZSbCuPnbdxu5en z+yniLa>*wGPs{B;W{RmfxuY%K!n(M`#5&^rxP$BQ`T16}WBAU0`#q^(ier6!z1C~I z-sv>C%slVz@Mzz)`@-p9uAoM{#!`c1pIy27og?x8#ok{AW!biW!ziVI(nz> zt=5?V7x8$5RTc}PK;cPFz->P!k;MElJ}8EwcbP=!{FnrT)KZSm^@4swJRiDa@`coG& zXp#Rqtpo_ev)0JX^WC?0L2)!Ha1RKxr98h|^G0wCE2zg%6(3L5rCtj0_jfDXg5ht) zAsf9ZVwN%FG6l83P&204%15u=@CKCBF(9cQzCDnb(`I8NooS{vcWHRNpETr!P+xBC zO1qz8IvdV;o~P_pUqnCkJgh>ww2lgL!<5 zBCTe=*yNYbx_Y+K+#Sq%RIxdjAm@BPtEf_gO6mCh_= z+rM&a@7U}MCT`AEm-eV*yHnj;l7!h-97sX66A9$U5}@8`<;cp_s<%<7)!|jI{ZjnZ zNJ~sK96MbVj(KkVuXX+kt}d@Pg~+?K-m)+ojC|hZa3#g>uH%vp3?t5KRC6GSO$q*S ze+8gqMLhjm{$G9Q_UE!}L-PF{E)L&>P)+}QIt8GR&;kh3kY^ zGzx?wYW4pNYJR#00>tQb``c8u9~;Lg zI(yYpttg<)mTDIcqOIcfIQZ7&cB_(0E)y@EAsl32O$ZB~t(e{El3up+04{}G2~vs5FWao!GSxrizon zaB{6{CPj*Ocqp_dFm5GU^+h`pMd#&ju8tuZn(r@*!B}~%+^5aRLaWsxip|X*0bHcp z0?hZ0|E)g+popGc(38g(e0+RknZJluH#R6dWRfk?_aomy%lPw!o`eDn-Q(iGu+Imn z{U}}NXMexcYF7v)G7-Pj@|hhrC~JzdkLfM3u9cucPmjijAZg{F-dng;Y{+wz>2yCBe%lV9Peoa?JM_ zO~{@V0f)uiTj1l1e_zVTwoPycJ%)bfD_ra?l7rPe1}u7gV9YqV+YJKd4V&exUKkN0xS#zVAnan=z??Q-=t5+N$Z_Zo3&9+;3r#WCtnC}v9w!s(B3eJokHOshZdk}}UcFdrxfG9N z{;LNhXI441SjXfvj6)(nepN0ss=1{#$r>BrJq^L4XSLT04Nl|tpaYF&X4h+l;sq{Er@Uba{Ppw_03H04i(IZWXmr?*mcirw4M-0l6Yhr( zb-->aFA_B7qsc>KFVbZomyC}FBF(^nxmxzKFlKl(jhbCPv-k`5TJxnJM#3F+?8uEw zeFk`(70DCDy1ImXuEeJs1LcfogQqyR^{2l_Q$4V+r~KV}$Fjpdqw%*KGBh{4uH3E} z!l5#gXnkVB z@{NVYFQcOFvuXVym%G#6Wv|RQomPEAiMU0(Te04#iEq3?z8EDHv#SfS*V$cbbU55` zyfEktp)qXD+FPoX(<%Hius+d?USZn#Vtb)7H%mN9!D)tNXZ&N_Wvg0HGzIBWQ)shW zC=!nX33p)gTNr;H(HBPnGwyJLL5yR|X?yeKLIL+=QU`cu5oO;%mDPj5hU zY?ZzvioRiqv`L@xWw{jmvI98#wMD ze6hbkqev+ioimtRi0aeR&_l!aqQc;sx!(RXr-bEmo!sNI?oixpQ3y2gS(|mE?dVQS zncsaWVqgh*{Z_fYSd%@Z+yDG)b1{4m<};^1R)vF;?+Bo*-qmWHb-slR4Prr`4)fGX|AsYgdWjD80I=8nIqM0H+F(bMD-1E zB-XI4*N-ajY_7-14W|z-W=2V&)|w5n`&QAqL^fp-8Ka7{D>Ym?(8*;#%M*5Ssx15v zhbA*`u;a=hTJP|;-(x4WdycM8a6Y5?M(+#b$C}1H#T8D&Niv<*4H8fEP`gmf`Ih~B z!Pt@=49|zJ%p%iZo*xYX-`VuF|%ZbmfsQ54W z(8Lqyn=fh@v>0`r63w>WCy@pqN%%>|*@+LES2rN?%sQQJCeS6b=TBPNNGVm@49;^_ z(qSLW)hjZ8>^+$k9zWlm+IGC9o-9!Rz0~-z*3t2Eq-a?3)>*Dx^Y7FbBwYCh=MH)2 zd#HxU`HH12RVK57WoUAzm~{46$XqxdWz#S-Wu=kaua43$zUj(KS<@%JRV}Sv`YunZ z9dLXszRonYD|Qumjg}xvXc*$ECIg##T}Gt(vYoSNB_ia=ecp#;Y^Fnhq~eT=xoV;3*&*u(dg$w&~)pf1ZC?4#%Gqv0mF;0*|~to5qB9S=fT04hncJ6$@B^@L#s;d55JqE-@r6bXK{-3srg`d>-{B@af6?+yF}Zc0`~ z@>|P3;1woQuP{R6b+(I9fkh^arHY~KC0b~Z0#ksq4FfI|vQ3q*uQyL}cz)Eg*!R8S zwBN}J1+m2($@jz6>!1;+6S0n=Rxa@0s@83F*Zx4IJ(erS0DPAi9eEz-J8?ytwX!3S zSAaYsHyO(!DWJro{Lf+qcMsDtJCed)tSOPQWZEB!GfsC9{e;|ZjgUAUulhAPor)eV z)!TNzma`(%s&^LIMTs@f=%_U6MRU42GkMRBzTDs=)Ovlo33>}D=psWs4Bsf-QXSrW zmEy0xJz@)tS5ePNJ-}EHuSxvf|27g=$mmxTi1&aa=mT>2b93!FJ+CI0%L9Jb5D|bN zMz**)a~G!*;olUi)k`{!EeM@GLN=Wr{Z4k-jq>LgvZ5CY$Hz43;1$FcAF z&=PUf)fSHckUg2!Ra_6=2{al`6?(Y8)a5^K@OW$)_{u3XVjYy(9=Z&#lYSP6OI}cA zF)o@Q)YBdL!-rgMkw>9O%{qz2r3Nq&0_}b;DUJK%V!+^u-rzVIyG40YG0Bqo`fQMp z@c^=~Gm!qVZc$^#vdkil5`Mk%6fyC%{SGbMJDQZ4*b$6+a)picMACa`B2v zp%2VGAk&&D8{57dLZgtzPU8KgO|RWV2D+HL*Y~NQS?vfwjPa&Uy$6q~&E1tXl}1)x zZ0Y-V0L*+-lb9`+_6}&#Xu;I=n45FFPu2Gg!yKGn_OOF+*$SQ}xKw;N$CXGUX?_w- z1vszVi6SGbSAGd|Y`usdP-m6`W2~e0N{K02RZDd+ul24pUkW;lhGMT!8t&flQ2giV zBZkz3Y2l3EYqv(pkk64;r^-a22-M%2gVIX{{#%uN)!K0O<+aXRop=Ua3bq2(n3q`e zfl}C5Zmu^IRN6*E-)3*HyZDU`zH!N6a6yS$&F7>W*G zX?KprTBl2O&F=rpBor8qmg?#nN0v@a&KUTkZzb+8RH|;4JEVm*ZM_P^<5ttT8_OB5bw3s2JDDcWANyzI4Q1r6fm#PG^^U zV8CW)mUI%cGda3r^>ndzAy0mDb;1;35j=X=?)dIo$4`d4wOsaD8w_kPEBu3+RU?~7 zM4Ytw3c2x_eQn*6Q~}6D3jU5dZ0Q%VdNBIACnssVwxT!ZhozL7?fv0H9pIWhQ8W$X zBPH4{Ci7WA>~$fSRI~uCO3Qx+O>k~BkSH&Q8IHq}GlUNCFapa~WqV1WtI4LcqL7Rg z2N4@3h$cqVnl<0DRJd@VN_lp6X7Xd$>uSw^ZRCcFCQTLp60h7CG#<_H8*A0&H=g*Q zqI0cZp&Azcz0yWp# zfiBdfmzUAtSLK}HL@LXrmblOAl|4h++}Q=e*0r6|Sd6!24r!09r*#ZE6-x8-^T27B zv(s`ga=ANqZq`6i6scG;KkRJRUbG|dtMgI+kDkXB(aUluGXe##C!;f@YV-WA-uA|E ztt-rVcN(^7^k^Q7R;`Cs0*!<_a<{L}r<*6`MdeJZWg5H9TBjljCnBzC$K}r;bS~XR z*X!RqaWu}Y2`^T9qj($HPok{UWFWvOj9R_~ZaKncdwcuIMQ1m?^OcPGsn*-izXx*;2tr-qM8)+SJNk7R>~I!>b{311V`(%+Yb=*aPC0H?0&@wS ztca-otxJ#CU|Ogm_(J8dTaGYEyKudaaHI!Bu#r^Qj-~Vh+v~VI7HbVXT?2Ci+Cq@1 zREiR%vH5j6ExHq;$)&a(9UKFui!}?wEFF_G3plLc49-v2`%5p6A>GQVC}BjYLKS z-!HCg^tWdVmcV`rp7SV;xHtG<^yN1nDZ>UjHrmu@qD4r_@o?O+iVVH56h&o$~%bby=m_-mqHomH~49V@zO&KY}tjC*o%6OaU_Oaq4BRp zLcUT285BF(QH%r$I1bpdK|uuJ4%UuW>UTI3%o)guX%l-AUF`T_5#88tjmXbcnHLIq zhsuiRZGVhNx+cGNNE)4HjIM zcjEC;p0+(gLQBN$bpPph1O(t+Z8V=(J*T9ub?vk%mLbGov7|RvrezDQ1h|OVF!vD2 zKnDue@q*>Al9VRLYeBjAPG5D$D^xy1Y;Cypcew2wWiYSXMfE-z+T@PHx19unOA`lz z9)ZfG=TVVf7kX)sF4%5sMqV@mmwaDYvtEfy1)3{I<)$3-E_C*JwPZiY3OT3xIsevV zOzF_j4&wNDOHZlz#w2$2+Y3cpKG(z{pTq|~x7%&EP+H=7*i2M7Ib2Sg*fg#ks4x6{ zHn+aRvA;^qU`y#!Jg|JZCsoj6R_eQducrb8+mvk;1?4`}<%6l#{*2*=)Zy0K&?fzM zS6n8>zSUL)(J;pAX_TTmpP;UA$(L-?(7V4g6=9HDnK-dhIEwmwmK+5LNf$<)lOq0Y zHjCh0D_cX&+|qSzLgQSH))au`r~D8y>XJGZCY`_BFcV2CbF{l#bNN}9O~gY`LP7$w z-jY-(c1w(P*c}|sk9kiz&Dwl&R{ry8lsRuTcg=l+Z3*90>}ex8vCI_D&(Io{dfS^= zEW2j#TW+G?_z&pZt!Lq^D@uMXGKD%DRuk-X<@$sIB2 zj*{w=%?g`;ehLhc%SN~g1b_C`ABm58G4>GV-otvpgPls`5d}+7^waO#kPw`I+2mz@ zDNn-t_g{98r5f}nA{^8Mp#3WPzc>8*5`k`58g#=b&>znK{E!R<4F-yRoRy5#IQg&7 z0l@`Y^g~AK4`lxqDQLuABTvNNR=w&(?7x>7d=GpI0PX854g5iQfy1Q-0Oo$gwlweW zcAW!!la`LW#HhaxA&3mXhV)GxdBs0ZAI&Ne051XZOr-yL1O5S0dP36pExF+W_#Lo#4Llx=fuFv7|b6T>wYakCMFF+S-MWqE>wUgglPK09KA+ z&X#(r*gJ33vG%NHh@UQ;D~VT`ZsH?j!?$63+%v#Wo&Sy@@|T&3W}whBN3FF@%xAoF>uB%fC8ZI%ynRH!z& zeerZOAY$>=+qbpE%By{Gg=6`KusA^9(L16G@@DE98g{<$^75_&MetaSHn+({UAgS9 z|B)_2?XjB z{yU8k9Wzg47)br>JKV{}W;0cC0)TZWD0zYApR(R&Gk&sAwKv@-AWP$XhuPr(KM0#7 zW1>j8-w2!ZQP)Ezj;1dpp4SEG8VDutC!mBjfr}!Z;Fp7Voz+Sf2;7}Bv($!2iRui& zG+E;U&G1bpuVI%Rr|VW3nRM*?RduIpCId#dIaW^VRS##F?_SO;V3XBwFnurA8H~|s zm>KY-{c+iOi9t=4z@Qy1flj%V1BRAmoL=0Wf<#Q?3gHk;nO55FP{PdNwP#M3L)s=w z={^WV?9#yrZ%Vjc`<>O_-(K{hDL-_cZbnne>0B4f5-iALbAJgfp%gvCt}x!kWHaJ> zJ<}XCrR5|IwZ!EG`qgbIR#DWot`M5u7|OTWHO(JKzyQYeHm`e|ivjiC;#9Zw$x|xX zZyY(BaH&CfJnTI}Y#D0JqKFd7?8P8&nBV4c(JfyqJ9xR?fNprw_Qze4*XTQ!VdmB| zmL00VkJIZ?Ts--oqB1nP8TH$@-iuX*ZOSv85F_Mwr^RB> znb=IO{X_!Zl(Eg-Y0K}EE!J!PQ~Nn{ITA6VU)jw{hVc$PCF5wGWL#rKPA}aSZ#2M} zfJf-v6I}ZRPPg7hC zHaZ}#6|7C;O_WlKHqq=P^IN9=lc(o&N-?{&lHLy*Ku&|Yv%_gQgYIxTK1`62!L||PQLn$|gY~%YANWx}h4~FFs6$!WB`M^pA zgcH~|Jpx?EUhSn$D3H)49HUe8WpqlN1^(E~7OCAlI4B8-Z@kNjrHR5T3%dUDX#y?eT?>a%83LO|RM{>h@T52r{vKQ~{`Gx+NYW%Pr(7^N-jwE3`XLv+rf4*7~CEE8$NF1mi z&Vc^y_?(Ha{S7SQkRj_^v#HO{{O`PBa!zNGSU%S95x%u(s!|w=%#leB>h?!mU0XBk z3;6h$AreBad9jzn`VWOEVD-dj1bhLiF1w4}6zKIl*7Z9M1Gp-1^yvpJY7cc|&1)#@%pS*%qqXp@H}LdeF7G+P>K;bJ2Z#xdXM zAa}Ak%s@|1&t(?=jZ<2rg!+&NreiX%R%e0h=IW>${s%`-6icqGR1|ae;^L_x8U_&^vk`R@%IebTMC->S-g^Y+u2YQk2$0b=LHez$zI66= zEULE|EOh86fuT2)!6YI|c_{yoIfBtZ2}tmr=&gm;e$)@NDBzuAmZ5DfZI^0!d~jLM zzN}IYDJ-<)r~W)6muT1-TzvZaf`EYl^mH`|sls>sFfpB93$f*d?vjbINJXVnCSBF= znX3GSm5??m-i*KjNp{@@nVI%BWoU;$)IQHQM$6n zqAG^CC3||{HTsiI(L3(x%$qLN0Bq^+bh@q>?vq+!vo0B93mJ?{b5U22=;($&>hLVB zY=w^({T!a3@6Iir^C;8~akue3#8T=;^wHn94rzjpp{!yxK(#tO%Xou*zs85Q z`ZI_Q;KSpajJjU`h{8xD+Ag>8qH#H_e+B;dne_{Pt-Ig*`t(`MR2dXB#fTtdlKtio zfoX5`F_Nyx!F;{lVs9UMjdA~n{b%jeY&B#6RB9OfABo_JS{OxdeS)Nd&0L@2B3m#L^7#} z>aFNay zi?me_6CTTSqWAL^v!+aq-}vTlpzhGWcb=@*?@9j=s0r%mNJ>yJ5Ak|l5=u#cCRWrv zUtN)cY8Yd+OEF8Fq}u&n8E+?1&p${lJUCfHj?g+8PT!<7{yR_coWQq+YU1C|bu51N zbgSr)NWU-EzE!;!Y)7f`7!&R661=(Crt^?VDL9{mFVHFKV-fD`S$xl5;RkQMKWW4k z%9t2}dSaOBe-8tXF4?P)eO8Ufe`1`{JykBR3)_i4&Hc_k+;s9z#0dr~sJ?qpMLj19 z0v?74a;-5KbD!4-6i}4gW4Q^kI}R+OdDlWB!I<|@b}sgw9ckk0q-XW-va;K0YQ|8G8YJ6E!x zZssshL$>5_^#9cz36!A&HKcoF)%M9diO7io$-lZJu#AR62ssEM@Z$Y}c!L}Bom4=G ze`}`V!{6;1(^GHv|EC{bn&7%25sgCplaKd(0YxLr7uClC?5Yh-@2K<73=u-AELS{t zw>(}tL{0y7_fWj}2vfOq(-h#{YE`&lGnp!?-$!^N)vrvUfY>*I)nu#(%&PcUunTGu8_-YoCNgEpa)Zj^3J7~If$@M! zK0}yk9jH*s`&>GJrY}n(Mm!XoY5o4z!RB|5ywk~5xe-X2lZYhtlI6Bu%@T26BL?dy z8p{XidXL9cV&u8rDAEAX3gN0t{{p(soVSUY@TtJgIu6aSY&<@N(7>!`ZeBbqc4O2FUTCxkbjG zFace5Bp_e5-CQsG<7p^`0+7bLfmbAfK80Iq%&7N_iO>D9x$@PU_W~NMmh`|G7YW)~ zkhMx+40_&ZfGj^%utT>;KcJniPqOnr=Z2^J1l|V(0%l>HZB8Z1m9i{}WED{H(Cc?- zw2VDR!Y3xgWAEuz%$3;(XQayY=&GYHkV$vfh=D! zHy(7^TQva@*d$MuASvo*`Htt&)XLN;4|km}lQ?bTe})tMQsV!|715Rir^bhoBEhnQ zMhtaSB9nBZ>e=`FOFC%$U-GzsVY8FU4C+m4>=yIbdH(KtyZB@0gGs!aF0v+D0cRZ^^&}>s7$1N~bcb z2fw1DHk&G%bi$(3c!M`pngIIguYJH%B>vP;qrMhaTD&Y&c-Tx^pRc#g8GUBN^JOoQ z{Y1uZ0!b9}$!(H?+-2L#fz05+YkZVIt1bzW#Y=YGA0L`Q>YvW`1~(Uz&2PAC_3Fub zDOKK`ksN!xq_++wRp!$}dHzq^<$Hm)qdCpOowV8|E{{(fIq5`gjb{K|NCJHjK9}8l zM4W&))5!t}_w^L#Vt?<2g^%$54IO|>6bX417aT_&1Z2sdf7Qq=r<`0I$MZHi^hYEy zgT(Sdqldfe8{-7ffC4F3MP0oc?uoy%V-%fEmAK9N5ZzPu07v=S6UXv3wvY0DP{gs@fbmn1 z+5YfE?Pa}BZ>J!I*>=olke`mY1?(x=AS-Z+-1s5su$fK9#?h$mn02zTn@*_VK%<^* z!5>`n85h;ni^OZRPGK(D)a?4KtnTj{p1dvrRwX|=o~Y@?()F!TQk&}&assqbV1~h9 zKH4va(3^+0Xw`;-pR9!QJ}l)8$`kZLxj`clbWEYExOu4KM0sIIXo}AF%~IX<65;sb zBA)+oFCX#9+OQk9cc;EW+TnFkn5$7DmwmANqW$ioOql4YBUXBO`C&tfhcA;WLaNU*NCVK#n{)m-Qb>{2r;l2NQJhu7+bFUkITtW&reD z0<5-Ook05=k0!{V}OBVlXg=?hGx*HdtabhNG%qDA7x{j=rdTw&9L19(mH?ae=x9YK zUn@UjzQIYVpdeiKXCP{pPIE&;47zUTY&(jBt!)gjkK_-%qn5btKt>aB+PC`5H$m{$ z0^iLIuEUG?!2O5!bx!0r5Cj5e2eFhRgWC_5r!0l_zPX;aGa2(>LXpwwhRhQgZ_ZH# z3||R=;{FOY4y}Nn#7h8eGQO!Yp%&$!LXu%NSrtx72V!`sxOgHZv0Qzho0HW}TPDY9 z^KsGclhX>VStd+X0|rL0?1G;4HKmd-^Bkx~GhrX*=oQg@=qr7-@V?Hz&i z8Q(}iGG`pH$-N9cnd*}|2wbiY`e?98pOP&araN)TnUp_sq~B3R3dxoD5+5c=nG#0- zUA5^$Mr*)TxX{sEn{6lK$zVUuZTaNoX?tf#SNeRto0x6{l^6F@UAAllvo(s`hWLZ5 z1hn)$%hV$Bvcl2FGJ>b}KAe zt*p@Bfu=UIZu{GoBj3~WWlvKGc^_i|l_@36rnOLGj+eyNukA7%rP6p&`qU?c-%& zH_yhCzUFt|7WgWKWA^bEUpj7Et;atE5%ISK7GS1O3Q5M(=KC*5QCrs6vd1&QUp3(l zfw;EsL*5)Kccy0spz`QLSDiC}BJ69+d~0zBqxfL{tG4&y9yXRlK{(;D`iuFvn=h7i z4Q~0T#SFiBY8z}A?%Y>etB+rjz24~08<4elfm*-~FSxUWVIW#jB_Q}4;L^|}k^+nBB zmadCiAF&0kj_xnzmLb{#sWFLr5*X4BCJY7X@t71U=_8~~rD#B)SK zT99n5Wc}c?p8f(Fm&-13{ylogT7kTT5aUh&s$7qy{f>AHg^c~j7Kc)uCt<}thX8C^ zrp0rnC%MhHC#pr0T8LIJpiDudOK7{n6+|akr!mION|XVTlq0!=T0j&(ezp99QEC^ z6@CtXdXq_`Mm*DVgfcb+*eWk&284G#$Xq;}%CLq4kM3MJG3)PJB;yJy09|R0Kunvb zF=;Bw)XXM|K38Kxr_TIw%p-9E0XduG`V@=t3psGz%#lX)2DIK^BqPmIE7V0wCo<|B z-m2<$h=!e26Ufu*3%nO^n}z3*N53C@wnS%lHkj=e5N_%#<;P0Mm%(*WJ1IPglQSMT z+MT7g#sDl8&Q<6%*H8A!hCI|R9BL$wqvdyfku~@DtjalGfOdkxs-Q@{QIM-F6;Ybyn=HB_5T+ODLKNhiJ! zz{NEu#z#9%VWd75)TV(MMx~`kQSmdQkcn235w);9=3(x$0egY~)Q}+H%^>E3dZJ#N zF`$L={ItOX`})N2nB{z3i5y;6({A^S99jD!^2ZuU-wvL?#3?Rn?_Cce>1N zaNBq{n2NEZYjm17GBm6+^dNODIYh~*3-$MB4=U{)!vnfSgD~m7hA+I`>A2X5D|ANk za{5Yo%b1aSe;Se6^fHr(gi+0l)HZ&=*#^IaQ$FM8R|cJ##779uVwDHR_`BWd+6a1B zLr9wG-#1jb`P;zSUAS_;!$k`ll((dH6dlke{sYa!|GTy?!aG8m;WU!XiEofa0^YX~ zt$wCT&q-14m0_WeFSI93g-|rlN$x%Rjy&~VZNxImRury7B3^r{k$?gk6_NuB34g}& zs~Yko5+M(<+Rj+~vJ)(2_W^ICc?x^BwraoH2c?t`Yf1h`d~optVZcyHmDWt)yG-)! zz+a;UeOPrXc$6pbQVdq=l5k-X<`<54Jv8GOqBV;q6l?8Q=xVDKsQlx82IqWPj#ozk z*L)k^SMH=;t!C5orhG$k8@cuW$bDr++ARCW@+a)*jYIXuarQ19{lPf584n{E48gSoXQ-aL zL9~(-aLCg>fKu|2UdL3BN3_z4FlPDG6~UNg*svucoM+>eeif3=Ify^o8RvIpy&63I zdRPh&F@D>qFA`xl`qn-Jrp2y5XAG+e*DP1FdK<9AnY`bZ6n%Y}y`i$8LICf}XrS{- za-g?+1pH4{x(6{YOaX>C9LU zwe`T2FGUgNa1>+u?PVnT1MWXJa?@Pe11fb zpV;KZSrV&};_Z`&VjfpA&NIb^heN~gqxtJUzB4rdBEp2}%g%4GXM{jX!oFn>dCp`r zAudt8p{{2EMKNBZx@(37XxW6p6z&MU5^s{DJq$VpH6jB+>uS@M!mB4Y*S*J;RBp#h zPUp}=Y9jZ^w@RHGYmYCugc-5R#zuuFfBcY?5I0*a%10tNnW^io+KEbsu6<(R%i1Rv zxE-@WSEn>6c#xODrlT+iZk z@`~4?vuESA>DIU;qiQaQSh{fuX1hQYRIHlGJuHY?xVw$067+j11?anM5cR|L@*8}I zSm?y96@3wqls-q=V!)t@oi-VP9VQu2^xjig@pX%;fA8pHal}!3q$Ztm^1qygo4p>R(1U1kI%RKLAN*CBo9o24*OB~qcm0xA ze)5JKUhZv4FOL?y@iI=wxj`?t84`yj9rnJ!jGRCzYC88(uuo%k+e_F(j;Y^Ygsqx^ z&AM^~ZyM@8lxXS4If;cw^$Cx`PY8mSyEpQ~-9#I7HLC(R38s#R z-Pb>I!NXud-Ys38IG-Fp)|-823qgJ7ntO~;?tXAJ31{c!K!AiOmdd?xt|yG*!FXT} z-{NESSr3EO?6|bZ-klKOK^(AhAg6qvmI+S*H|c$7=YC&`;vvgpRLkLR}}|*XHNo#2R!Bb~W}F zxb5aY+b_PCo3E>>pDi4Y*IAYzUBbl4@nePb&C-u6YQyy1PZ}1o$#UOX{e<6Y@8<3n z5$1Y@baUQxT3RFz`^1`&Eh9Xkh8^19kxqG3qy|)1`Ly6OX{`COU{x4GoBrLq^*RX9p$Pc7{YC8Zx;|`Fwlt)5&p}zpR zD+BOxD>lwc@F4vA$Mf__AaZvZi2L8~@$`>vSm5Kw&K|Wt9mk+rN&_tSW~4?bkZ;hi8ORQ^J4!Us)l~ zbZ%K&nmo8azA6B22?3t#)g8?S!0bOxVf;zH!CLDb{O@Pr-vyR|IEToQRvrD1p9Rkc zA~?qX7l(fGvN+%tDEaDFxU5UJ}dd=|D^d*`?<~4|Ci3RR1fFX*l_pWtEgV0iPKoN57{|t)3ybkjLT#fiZBGdZA zy^A-`CrTh-U)|X;HDWRcu`I9OTFysGC$S`tm7VU*vTz=^KK2$)my)|&?4f~LaNKFj zc7M*k-ex_x1k6NL(vTyCF1ej4&qV7Y4>cN$mw7D~{`uP~NK0swfKSBR+qkWnsJ^)P z)rbCd3@Ctd8rMBbbaZsQu?~Ogke;5SmH>8X^a8_%y;!qDLd8eA@PuU(>QfZ5^r@%E0;<_|v zfmlR#cc$E@$@yIJaII0dMvD^%v=)4etsbpUa*=2Xsho)85ZkT+)2FZ0aBc7@C@ACRhy}1i$xGV zIYT8}4tlrh~y8eWt(ryUVQrHf|Wsg+KSJ*z=WYFmuNU9_Q;+~wF`hOUWA>p=@ z{4MFP@(B>Ao(|@H6Rl86>}4+r_*~VNXZw@imXb4~U>gu5LkWbrx!7fRiW?g82O|32Lt*yybN@Cgorcf#B4%O} zECx$0%@rRH`JN>9b;DoDV{)aRWS4zk+05)00m$12%(=!lp-DLvAP6P;X$+w+9BSO< zeL?Kw^+!&JgKs8wkT?+p+&N*ciX_!OQGOp}l0R+w9BVNTb@c1X;oO0EpJ<>E+HC+1 zWd`tUt2SJR%ZB1}3c9P9+aHW6M{re{EQmhEC7J)KW+_+!4;1k$6vn2Dse+r${n{ZS z+;EdE*dzL85R9-foJ<*jM4%+prT;YjFk06sSEn#t4_JV`(+_~?OJel3NVY+?AW$Rpn7w5K#D=F68Yp#ZMnP7 zmQJd;>8!KsHK=#HtzjPVhQf$Csc0PMUrIc5OEeZ!bJ82a8irMi%5U_J0nUCd;V=gT`(s^E4s;^m@**Nbc>zzR^w>)BVDCy=@SfPWMK};eXES0C zQ+*yE&W{PX8lGsVwkVm}3{JG?NZT8d&tgxFRGn8fep}WTct#Nvb7e<|8!Z+Z^GDw= zF%tXo8)W^6G~AheUuwbY7RUp1VPl72*LY6y4`L7|&;x7DjfV<*Zc?g4{3MtI-eEK7 z$0TNfm3yz+PxlS>3K_!i5^40!AYxhV!$4w*Su-$&pY2YoA}TITbhL$F(#P&h7W9EQ zfvj)18>#%3CB4fms%!rrA&?lg*_#2#ufdWM!{6{Fj*L2sLZ|64&bmo;XX;v}b6GTc zhs|_r<`;Dwjmg?sSa4%8@STuJrAqI-{q&ui@zXN!_$bsXhyYuDypl3ON+2q!c(b#; zJtbvJaHSu~0m$9}OS3|Xk5cqW01;X6$=u3}Yu?is^qU(Lf9QAf_ukJ=Wk@(_REkix zAX;RSS>wU#WMYWharRs@7R-*0{JhvCfw#hluTg87-!B}7D+8=D^kBXdLq+eu0AxNN zJKqTB_5GzR*Kc@#o`VGtQFdl>WRfvA6v^lFibg|P6oDv*n^-6Oq=rGm~c zFln>6>XW2ZJ+It2P(%L(9+kx$2NFl;-dGkl{SJpqO?IUCaxkWDI&mf9mKKu~j0j|I z+-To@>f7E$s@V&oU@8@EFfhB$ya!IQ`XTR4SgvjVC`+B8nFs>PaILy46Nwh?+QY3~ zrXkz^g-VG2gG!)Eug=xm2GA-l9x3%fe+KDC0adE5_s@~{%SD_WjjbL)q!9A}-uCB2 z;pdhdJla5#HuC(y+b<+G3SVA^zOj_|9ub$7wV-O|V(U7WO!k}F>w=Y?8W7`Aq<%2x z5?%$u8Zn57h(hk%w}Ybf!Q>G;u||*c z7{!lQS#?sSCSMZx-}wfipP%a~L3G`;gDhpn)sMDD)2Wv>rg?bY39G=2)yXjxv_lF) zvA8ZSm%X4(W79JTExPmCe)zzWJDvQlF#n~Jy-T}p!vFf{!E(MzeYHD+A)`QKvo{jh z8Vd9;qoFKyn3a)YJckQc?m%4g4s9U%P^l;bNQ}zmvCgKWSjMr}Qvzg>t`M|+$CX$h zM3dY3&h)fLPsq^R#r`jQTI-e9B2`fez?|~60}MyBhb_=_Sh@`z8n>Ec5@=3ow2P`R zmhAt`Hdn4-uQyesoy*NTWsiMhB?Xlp)P{7P5?GW9?|4BhN;J%RudR$_eLu%WrCi~= zZBz4kfdbr*gnm_eGlmDew6`}n{wVms5QfeH!I%;J3=ZHlx!mW8kuSv{Mb9w{H)C=) z%|lEr@);WeY~B0)hflVkUoiEMM;VWjz5pO4WAIE3thLyvP2jkGV;}q8spN+5Y`vXC zieGGY?rnB)s9u9uTES*&X|}ILeEt-x;_D7|wgtOPxZ3GE^3s-+Xj1Rli>$TbNPJEk zQ&JofUKD9&7XL~Rf|sxRiSdM_H-P!7@L|v$?Q<_!i2|F z*nZElFsOhvTdE43o`{mms7 zhw_MeDvwEYDhe=cN;E@2v?G;jwPXk)4R62RawHBNRrXtDRgCcfdVOO4`?DB3d6Mwm zsS@R3KZhr86@lreDzD!2#6w^CAgmn?631{oYp*hDEf$mLEK_D1mypdU`FOx;f`$w8 zpL-}P46OYwQ7DB3fN@hq1pNIy?R{6+?oE^aK%;x;z3}S|bAJ|1@^+DC-#awyLVs-k zY9I)6Z;c;4lak9MJWW(VkkBmEv6V08kT3HreTz?u7B^XT@%eI=i>JH8FjH7jpC)kO zZ9<`H$qpyXhDrF|=CH0nKrQgTDFl$-XSKVOL5Y1ZrZxP3gdo4;hd%S&{tJRsXizdq z@prBH$+nkEelu{0p>he-bpZ_*H#NcARmjv7FPvW+y*$1I#4 zUY?2h@Ey!T(*L8jvyO`5fA=`CQc_Y9Qqm!zfUu-=gEZ0zqO`!$EhQkUNVkMEEZtqw z-LZ5^Nau0~?>*n2-uwIGo^#LT>>r%jIcH`+vorgd*Sw$CLk7_yT15tE6Y{l>u)T59 zJ5%8?0at)e<|^p!vd%m_E*fCa{MSJ1lBSFy9ZKxXbq|EA_wPg}nb4 zc{Gtg*Vx2ioV%>>d=nnWT^@|{>y)d#zxV-_htnINKDC&s8*qafl)mX_UFrIy-qrZN zlGG0gKE2Hlaga1`DSlL0sHYTrB&OtqKzI<3WPsfI?)9Ri6Aovq*j)e*UB14@QK2?H zy&+VLGsu%h87lDuy3@-J3h=%lMKPeAjGCm{z#`_zl%eB_MG6vZ{e(Y)6ffu!5wQe# zoBRf#2TUOlO7ItI`bByW*K!b748#)gK>GVZvQdRYR!X~FQF?3wKJ-91sf+$x$TDCs zC5;X$AVpgELECGhARc^$M~&m%)Kl~uHoiwhlAp9Kqs5QEx(F%hvJ~!wx66Hn5c79p zh}V=_azrKQLG&Q>_^lysFLjpC-(M(=wPNU4mK9=^w3Si7&HH>>1KcGJ6x%a>Hbe1g z!_kbr34RAAlcJlMCWFc>Hv`;F9&Z7%D7u4nngG{(-6NHk=|c9W#%zP#((rNvU50yi zu1p6|-SNnIRPkmhE44{gFSh7(P_L z1VtLh`-^C__a~ssvDOp4?W3VGlMLxv3BS+D(|`(ydUp34x^iB6uq9+<5H2$nAc#ZsXgVSY@H2a^yJ`{2a(+Kb&!`@Rn?Jh1I2Dp1PF~p2R622S zm-ky3u2U4|@*0*F;#okbwJ0_x%|m#1F;fw`>+n;4DuA$kVGmqLV+Xt}yWZ zR#J*H58BHP$F7p+4~HMu_5gg3UZGVbtZ?ed;wsa-O~DJCboajlh4?6`Z(gHi^7Q@% zw*ZdCaL2LS^m2&)fK5P&&~Ni+7c}dy>>dED0Ks0*ta#R4T>hWe;tr6TzXf}<|KoD_ z9gt13nZ*ke*h{m6eAhmAjIUa*YEzqiuUp-Cdq2~NUSG6bG4BaN=g6Pod9gV zoZ)nIxwh*Tb_yLRwIFMvkkIN{ek|X>(~oz1l9c*~QjxE&=g`gKA)X2_G2$0MmPv&u zdy~ERzVO?zDE~hliy$_?*_4#0E|qmnK_aOxE$(_#z~%wvqW!V%!yo-Y3EQL@b}L#f zUsdSfXrzn)H4Gp}aSal9%G$kQkW-VT0hI1Equp(XFBHKP`F8V`$@Up%4 zdq4*Ur1bo*^&36Y#=7Kzfsh0Q!jJFfq5&TXbQk&mjj-{2z^KVtsVG-;>H&0LDRgvtv4#|fAw5xf4Q!6!bO!ibZ4)E^j ziY*}n=XVqEsjtF9$i$x^t5h6@3{p^gVQP=}@=1sL7OQ)#AHTb+Q&OS~taI7JGTZ}< zN`B3>iz_R1!nHTFwzjs1ljU0^(YRzhLuQ+8%!B7E&_jR^eHYrK!KMaF0zq$j+j`eS zAflJ-vlN--uzEmy;jyhTFK}>rI|y z@Ku}qxlNuRKAI(ydJmXBp1+x1w8Dcq+|M{O^#v z5#S?2#15G*s4As7PKq|l-!gRX3<#?R@q-8>!iQag5=7oDW;d}Q)D**1TCl3(t1vg)9O|$pc zVyX{K{5saIVr;Xf#6smCkYql;r;#c9;4>qNnk36!UQP~8OD#LTxJ)R|79~gn{~po9 z7xLo7I=mo*YmtSNTg;>Cnr=EyG1C+T9(<*;=9#0+I^^Gtx_~QpWY4`iUn48OlX&XRYE_41}G~ud}vI5{)x8bkn?JB{GBA z1pwBhjuBBgi9$s`O@uV6Z!lR8A>Y3RM49Fz?K)dI8}%_4@z36X(78BP0s=rRx_MFc z2P0fAp}%L$)$}MD$DEjYBT6vV{&-&X#<2lLR*xti>p59t}qF&jQnujm5@Mxa9k0Rv2uPY(-_0gJIJYLre8KK@*j{)Nn2 z$KvR_QmGwW#A`rat=Jp28;Fk8#BKB^=U-?&upXAN*;Q~P2LZv#VrW<3AafSkwD z?CiVdhB0z2DoIuD)$EP$(BAy*7d(r>FZ)pHuRv`lW)wz!UB%^3y(;T3K!aYn1~eSS z>5yc6I*+rT4+jltSvjlw$9%!q4e)puT7RhC@vC3P(kK!r%|O+ ziBvo2x_Y5Iq+)NJJFuPLK$PIeGKheX5MqFkv;2mT#>xqtxutX-hr_%Z*o`X3>WzSC z8xixqs%!C4U{Ce&!Y**B%W_Vxo$2&sQh>mVH|xp+v5ejd+S{617w9&nZqGC2NJ`Y4 z2F+J{l=MflRh8So4QH44&9_&(yNSH)z*W#w+!!C`3va0=pqdaWxC&5SUl2z;5-Ng&EcwUKiw_`5 z^*}7*tmS!^`vqJf-H&o?r=S&Obt;9D_8aMrNnrER=yI2R!}#x4z*o97;`K>S^hk!) z!|58YVBS*&k|&WDc~h77aC`=-=FQLc=GCgay;#)BLy`m>JBj*58d3-XzKo436UP*2 z2Q_5Mzl|J!w_}kSKfYaj4=XNT@Xegg)@)sDXR#r}8k>fy%js3=4$x}^lE`h7P@q$y zzgMiOknSMat-yIb8f8QuLiT(BjSW)qT7puW-RR9(G8i&~hFQYR{l?}4?;f>8@KlB4 z1_}v<9r`6T8kUhy#b}hP3-0Va%U!T5*8tJAL7j6qY2m~6wNJest?6<>?t2i02t3be6x05LzZ+uxUaK`X|h2e%6O~8nnjA^d4j+tLvUwMt^^_o=}xB2?n z$Cj_=kh9~ywHBU9nSpHU==u3oX>(Oe&mLVbwyYb}?Vir=9&%J5;KisG#RR(zoMR&O zs9d%*rwf=wZrC%wURaBQzDXYNWHJETu7IWP*vW=g1e?5G>7rH$cSq$)dz&HJz6qK% zq~ucsL=H@EQyUy!&3-C&-iul)t~WhvdHv!p{otoSD;9>xQXTb3TQu<>XKOS1N-?gs z0}6c%F8DH>k#%rkG|`a>gOad+p0J@RGuz~HKXIFhTHinQwva#EbXnkK_yr^bzqeOf zj&_>Ao4q(%@2+v&Fl$fD@c)%j&1G`!y5nm|B{Fv?fxYSL?bUzziB#(crAy2g5@==l z&B@Gz7PZx7Nzv*0=^jT)MsWSZ;0EhZ_JSK|h2^^m8>f(AyQbIjoZC8iPVaU?D4x4D zA9nb-GQya(i|U;wTkZ>CpHT1t!en$Ta9+J7tx=`Z$FULRIXLav=Je=c3r&j~$3eYv zt?2Y98Y}-@wBLHBnq`v#L({^QK)kzs3iA~ELlAZaJ%@6YbbrG3Ne)ZM$`h^n>IRDT zsn+!1S~{mLs}{!#l~nL}J-658X_>mJ!%U?ugOzr1jI>h1lmIpf*k#M~>U{R%_^V2v z`_|!N45*Y9d9tYCX5lIlXbfMIuP?AQQ}dOjdotH$7_;CEc-Rq@(%?SJq60{1sUq0* zO50}?T`%!pL;2mxwHNj&&~Q|Jq4|^8yA;a@+~?Bz-pHw?kCfwU230msaG5)yloZyf zRQqGy_2o;e74KH0FD5_K|n>;PAElqmvLXk zMfBoL4q@79k^hn|HUAC5n9W1~19KbAiWlT&YD&hAP<47>gat)q40!P} zczF+W;=sO`-o=du%DG?QvBSfTu5~C3_hxH=h%LryUiOu61BYh3rXV>Q$F0T>V~?$n zyClEj$dMp#;Gz2Q1OL$?3G`Sg`}= zaj+y|F*Wm6oIO(Pqa^qt4#F=&b1T(5{Fn*L^jMiS;eR`N>OWq4Tv!!!LUce{prP_O zoaR7Qe5jLMx1KpZ9bV~$enf6cg9s<*!7s%?MV$#>A@`3p^y5a^C1XGRxY2-1CoPp7 zGTfxom?Mad-W$sS2&Gd>oM*Cb!*D|lJzfWp$sTyd;d>tSSG}EDCwT@t-i5=_I1Z3n zL!tJqK!|Uq9<>TQC4nc(ZjicJ5aidty_>UJy8inr-}?A7U4e#Tlz(%@cjj)6=CEUmsDe&F91Fgi1QnmVNDNc$0zyEt+t_^$rKVo!c9A zuvZe!DhSz)CwLIxv7`U&%>H9(eRlw(n}-DfU_^omgN;%M)9CG76XE`|rKGd!#?D!~ zzKzMUrdQ1B$Od}@Y#0ju4A@#;I;~Apl}fPIAVTKr5IkuM>=pu7!wyl6SOXU-+0zGCPT02PU6_@mkrCFTX5_7E*I%U=C*0;JMe+-NzqrO* z7AKLCVsilRck5{Ybp=7lO_=$nEtkZ@md;#4X-jcaf}%-_EHMg3Wt^nY6&>2>7ll0< zdGj5KDUa9@8|;=hn#)bxfXVw@%T*1 zO|Mz9V-6VIPT3rtDwMZ25)F-5b+gLzG#64H!r+YhpdI0HZxDA73v8zIs~*K1`GU6S z;Xd*pR#0^LBP>iwu-{0Q9k10@_||COXTNcClDGV{?X$|76CV+5+6AzRg9ld;a+`+l z;coi^KRLBjXwmlLuAv{V&y7pj8yyvR%?7%G&acK{cxeq1f@=i}&I(V%|1#GhgMlx4TdUjOmT0pHmO?7t+cNtvuWFg zWe59v4>p|5m@~K7K_j#{=A8%}o>2UtiJ|uAF;t)tcL5^x{u2;v_xfbR9B_tuAb+PJ z2?ny5%w8)9riQ;RS3cwtf*C-qm}+aDX1$8k5-JtvJC)Z#$7j^C7G{N^&F^*?p!B1I zdjW4bY95Mk?d^mBN0tDYlm(U|#6A=@X7ATz*ZxJKepe&8_QdQ1?jlh3Yd6USzlY@# z^=kSC?xv7-YhwQi`Kealult8>p=MB*pJuVJ2w{=)f#)_0b6TWr_sYA9p`I@fjCx4Z`KLpUg<7u~(usWW+YK^OQCsWM+42u(luRHEGFfM3gG;{&XeG>XTT`}$ zE(y%k3-nGo%SeWlmRV-q&(Y+V7H~lt$W~#hZX?ngGeXBlzBW*mU94inSJop@CO><0 zzL#NhfbhzmP~L*7+#5&{rWj&yM1}I$kz5;IH63xl*=nR}ax1=Qmxdp&W+|Yc4?WD( zKESqC7*Y7Nb(;ek8I8CZCLK;sEi!r8(++bA4DD^-CW@tlA=OlS$KtU|P&nFnF!-MYotIzXaI#ZUX zjW$L;)$u7LD5=GGEw@iYn@iPgu!g8LmrTAfziSXjBZLyi1BGL{c^r2ehfsUx#{7m0 z^ar!}Y3aAK_JfgGrsA{FG1^8xZQ$!;Wl86gX3lHn6ux=N?^ACilhuh@2?0=O@}PO& zX7Phu9%AYY_SE?CZ#3t}Chr@HAnxeyy9TuyY!CQQLjid8I2I}T`iGZGfdCNi+Yf7w z{xo{-RkAet7grQ(CrC?A?aA+j*l@IPW~%}7AXyqU%rqPcy_gtSgF+a7F_5t|Ge=pf zgy>$7JuS7xo|g->-K~X~hazT7mgCzsiVlAhNi#1L)y3hMEC%cSk;m;jz`p9ni&fhg zXn6;P7wGX7FeQAs$7S~yN~H1YV`?5s?z0#m_!G9t(zIa$V{6~e{tvkP{m;`>B;uR@ zr+R18c6t~0my6`#)cn{=QqHKxyueU>VP_XAePHA_A{#l#+ zS?nzUJpSFv8pm{}<0Z>~Gv5T@gAG}`{^O`zcZc<#7mX>f6#9SN<>p&tEXvCHl7yi|B;Zd@N?Ec< I+}Qs=0FV4-{Qv*} literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 72935b85df..40e0f40794 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -15,6 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual +ROBOTS: noindex,nofollow --- # New configuration profiles for macOS Catalina and newer versions of macOS @@ -55,7 +56,7 @@ Add the following JAMF payload to grant Full Disk Access to the Microsoft Defend A web content filtering policy is needed to run the network extension. Add the following web content filtering policy: >[!NOTE] ->Note: JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. +>JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. >As such, the following steps provide a workaround that involve signing the web content filtering configuration profile. 1. Save the following content to your device as `com.apple.webcontent-filter.mobileconfig` @@ -140,7 +141,28 @@ A web content filtering policy is needed to run the network extension. Add the f ## Intune -### Create the Custom Configuration Profile +### System Extensions Policy + +To approve the system extensions: + +1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**. +2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Extensions**. Select **Create**. +3. In the `Basics` tab, give a name to this new profile. +4. In the `Configuration settings` tab, add the following entries in the `Allowed system extensions` section: + + Bundle identifier | Team identifier + --------------------------|---------------- + com.microsoft.wdav.epsext | UBF8T346G9 + com.microsoft.wdav.netext | UBF8T346G9 + + ![System configuration profiles screenshot](images/mac-system-extension-intune2.png) + +5. In the `Assignments` tab, assign this profile to **All Users & All devices**. +6. Review and create this configuration profile. + +### Create and deploy the Custom Configuration Profile + +The following configuration profile enables the web content filter and grants Full Disk Access to the Endpoint Security system extension. Save the following content to a file named **sysext.xml**: @@ -236,46 +258,23 @@ Save the following content to a file named **sysext.xml**: - - PayloadUUID - E6F96207-631F-462C-994A-37A6AD7BDED8 - PayloadType - com.apple.system-extension-policy - PayloadOrganization - Microsoft Corporation - PayloadIdentifier - E6F96207-631F-462C-994A-37A6AD7BDED8 - PayloadDisplayName - System Extensions - PayloadDescription - - PayloadVersion - 1 - PayloadEnabled - - AllowUserOverrides - - AllowedSystemExtensions - - UBF8T346G9 - - com.microsoft.wdav.epsext - com.microsoft.wdav.netext - - - ``` -### Deploy the Custom Configuration Profile +Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`: -To configure the system extensions in Intune: + ```bash + $ plutil -lint sysext.xml + sysext.xml: OK + ``` + +To deploy this custom configuration profile: 1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create profile**. 2. Choose a name for the profile. Change **Platform=macOS** and **Profile type=Custom**. Select **Configure**. -3. Open the configuration profile and upload sysext.xml. This file was created in the preceding step. +3. Open the configuration profile and upload **sysext.xml**. This file was created in the preceding step. 4. Select **OK**. ![System extension in Intune screenshot](images/mac-system-extension-intune.png) From edb8a997538a06f984b87c38561c23a81cf67c6c Mon Sep 17 00:00:00 2001 From: Onur <4823734+e0i@users.noreply.github.com> Date: Thu, 9 Jul 2020 15:07:19 +0300 Subject: [PATCH 019/102] Typo: "DHCP Option ID" 234 -> 235 Closes #7107. --- .../deployment/update/waas-delivery-optimization-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index b4bb57aef5..f4101b9102 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -131,7 +131,7 @@ Starting in Windows 10, version 1803, set this policy to restrict peer selection - 0 = not set - 1 = AD Site - 2 = Authenticated domain SID -- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID) +- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 235 and use the returned GUID value as the Group ID) - 4 = DNS Suffix - 5 = Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. From 6e9a016dae8b1783fef8c7ed2b45657940a15e70 Mon Sep 17 00:00:00 2001 From: Jeff <61287664+JeffSchieck@users.noreply.github.com> Date: Thu, 9 Jul 2020 07:38:10 -0500 Subject: [PATCH 020/102] Remove extra letter Removed extra letter (a) preceding "you". --- .../mobile-devices/provisioning-configure-mobile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/mobile-devices/provisioning-configure-mobile.md b/windows/configuration/mobile-devices/provisioning-configure-mobile.md index afb1fa0310..340219baab 100644 --- a/windows/configuration/mobile-devices/provisioning-configure-mobile.md +++ b/windows/configuration/mobile-devices/provisioning-configure-mobile.md @@ -17,7 +17,7 @@ manager: dansimp # Use Windows Configuration Designer to configure Windows 10 Mobile devices -Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using provisioning packages, ayou can easily specify desired configuration, settings, and information required to enroll the devices into management, and then apply that configuration to target devices in a matter of minutes. +Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using provisioning packages, you can easily specify desired configuration, settings, and information required to enroll the devices into management, and then apply that configuration to target devices in a matter of minutes. A provisioning package (.ppkg) is a container for a collection of configuration settings. Using Windows Configuration Designer, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. From 327fc6b41a60c5d0179b0a437b45b5b1f65b4211 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 9 Jul 2020 16:26:11 +0300 Subject: [PATCH 021/102] 1 --- windows/security/threat-protection/TOC.md | 1 + .../get-all-vulnerabilities-by-machines.md | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index c5bd8c7fbb..666cf8cb70 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -570,6 +570,7 @@ ###### [Vulnerability]() ####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) ####### [List vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md) +####### [List vulnerabilities by Machine and Software](microsoft-defender-atp/get-all-vulnerabilities-by-machines.md) ####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md) ####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md new file mode 100644 index 0000000000..4234c36d32 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -0,0 +1,104 @@ +--- +title: Get all vulnerabilities by Machine and Software +description: Retrieves a list of all the vulnerabilities affecting the organization by Machine and Software +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List vulnerabilities by Machine and Software +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Retrieves a list of all the vulnerabilities affecting the organization per [Machine](machine.md) and [Software](software.md). +
If the vulnerability has a fixing KB, it will appear in the response. +
Supports [OData V4 queries](https://www.odata.org/documentation/). +
The OData ```$filter``` is supported on all properties. + +>[!Tip] +>This is great API for [Power BI](api-power-bi.md) integration. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/machinesVulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of vulnerabilities in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/vulnerabilities/machinesVulnerabilities +``` + +**Response** + +Here is an example of the response. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)", + "value": [ + { + "id": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21-_-CVE-2020-6494-_-microsoft-_-edge_chromium-based-_-81.0.416.77-_-", + "cveId": "CVE-2020-6494", + "machineId": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21", + "fixingKbId": null, + "productName": "edge_chromium-based", + "productVendor": "microsoft", + "productVersion": "81.0.416.77", + "severity": "Low" + }, + { + "id": "7a704e17d1c2977c0e7b665fb18ae6e1fe7f3283-_-CVE-2016-3348-_-microsoft-_-windows_server_2012_r2-_-6.3.9600.19728-_-3185911", + "cveId": "CVE-2016-3348", + "machineId": "7a704e17d1c2977c0e7b665fb18ae6e1fe7f3283", + "fixingKbId": "3185911", + "productName": "windows_server_2012_r2", + "productVendor": "microsoft", + "productVersion": "6.3.9600.19728", + "severity": "Low" + }, + ... + ] + +} +``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) From b773af96aea378e517d6fdeffe14b2401e244171 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 9 Jul 2020 08:46:15 -0700 Subject: [PATCH 022/102] more additions and cross-linking --- .../waas-delivery-optimization-reference.md | 35 ++++++++++++++++++- .../waas-delivery-optimization-setup.md | 10 +++--- .../update/waas-delivery-optimization.md | 14 ++++++++ 3 files changed, 54 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index b4bb57aef5..fc05fe55aa 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -23,7 +23,7 @@ ms.topic: article > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) -There are a great many details you can set in Delivery Optimization to customize it to do just what you need it to. This topic summarizes them for your reference. +There are a great many details you can set in Delivery Optimization to customize it to do just what you need it to. This topic summarizes them for your reference. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md). ## Delivery Optimization options @@ -64,6 +64,10 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz | [Delay foreground download from http (in secs)](#delay-foreground-download-from-http-in-secs) | DODelayForegroundDownloadFromHttp | 1803 | | [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | | [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | +| [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 2004 | +| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | +| [Maximum Foreground Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | +| [Maximum Background Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 | ### More detail on Delivery Optimization settings: @@ -232,4 +236,33 @@ The device can download from peers while on battery regardless of this policy. >[!IMPORTANT] > By default, devices **will not upload while on battery**. To enable uploads while on battery, you need to enable this policy and set the battery value under which uploads pause. +### Cache Server Hostname +Set this policy to to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma separated, for example: myhost.somerandomhost.com,myhost2.somrandomhost.com,10.10.1.7. + + +### Cache Server Hostname Source + +This policy allows you to specify how your client(s) can discover Delivery Optimization in Network Cache servers dynamically. There are two options: +- 1 = DHCP Option 235. +- 2 = DHCP Option 235 Force. + +with either option, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. + +Set this policy to designate one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. You can add one or more value either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas. + +> [!NOTE] +> If you format the DHCP Option ID incorrectly, the client will fall back to the Cache Server Hostname policy value if that value has been set. + +### Maximum Foreground Download Bandwidth (in KB/s) + +Specifies the maximum foreground download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. + +The default value of 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. + + +### Maximum Background Download Bandwidth (in KB/s) + +Specifies the maximum background download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. + +The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index 584aa81202..a8e262526e 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -24,7 +24,7 @@ ms.topic: article ## Recommended Delivery Optimization settings -Delivery Optimization offers a great many settings to fine-tune its behavior (see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list), but for the most efficient performance, there are just a few key parameters that will have the greatest impact if particular situations exist in your deployment: +Delivery Optimization offers a great many settings to fine-tune its behavior (see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list), but for the most efficient performance, there are just a few key parameters that will have the greatest impact if particular situations exist in your deployment. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). - Does your topology include multiple breakouts to the internet (i.e., a "hybrid WAN") or are there only a few connections to the internet, so that all requests appear to come from a single external IP address (a "hub and spoke" topology)? - If you use boundary groups in your topology, how many devices are present in a given group? @@ -129,7 +129,6 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** | ExpireOn | The target expiration date and time for the file. | | Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). | -Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data: @@ -147,7 +146,7 @@ Using the `-Verbose` option returns additional information: - Bytes from CDN (the number of bytes received over HTTP) - Average number of peer connections per download  -Starting in Windows 10, version 2004, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers. +**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers. Starting in Windows 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status. @@ -178,7 +177,10 @@ You can now "pin" files to keep them persistent in the cache. You can only do th **Starting in Windows 10, version 2004:** -`Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` +- `Enable-DeliveryOptimizationVerboseLogs` +- `Disable-DliveryOptimizationVerboseLogs` + +- `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` With no options, this cmdlet returns these data: diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index b788f2aa7c..2a1e6e4fc5 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -39,6 +39,20 @@ Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimi ![absolute bandwidth settings in delivery optimization interface](images/DO-absolute-bandwidth.png) - Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#microsoft-connected-cache). +- New options for [`Get-DeliveryOptimizationPerfSnap`](waas-delivery-optimization-setup.md#analyze-usage). +- New cmdlets: + - `Enable-DeliveryOptimizationVerboseLogs` + - `Disable-DliveryOptimizationVerboseLogs` + - `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` +- New policy settings (for details see ): + - [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname) + - [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source) + - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) + - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) +- Support for new types of downloads: + - Office installations and updates + - Xbox game pass games + - MSIX apps (HTTP downloads only) ## Requirements From 83d9c2cc178f3fe7031e74bcc83e009f19e57109 Mon Sep 17 00:00:00 2001 From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com> Date: Thu, 9 Jul 2020 11:17:16 -0500 Subject: [PATCH 023/102] Update update-compliance-configuration-script.md Responding to issues customers have with the script because they're not aware of the requirement to run the script in System context. --- .../update/update-compliance-configuration-script.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index 2167039e0c..9b0b568dd7 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -35,6 +35,10 @@ The script is organized into two folders **Pilot** and **Deployment**. Both fold > [!IMPORTANT] > If you encounter an issue with Update Compliance, the first step should be to run the script in Pilot mode on a device you are encountering issues with, and save these Logs for reference with Support. +> [!IMPORTANT] +> The script must be run in System context. This is accomplished via the PsExec tool included in the file. To learn more about PsExec, see the documentation here: [PsExec](https://docs.microsoft.com/sysinternals/downloads/psexec). + + When using the script in the context of troubleshooting, use `Pilot`. Enter `RunConfig.bat`, and configure it as follows: 1. Configure `logPath` to a path where the script will have write access and a place you can easily access. This specifies the output of the log files generated when the script is in Verbose mode. From e6a85ece3fc924a71347a3a0067b4d54bcd48c6c Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Thu, 9 Jul 2020 09:22:06 -0700 Subject: [PATCH 024/102] Update update-compliance-configuration-script.md Very slight wording changes. --- .../deployment/update/update-compliance-configuration-script.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index 9b0b568dd7..0305a83e2b 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -36,7 +36,7 @@ The script is organized into two folders **Pilot** and **Deployment**. Both fold > If you encounter an issue with Update Compliance, the first step should be to run the script in Pilot mode on a device you are encountering issues with, and save these Logs for reference with Support. > [!IMPORTANT] -> The script must be run in System context. This is accomplished via the PsExec tool included in the file. To learn more about PsExec, see the documentation here: [PsExec](https://docs.microsoft.com/sysinternals/downloads/psexec). +> The script must be run in the System context. To do this, use the PsExec tool included in the file. For more about PsExec, see [PsExec](https://docs.microsoft.com/sysinternals/downloads/psexec). When using the script in the context of troubleshooting, use `Pilot`. Enter `RunConfig.bat`, and configure it as follows: From ecb78daa981e3457989bba5f50d9169c6e90cfc0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 9 Jul 2020 10:15:10 -0700 Subject: [PATCH 025/102] remove note --- .../microsoft-defender-atp/onboard-downlevel.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index 3ad2b3c9db..6d9c98fc37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -32,9 +32,6 @@ ms.topic: article Microsoft Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. -> [!IMPORTANT] -> This capability is currently in preview. You'll need to turn on the preview features to take advantage of this feature. For more information, see [Preview features](preview.md). - To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to: - Configure and update System Center Endpoint Protection clients. - Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP as instructed below. From e6ccbf8d772f7fb137b52561166f8d1fc58e662d Mon Sep 17 00:00:00 2001 From: ashwin-pr <66497769+ashwin-pr@users.noreply.github.com> Date: Thu, 9 Jul 2020 23:11:55 +0530 Subject: [PATCH 026/102] Changed reference of Linux to Android Changed reference of Linux to Android --- .../microsoft-defender-atp/microsoft-defender-atp-android.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index b2b8409121..12f56bc412 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -27,7 +27,7 @@ ms.topic: conceptual > > As with any pre-release solution, remember to exercise caution when determining the target population for your deployments. > -> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today. +> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Android onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today. This topic describes how to install, configure, update, and use Microsoft Defender ATP for Android. From 54c70a2bf621499c13ee44d2e645d2d37835bb95 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 9 Jul 2020 11:02:44 -0700 Subject: [PATCH 027/102] adding main DO page back into TOC --- windows/deployment/TOC.yml | 2 ++ windows/deployment/update/waas-delivery-optimization.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 7c17c5720e..bd4751ea90 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -43,6 +43,8 @@ href: update/plan-determine-app-readiness.md - name: Define your servicing strategy href: update/plan-define-strategy.md + - name: Delivery Optimization for Windows 10 updates + href: update/waas-delivery-optimization-reference.md - name: Best practices for feature updates on mission-critical devices href: update/feature-update-mission-critical.md - name: Windows 10 deployment considerations diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2a1e6e4fc5..084ff6f01a 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -1,5 +1,5 @@ --- -title: Configure Delivery Optimization for Windows 10 updates (Windows 10) +title: Delivery Optimization for Windows 10 updates ms.reviewer: manager: laurawi description: Delivery Optimization is a peer-to-peer distribution method in Windows 10 From f7402458f8c862b780957a05f5062e6dce2fbff0 Mon Sep 17 00:00:00 2001 From: Ben Date: Thu, 9 Jul 2020 21:07:53 +0300 Subject: [PATCH 028/102] Update get-all-vulnerabilities-by-machines.md 2 --- .../get-all-vulnerabilities-by-machines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index 4234c36d32..de0e5c2508 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -25,7 +25,7 @@ Retrieves a list of all the vulnerabilities affecting the organization per [Mach
The OData ```$filter``` is supported on all properties. >[!Tip] ->This is great API for [Power BI](api-power-bi.md) integration. +>This is great API for [Power BI integration](api-power-bi.md). ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. From d6beb73ed57588ccff322e31d9c9a0ce2fe3d8f1 Mon Sep 17 00:00:00 2001 From: Joanie Rhine <53441365+jrhi@users.noreply.github.com> Date: Thu, 9 Jul 2020 11:19:14 -0700 Subject: [PATCH 029/102] Update catchup scan docs Updated docs on Disable catchup full scan and Disable catchup quick scan. --- windows/client-management/mdm/policy-csp-defender.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 5898f5bb48..5b8f52d942 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1725,9 +1725,9 @@ Valid values: 0–90 This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you disable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -If you enable this setting, catch-up scans for scheduled full scans will be disabled. +If you enable or do not configure this setting, catch-up scans for scheduled full scans will be disabled. Supported values: @@ -1805,9 +1805,9 @@ ADMX Info: This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you disable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. +If you enable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. Supported values: From 6b7727e2aef664180c5969807997e330bd632e96 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 9 Jul 2020 11:23:26 -0700 Subject: [PATCH 030/102] update file link --- .../microsoft-defender-atp/configure-proxy-internet.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- .../microsoft-defender-atp/production-deployment.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 73427e0de5..892be434e6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -108,7 +108,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed below from HTTPS scanning. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 696c47442f..fda5e2b14b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -95,7 +95,7 @@ The following downloadable spreadsheet lists the services and their associated U |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 5c6219b989..0b8a773d75 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -75,7 +75,7 @@ The following downloadable spreadsheet lists the services and their associated U |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 96ee924d6d..33a1b59c0a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -235,7 +235,7 @@ If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) | The spreadsheet provides specific DNS records for service locations, geographies, and OS. +|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
[Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. ### Microsoft Defender ATP service backend IP range From 507a44cb69ef155660eb852e402d0ed4d5ab07fa Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 9 Jul 2020 11:44:17 -0700 Subject: [PATCH 031/102] one more crosslink --- windows/deployment/update/waas-delivery-optimization.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 084ff6f01a..ba1b1c034a 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -28,6 +28,8 @@ Windows updates, upgrades, and applications can contain packages with very large Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet. +For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md). + >[!NOTE] >WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. From 8f88fa6f07577744270468f0f0c80822fa6ab179 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 9 Jul 2020 12:36:15 -0700 Subject: [PATCH 032/102] fixes --- .../minimum-requirements.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 60382164d4..8f47832251 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -92,7 +92,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo Devices on your network must be running one of these editions. -The hardware requirements for Microsoft Defender ATP on devices is the same as those for the supported editions. +The hardware requirements for Microsoft Defender ATP on devices are the same for the supported editions. > [!NOTE] > Machines running mobile versions of Windows are not supported. @@ -125,8 +125,8 @@ When you run the onboarding wizard for the first time, you must choose where you > [!NOTE] > Microsoft Defender ATP doesn't require any specific diagnostic level as long as it's enabled. -You must ensure that the diagnostic data service is enabled on all the devices in your organization. -By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them. +Make sure that the diagnostic data service is enabled on all the devices in your organization. +By default, this service is enabled. It's good practice to check to ensure that you'll get sensor data from them. **Use the command line to check the Windows 10 diagnostic data service startup type**: @@ -146,7 +146,8 @@ By default, this service is enabled, but it's good practice to check to ensu ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png) -If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start. + +You'll need to set the service to automatically start if the **START_TYPE** is not set to **AUTO_START**. **Use the command line to set the Windows 10 diagnostic data service to automatically start:** @@ -173,7 +174,7 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the #### Internet connectivity Internet connectivity on devices is required either directly or through proxy. -The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth. +The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5 MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth. For more information on additional proxy configuration settings, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md). @@ -183,9 +184,11 @@ Before you onboard devices, the diagnostic data service must be enabled. The ser ## Microsoft Defender Antivirus configuration requirement The Microsoft Defender ATP agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them. -You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). +Configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). -When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode. If your organization has disabled Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded to Microsoft Defender ATP must be excluded from this group policy. +When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode. + +If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy. If you are onboarding servers and Microsoft Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Microsoft Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints.md). From 4990857f9d971047460dda1f078058012084d93e Mon Sep 17 00:00:00 2001 From: Manika Dhiman Date: Thu, 9 Jul 2020 14:27:23 -0700 Subject: [PATCH 033/102] Update policy-csp-defender.md There was discrepancy only in the default value for the DisableCatchupFullScan and DisableCatchupQuickScan settings and their equivalent GP settings. Updated the default values and reverted the changes to the descriptions. --- .../client-management/mdm/policy-csp-defender.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 5b8f52d942..df1a78b3a7 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1725,14 +1725,14 @@ Valid values: 0–90 This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you disable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -If you enable or do not configure this setting, catch-up scans for scheduled full scans will be disabled. +If you enable this setting, catch-up scans for scheduled full scans will be disabled. Supported values: -- 0 - Disabled -- 1 - Enabled (default) +- 0 - Disabled (default) +- 1 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupFullScan @@ -1805,14 +1805,14 @@ ADMX Info: This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you disable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -If you enable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. +If you enable this setting, catch-up scans for scheduled quick scans will be turned off. Supported values: -- 0 - Disabled -- 1 - Enabled (default) +- 0 - Disabled (default) +- 1 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupQuickScan From 5f226434ffdb21ccb0b5d6d1bff7bc1050ab671d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 9 Jul 2020 14:38:13 -0700 Subject: [PATCH 034/102] Update microsoft-defender-advanced-threat-protection.md --- .../microsoft-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index b20e6bfe22..74190892a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -136,4 +136,4 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf ## Related topic -[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats) +[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection) From 9c3eb4fdaac667b595b1d002132fb35a44fd2ee9 Mon Sep 17 00:00:00 2001 From: Manika Dhiman Date: Thu, 9 Jul 2020 14:42:13 -0700 Subject: [PATCH 035/102] Update policy-csp-defender.md --- windows/client-management/mdm/policy-csp-defender.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index df1a78b3a7..56f6870274 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1725,9 +1725,9 @@ Valid values: 0–90 This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -If you enable this setting, catch-up scans for scheduled full scans will be disabled. +If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off. Supported values: @@ -1805,9 +1805,9 @@ ADMX Info: This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -If you enable this setting, catch-up scans for scheduled quick scans will be turned off. +If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. Supported values: From c6b80f8e4eae260fad8d9a1ad9d66b2233950203 Mon Sep 17 00:00:00 2001 From: Kelly Baker Date: Thu, 9 Jul 2020 14:48:10 -0700 Subject: [PATCH 036/102] Edit pass: windows-10-mobile-and-mdm.md First pass, not ready for review or merge. --- .../windows-10-mobile-and-mdm.md | 213 +++++++++--------- 1 file changed, 112 insertions(+), 101 deletions(-) diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index 7017e40876..3837eaff64 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -24,7 +24,7 @@ ms.topic: article This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. Employees increasingly depend on smartphones to complete daily work tasks, but these devices introduce unique management and security challenges. Whether providing corporate devices or allowing people to use their personal devices, IT needs to deploy and manage mobile devices and apps quickly to meet business goals. However, they also need to ensure that the apps and data on those mobile devices are protected against cybercrime or loss. Windows 10 Mobile helps organizations directly address these challenges with robust, flexible, built-in mobile device and app management technologies. -Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution. +Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement, by using a comprehensive mobile device management solution. **In this article** - [Deploy](#deploy) @@ -36,8 +36,8 @@ Windows 10 supports end-to-end device lifecycle management to give companies con ## Deploy -Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which Mobile Device Management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced. -Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or Microsoft Endpoint Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050). +Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which mobile device management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced. +Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or Microsoft Endpoint Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select the system that best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050). ### Deployment scenarios @@ -47,7 +47,7 @@ The built-in MDM client is common to all editions of the Windows 10 operating s Organizations typically have two scenarios to consider when it comes to device deployment: Bring Your Own (BYO) personal devices and Choose Your Own (CYO) company-owned devices. In both cases, the device must be enrolled in an MDM system, which would configure it with settings appropriate for the organization and the employee. Windows 10 Mobile device management capabilities support both personal devices used in the BYO scenario and corporate devices used in the CYO scenario. The operating system offers a flexible approach to registering devices with directory services and MDM systems. IT organizations can provision comprehensive device-configuration profiles based on their business needs to control and protect mobile business data. Apps can be provisioned easily to personal or corporate devices through the Microsoft Store for Business, or by using their MDM system, which can also work with the Microsoft Store for Business for public store apps. -Knowing who owns the device and what the employee will use it for are the major factors in determining your management strategy and which controls your organization should put in place. Whether personal devices, corporate devices, or a mixture of the two, deployment processes and configuration policies may differ. +Knowing who owns the device and what the employee uses it for are the major factors in determining your management strategy and which controls your organization should put in place. Whether personal devices, corporate devices, or a mixture of the two, deployment processes and configuration policies may differ. For **personal devices**, companies need to be able to manage corporate apps and data on the device without impeding the employee’s ability to personalize it to meet their individual needs. The employee owns the device and corporate policy allows them to use it for both business and personal purposes, with the ability to add personal apps at their discretion. The main concern with personal devices is how organizations can prevent corporate data from being compromised, while still keeping personal data private and under the sole control of the employee. This requires that the device be able to support separation of apps and data with strict control of business and personal data traffic. @@ -81,34 +81,35 @@ The way in which personal and corporate devices are enrolled into an MDM system Device Initialization -In the Out-of-the-Box Experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device. +In the out-of-box experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device. The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. The primary identity on the device is an organizational identity. Corporate devices are initialized with an organizational account (account@corporatedomain.ext). -Initialization of a device with a corporate account is unique to Windows 10. No other mobile platform currently offers this capability. The default option is to use an Azure Active Directory organizational identity. -Skipping the account setup in OOBE will result in the creation of a local account. The only option to add a cloud account later is to add an MSA, putting this device into a personal device deployment scenario. To start over, the device will have to be reset. +Initialization of a device with a corporate account is unique to Windows 10. No other mobile platform currently offers this capability. The default option is to use an Azure Active Directory (Azure AD) organizational identity. +Skipping the account setup in OOBE results in the creation of a local account. The only option to add a cloud account later is to add an MSA, putting this device into a personal device deployment scenario. To start over, the device must be reset. Device Enrollment Enrolling devices in an MDM system helps control and protect corporate data while keeping workers productive. -Device enrollment can be initiated by employees. They can add an Azure account as a secondary account to the Windows 10 Mobile device. Provided the MDM system is registered with your Azure AD, the device is automatically enrolled in the MDM system when the user adds an Azure AD account as a secondary account (MSA+AAD+MDM). If your organization does not have Azure AD, the employee’s device will automatically be enrolled into your organization’s MDM system (MSA+MDM). +Device enrollment can be initiated by employees. They can add an Azure account as a secondary account to the Windows 10 Mobile device. Provided the MDM system is registered with your Azure AD, the device is automatically enrolled in the MDM system when the user adds an Azure AD account as a secondary account (MSA+Azure AD+MDM). If your organization does not have Azure AD, the employee’s device is automatically enrolled into your organization’s MDM system (MSA+MDM). MDM enrollment can also be initiated with a provisioning package. This option enables IT to offer easy-to-use self-service enrollment of personal devices. Provisioning is currently only supported for MDM-only enrollment (MSA+MDM). -The user initiates MDM enrollment by joining the device to the Azure AD instance of their organization. The device is automatically enrolled in the MDM system when the device registers in Azure AD. This requires your MDM system to be registered with your Azure AD (AAD+MDM). +The user initiates MDM enrollment by joining the device to the Azure AD instance of their organization. The device is automatically enrolled in the MDM system when the device registers in Azure AD. This requires your MDM system to be registered with your Azure AD (Azure AD+MDM). -**Recommendation:** Microsoft recommends Azure AD registration and automatic MDM enrollment for corporate devices (AAD+MDM) and personal devices (MSA+AAD+MDM). This requires Azure AD Premium. +Microsoft recommends Azure AD registration and automatic MDM enrollment for corporate devices (Azure AD+MDM) and personal devices (MSA+Azure AD+MDM). This requires Azure AD Premium. ### Identity management *Applies to: Corporate and personal devices* -Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen will determine who controls the device and influence your management capabilities. +Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen determines who controls the device and influences your management capabilities. ->**Note:** Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, etc. Both an [MSA](https://www.microsoft.com/account/) and an [Azure AD account](https://www.microsoft.com/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) give access to these services. +> [!NOTE] +> Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, and so on. Both an [MSA](https://www.microsoft.com/account/) and an [Azure AD account](https://www.microsoft.com/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) provide access to these services. The following table describes the impact of identity choice on device management characteristics of the personal and corporate device scenarios. @@ -133,13 +134,13 @@ The following table describes the impact of identity choice on device management Ease of enrollment -Employees use their Microsoft Account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution (MSA+AAD+MDM). -Employees use their Azure AD account to register the device in Azure AD and automatically enroll it with the organization’s MDM solution (AAD+MDM – requires Azure AD Premium). +Employees use their Microsoft Account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution (MSA+Azure AD+MDM). +Employees use their Azure AD account to register the device in Azure AD and automatically enroll it with the organization’s MDM solution (Azure AD+MDM – requires Azure AD Premium). Credential management Employees sign in to the device with Microsoft Account credentials. -Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft account. +Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft Account. Employees sign in to the device with Azure AD credentials. IT can block the addition of a personal identity, such as an MSA or Google Account. IT controls all devices access policies, without limitations. @@ -153,7 +154,7 @@ IT can block the addition of a personal identity, such as an MSA or Google Accou User settings and data roaming across multiple Windows devices User and app settings roam across all devices activated with the same personal identity through OneDrive. -If the device is activated with an MSA, then adds an Azure AD account, user an app settings roam. If you add your MSA to an Azure AD- joined device, this will not be the case. Microsoft is investigating Enterprise roaming for a future release. +If the device is activated with an MSA, then adds an Azure AD account, user an app settings roam. If you add your MSA to an Azure AD-joined device, this is not the case. Microsoft is investigating Enterprise roaming for a future release. Level of control @@ -174,13 +175,14 @@ IT can block the addition of a personal identity, such as an MSA or Google Accou ->**Note:** In the context of [Windows-as-a-Service](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing), differentiation of MDM capabilities will change in the future. +> [!NOTE] +> In the context of [Windows-as-a-Service](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing), differentiation of MDM capabilities may change in the future. ### Infrastructure choices *Applies to: Corporate and personal devices* -For both personal and corporate deployment scenarios, an MDM system is the essential infrastructure required to deploy and manage Windows 10 Mobile devices. An Azure AD premium subscription is recommended as an identity provider and required to support certain capabilities. Windows 10 Mobile allows you to have a pure cloud-based infrastructure or a hybrid infrastructure that combines Azure AD identity management with an on-premises management system to manage devices. Microsoft now also supports a pure on-premises solution to manage Windows 10 Mobile devices with [Configuration Manager](https://technet.microsoft.com/library/mt627908.aspx). +For both personal and corporate deployment scenarios, an MDM system is the essential infrastructure required to deploy and manage Windows 10 Mobile devices. An Azure AD Premium subscription is recommended as an identity provider and required to support certain capabilities. Windows 10 Mobile allows you to have a pure cloud-based infrastructure or a hybrid infrastructure that combines Azure AD identity management with an on-premises management system to manage devices. Microsoft now also supports a pure on-premises solution to manage Windows 10 Mobile devices with [Configuration Manager](https://technet.microsoft.com/library/mt627908.aspx). **Azure Active Directory** Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid identity solution. Organizations that use Microsoft Office 365 or Intune are already using Azure AD, which has three editions: Free Basic, and Premium (see [Azure Active Directory editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state. @@ -189,7 +191,8 @@ Azure AD is a cloud-based directory service that provides identity and access ma Microsoft [Intune](https://www.microsoft.com/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution. Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. MDM providers that support Windows 10 Mobile currently include: AirWatch, Citrix, MobileIron, SOTI, Blackberry and others. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](https://azure.microsoft.com/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account. ->**Note:** Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365. +> [!NOTE] +> Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365. In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](https://technet.microsoft.com/library/ms.o365.cc.devicepolicy.aspx). **Cloud services** @@ -210,19 +213,20 @@ The Microsoft Store for Business is the place where IT administrators can find, ## Configure -MDM administrators can define and implement policy settings on any personal or corporate device enrolled in an MDM system. What configuration settings you use will differ based on the deployment scenario, and corporate devices will offer IT the broadest range of control. +MDM administrators can define and implement policy settings on any personal or corporate device enrolled in an MDM system. The configuration settings you use depend on the deployment scenario, and corporate devices offer IT the broadest range of control. ->**Note:** This guide helps IT professionals understand management options available for the Windows 10 Mobile OS. Please consult your MDM system documentation to understand how these policies are enabled by your MDM vendor. +> [!NOTE] +> This guide helps IT professionals understand management options available for the Windows 10 Mobile OS. Please consult your MDM system documentation to understand how these policies are enabled by your MDM vendor. Not all MDM systems support every setting described in this guide. Some support custom policies through OMA-URI XML files. See [Microsoft Intune support for Custom Policies](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#custom-uri-settings-for-windows-10-devices). Naming conventions may also vary among MDM vendors. ### Account profile *Applies to: Corporate devices* -Enforcing what accounts employees can use on a corporate device is important for avoiding data leaks and protecting privacy. Limiting the device to just one account controlled by the organization will reduce the risk of a data breach. However, you can choose to allow employees to add a personal Microsoft Account or other consumer email accounts. +Enforcing what accounts employees can use on a corporate device is important for avoiding data leaks and protecting privacy. Limiting the device to just one account controlled by the organization reduces the risk of a data breach. However, you can choose to allow employees to add a personal Microsoft Account or other consumer email accounts. - **Allow Microsoft Account** Specifies whether users are allowed to add a Microsoft Account to the device and use this account to authenticate to cloud services, such as purchasing apps in Microsoft Store, Xbox, or Groove. -- **Allow Adding Non-Microsoft Accounts** Specifies whether users are allowed to add email accounts other than Microsoft accounts. +- **Allow Adding Non-Microsoft Accounts** Specifies whether users are allowed to add email accounts other than a Microsoft Account. ### Email accounts @@ -239,41 +243,42 @@ Email and associated calendar and contacts are the primary apps that users acces It’s common practice to protect a device that contains corporate information with a passcode when it is not in use. As a best practice, Microsoft recommends that you implement a device lock policy for Windows 10 Mobile devices for securing apps and data. You can use a complex password or numeric PIN to lock devices. Introduced with Windows 10, [Windows Hello](https://windows.microsoft.com/en-us/windows-10/getstarted-what-is-hello) allows you to use a PIN, a companion device (like Microsoft band), or biometrics to validate your identity to unlock Windows 10 Mobile devices. ->**Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. -To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based. -Companion devices must be paired with Windows 10 PC’s via Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires Pro or Enterprise edition on the Windows 10 PC being signed into. +> [!NOTE] +> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. +To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based. +Companion devices must be paired with a Windows 10 PC using Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires the Pro or Enterprise edition of Windows 10. -Most of the device lock restriction policies have been available via ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply. +Most of the device lock restriction policies have been available through ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply: - **Device Password Enabled** Specifies whether users are required to use a device lock password. -- **Allow Simple Device Password** Whether users can use a simple password (e.g., 1111 or 1234). -- **Alphanumeric Device Password Required** Whether users need to use an alphanumeric password. When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user will be able to enter a numeric PIN on the keyboard. -- **Min Device Password Complex Characters** The number of password element types (i.e., uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords. -- **Device Password History** The number of passwords Windows 10 Mobile remembers in the password history (Users cannot reuse passwords in the history to create new passwords.) +- **Allow Simple Device Password** Specifies whether users can use a simple password (for example, 1111 or 1234). +- **Alphanumeric Device Password Required** Specifies whether users need to use an alphanumeric password. When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user can enter a numeric PIN on the keyboard. +- **Min Device Password Complex Characters** The number of password element types (uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords. +- **Device Password History** The number of passwords Windows 10 Mobile remembers in the password history. (Users cannot reuse passwords in the history to create new passwords.) - **Min Device Password Length** The minimum number of characters required to create new passwords. - **Max Inactivity Time Device Lock** The number of minutes of inactivity before devices are locked and require a password to unlock. -- **Allow Idle Return Without Password** Whether users are required to re-authenticate when their devices return from a sleep state before the inactivity time was reached. -- **Max Device Password Failed Attempts** The number of authentication failures allowed before a device is wiped (A value of zero disables device wipe functionality.) -- **Screen Timeout While Locked** The number of minutes before the lock screen times out (this policy influences device power management). -- **Allow Screen Timeout While Locked User Configuration** Whether users can manually configure screen timeout while the device is on the lock screen (Windows 10 Mobile ignores the **Screen Timeout While Locked** setting if you disable this setting). +- **Allow Idle Return Without Password** Specifies whether users are required to re-authenticate when their devices return from a sleep state before the inactivity time was reached. +- **Max Device Password Failed Attempts** The number of authentication failures allowed before a device is wiped. (A value of zero disables device wipe functionality.) +- **Screen Timeout While Locked** The number of minutes before the lock screen times out. (This policy influences device power management.) +- **Allow Screen Timeout While Locked User Configuration** Specifies whether users can manually configure screen timeout while the device is on the lock screen. (Windows 10 Mobile ignores the **Screen Timeout While Locked** setting if you disable this setting.) Settings related to Windows Hello would be important device lock settings to configure if you are deploying devices using the corporate deployment scenario. -Microsoft made it a requirement for all users to create a numeric passcode as part of Azure AD Join. This policy default requires users to select a four-digit passcode, but this can be configured with an AAD-registered MDM system to whatever passcode complexity your organization desires. If you are using Azure AD with an automatic MDM enrollment mechanism, these policy settings are automatically applied during device enrollment. +Microsoft made it a requirement for all users to create a numeric passcode as part of Azure AD Join. This policy default requires users to select a four-digit passcode, but this can be configured with an Azure AD-registered MDM system to whatever passcode complexity your organization desires. If you are using Azure AD with an automatic MDM enrollment mechanism, these policy settings are automatically applied during device enrollment. -You will notice that some of the settings are very similar, specifically those related to passcode length, history, expiration, and complexity. If you set the policy in multiple places, both policies will be applied, with the strongest policy retained. Read [PassportForWork CSP](https://msdn.microsoft.com/library/windows/hardware/dn987099(v=vs.85).aspx), [DeviceLock CSP](https://msdn.microsoft.com/library/windows/hardware/dn904945(v=vs.85).aspx) (Windows Phone 8.1), and [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#DeviceLock_AllowIdleReturnWithoutPassword) for more detailed information. +You may notice that some of the settings are very similar, specifically those related to passcode length, history, expiration, and complexity. If you set the policy in multiple places, both policies are applied, with the strongest policy retained. Read [PassportForWork CSP](https://msdn.microsoft.com/library/windows/hardware/dn987099(v=vs.85).aspx), [DeviceLock CSP](https://msdn.microsoft.com/library/windows/hardware/dn904945(v=vs.85).aspx) (Windows Phone 8.1), and [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#DeviceLock_AllowIdleReturnWithoutPassword) for more detailed information. ### Prevent changing of settings *Applies to: Corporate devices* -Employees are usually allowed to change certain personal device settings that you may want to lock down on corporate devices. Employees can interactively adjust certain settings of the phone through the settings applets. Using MDM, you can limit what users are allowed to change. +Employees are usually allowed to change certain personal device settings that you may want to lock down on corporate devices. Employees can interactively adjust certain settings of the phone through the settings applets. Using MDM, you can limit what users are allowed to change, including: -- **Allow Your Account** Specifies whether users are able to change account configuration in the Your Email and Accounts panel in Settings -- **Allow VPN** Allows the user to change VPN settings -- **Allow Data Sense** Allows the user to change Data Sense settings -- **Allow Date Time** Allows the user to change data and time setting -- **Allow Edit Device Name** Allows users to change the device name -- **Allow Speech Model Update** Specifies whether the device will receive updates to the speech recognition and speech synthesis models (to improve accuracy and performance) +- **Allow Your Account** Specifies whether users are allowed to change account configuration in the **Your Email and Accounts** panel in Settings +- **Allow VPN** Specifies whether users are allowed to change VPN settings +- **Allow Data Sense** Specifies whether users are allowed to change Data Sense settings +- **Allow Date Time** Specifies whether users are allowed to change data and time setting +- **Allow Edit Device Name** Specifies whether users are allowed to change the device name +- **Allow Speech Model Update** Specifies whether the device receives updates to the speech recognition and speech synthesis models (to improve accuracy and performance) ### Hardware restrictions @@ -281,35 +286,37 @@ Employees are usually allowed to change certain personal device settings that yo Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can use hardware restrictions to control the availability of these features. -The following lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions. +The following is a list of the MDM settings that Windows 10 Mobile supports to configure hardware restrictions: ->**Note:** Some of these hardware restrictions provide connectivity and assist in data protection. +> [!NOTE] +> Some of these hardware restrictions provide connectivity and assist in data protection. -- **Allow NFC:** Whether the NFC radio is enabled -- **Allow USB Connection:** Whether the USB connection is enabled (doesn’t affect USB charging) -- **Allow Bluetooth:** Whether users can enable and use the Bluetooth radio on their devices -- **Allow Bluetooth Advertising:** Whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices -- **Allow Bluetooth Discoverable Mode:** Whether the device can discover other devices (e.g., headsets) -- **Allow Bluetooth pre-pairing** Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device +- **Allow NFC:** Specifies whether the NFC radio is enabled +- **Allow USB Connection:** Specifies whether the USB connection is enabled (doesn’t affect USB charging) +- **Allow Bluetooth:** Specifies whether users can enable and use the Bluetooth radio on their devices +- **Allow Bluetooth Advertising:** Specifies whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices +- **Allow Bluetooth Discoverable Mode:** Specifies whether the device can discover other devices (such as headsets) +- **Allow Bluetooth pre-pairing** Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device - **Bluetooth Services Allowed List:** The list of Bluetooth services and profiles to which the device can connect - **Set Bluetooth Local Device Name:** The local Bluetooth device name -- **Allow Camera:** Whether the camera is enabled -- **Allow Storage Card:** Whether the storage card slot is enabled -- **Allow Voice Recording:** Whether the user can use the microphone to create voice recordings -- **Allow Location:** Whether the device can use the GPS sensor or other methods to determine location so applications can use location information +- **Allow Camera:** Specifies whether the camera is enabled +- **Allow Storage Card:** Specifies whether the storage card slot is enabled +- **Allow Voice Recording:** Specifies whether the user can use the microphone to create voice recordings +- **Allow Location:** Specifies whether the device can use the GPS sensor or other methods to determine location so applications can use location information ### Certificates *Applies to: Personal and corporate devices* Certificates help improve security by providing account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation. -To install certificates manually, you can post them on Microsoft Edge website or send them directly via email, which is ideal for testing purposes. -Using SCEP and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device (as long as the MDM system supports the Simple Certificate Enrollment Protocol (SCEP) or Personal Information Exchange (PFX)). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired. +To install certificates manually, you can post them on Microsoft Edge website or send them directly by using email, which is ideal for testing purposes. +Using Simple Certificate Enrollment Protocol (SCEP) and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device, as long as the MDM system supports the SCEP or Personal Information Exchange (PFX). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired. In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings. -Get more detailed information about MDM certificate management in the [Client Certificate Install CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile). +For more detailed information about MDM certificate management, see [Client Certificate Install CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile). Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidentally. -> **Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you: +> [!NOTE] +> To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you: > - View a summary of all personal certificates > - View the details of individual certificates > - View the certificates used for VPN, Wi-Fi, and email authentication @@ -322,7 +329,7 @@ Use the Allow Manual Root Certificate Installation setting to prevent users from *Applies to: Corporate and personal devices* Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention. -You can create multiple Wi-Fi profiles in your MDM system. The below table lists the Windows 10 Mobile Wi Fi connection profile settings that can be configured by administrators. +You can create multiple Wi-Fi profiles in your MDM system. The Windows 10 Mobile Wi-Fi connection profile settings that can be configured by administrators include: - **SSID** The case-sensitive name of the Wi-Fi network Service Set Identifier - **Security type** The type of security the Wi-Fi network uses; can be one of the following authentication types: @@ -345,14 +352,14 @@ You can create multiple Wi-Fi profiles in your MDM system. The below table lists - **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file - **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled -In addition, you can set a few device wide Wi-Fi settings. -- **Allow Auto Connect to Wi-Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi networks -- **Allow Manual Wi-Fi Configuration** Whether the user can manually configure Wi-Fi settings -- **Allow Wi-Fi** Whether the Wi-Fi hardware is enabled -- **Allow Internet Sharing** Allow or disallow Internet sharing -- **WLAN Scan Mode** How actively the device scans for Wi-Fi networks +In addition, you can set the following device wide Wi-Fi settings: +- **Allow Auto Connect to Wi-Fi Sense Hotspots** Specifies whether the device automatically detects and connects to Wi-Fi networks +- **Allow Manual Wi-Fi Configuration** Specifies whether the user can manually configure Wi-Fi settings +- **Allow Wi-Fi** Specifies whether the Wi-Fi hardware is enabled +- **Allow Internet Sharing** Allows or disallows Internet sharing +- **WLAN Scan Mode** Specifies how actively the device scans for Wi-Fi networks -Get more detailed information about Wi-Fi connection profile settings in the [Wi-Fi CSP](https://msdn.microsoft.com/library/windows/hardware/dn904981(v=vs.85).aspx) and [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx). +For more detailed information about Wi-Fi connection profile settings, see [Wi-Fi CSP](https://msdn.microsoft.com/library/windows/hardware/dn904981(v=vs.85).aspx) and [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx). ### APN profiles @@ -360,7 +367,7 @@ Get more detailed information about Wi-Fi connection profile settings in the [Wi An Access Point Name (APN) defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators. An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network. -You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. The following lists the MDM settings that Windows 10 Mobile supports for APN profiles. +You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. The following lists the MDM settings that Windows 10 Mobile supports for APN profiles: - **APN name** The APN name - *IP connection type* The IP connection type; set to one of the following values: @@ -368,7 +375,7 @@ You can define and deploy APN profiles in MDM systems that configure cellular da - IPv6 only - IPv4 and IPv6 concurrently - IPv6 with IPv4 provided by 46xlat -- **LTE attached** Whether the APN should be attached as part of an LTE Attach +- **LTE attached** Specifies whether the APN should be attached as part of an LTE Attach - **APN class ID** The globally unique identifier that defines the APN class to the modem - **APN authentication type** The APN authentication type; set to one of the following values: - None @@ -379,18 +386,18 @@ You can define and deploy APN profiles in MDM systems that configure cellular da - **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type - **Password** The password for the user account specified in User name - **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile -- **Always on** Whether the connection manager will automatically attempt to connect to the APN whenever it is available +- **Always on** Specifies whether the connection manager automatically attempts to connect to the APN when it is available - **Connection enabled** Specifies whether the APN connection is enabled - **Allow user control** Allows users to connect with other APNs than the enterprise APN -- **Hide view** Whether the cellular UX will allow the user to view enterprise APNs +- **Hide view** Specifies whether the cellular UX allows the user to view enterprise APNs -Get more detailed information about APN settings in the [APN CSP](https://msdn.microsoft.com/library/windows/hardware/dn958617(v=vs.85).aspx). +For more detailed information about APN settings, see [APN CSP](https://msdn.microsoft.com/library/windows/hardware/dn958617(v=vs.85).aspx). ### Proxy *Applies to: Corporate devices* -The below lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity. +The following lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity: - **Connection name** Specifies the name of the connection the proxy is associated with (this is the APN name of a configured connection) - **Bypass Local** Specifies if the proxy should be bypassed when local hosts are accessed by the device @@ -424,7 +431,8 @@ To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such a - **L2tpPsk** The pre-shared key used for an L2TP connection - **Cryptography Suite** Enable the selection of cryptographic suite attributes used for IPsec tunneling ->**Note:** The easiest way to create a profile for a single sign-on experience with an EAP configuration XML is through the rasphone tool on a Windows 10 PC. Once you run the rasphone.exe, the configuration wizard will walk you through the necessary steps. For step-by-step instructions on creating the EAP configuration XML blob, see EAP configuration. You can use the resulting XML blob in the MDM system to create the VPN profile on Windows 10 Mobile phone. If you have multiple certificates on the devices, you may want to configure filtering conditions for automatic certificate selection, so the employee does not need to select an authentication certificate every time the VPN is turned on. See this article for details. Windows 10 for PCs and Windows 10 Mobile have the same VPN client. +> [!NOTE] +> The easiest way to create a profile for a single sign-on experience with an EAP configuration XML is through the rasphone tool on a Windows 10 PC. Once you run the rasphone.exe, the configuration wizard walks you through the necessary steps. For step-by-step instructions on creating the EAP configuration XML blob, see EAP configuration. You can use the resulting XML blob in the MDM system to create the VPN profile on Windows 10 Mobile phone. If you have multiple certificates on the devices, you may want to configure filtering conditions for automatic certificate selection, so the employee does not need to select an authentication certificate every time the VPN is turned on. See this article for details. Windows 10 for PCs and Windows 10 Mobile have the same VPN client. Microsoft Store–based VPN plugins for the VPN connection allow you to create a VPN plugin profile with the following attributes: @@ -434,7 +442,7 @@ Microsoft Store–based VPN plugins for the VPN connection allow you to create a In addition, you can specify per VPN Profile: -- **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list will automatically trigger the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention. +- **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list automatically triggers the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention. - **Route List** List of routes to be added to the routing table for the VPN interface. This is required for split tunneling cases where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. - **Domain Name Information List** Name Resolution Policy Table (NRPT) rules for the VPN profile. - **Traffic Filter List** Specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface. @@ -513,11 +521,11 @@ Azure AD authenticated managers have access to Microsoft Store for Business func Microsoft Store for Business supports app distribution under two licensing models: online and offline. The online model (store-managed) is the recommended method, and supports both personal device and corporate device management scenarios. To install online apps, the device must have Internet access at the time of installation. On corporate devices, an employee can be authenticated with an Azure AD account to install online apps. On personal devices, an employee must register their device with Azure AD to be able to install corporate licensed online apps. -Corporate device users will find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system app catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. +Corporate device users can find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system app catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. Employees with personal devices can install apps licensed by their organization using the Store app on their device. They can use either the Azure AD account or Microsoft Account within the Store app if they wish to purchase personal apps. If you allow employees with corporate devices to add a secondary Microsoft Account (MSA), the Store app on the device provides a unified method for installing personal and corporate apps. -Online licensed apps do not need to be transferred or downloaded from the Microsoft Store to the MDM system to be distributed and managed. When an employee chooses a company-owned app, it will automatically be installed from the cloud. Also, apps will be automatically updated when a new version is available or can be removed if needed. When an app is removed from a device by the MDM system or the user, Microsoft Store for Business reclaims the license so it can be used for another user or on another device. +Online licensed apps do not need to be transferred or downloaded from the Microsoft Store to the MDM system to be distributed and managed. When an employee chooses a company-owned app, it's automatically installed from the cloud. Also, apps are automatically updated when a new version is available or can be removed if needed. When an app is removed from a device by the MDM system or the user, Microsoft Store for Business reclaims the license so it can be used for another user or on another device. To distribute an app offline (organization-managed), the app must be downloaded from the Microsoft Store for Business. This can be accomplished in the Microsoft Store for Business portal by an authorized administrator. Offline licensing requires the app developer to opt-in to the licensing model, as the Microsoft Store is no longer able to track licenses for the developer. If the app developer doesn’t allow download of the app from Microsoft Store, then you must obtain the files directly from the developer or use the online licensing method. @@ -543,7 +551,7 @@ In addition to controlling which apps are allowed, IT professionals can also imp - **Allow App Store Auto Update** Whether automatic updates of apps from Microsoft Store are allowed. - **Allow Developer Unlock** Whether developer unlock is allowed. - **Allow Shared User App Data** Whether multiple users of the same app can share data. -- **Allow Store** Whether Microsoft Store app is allowed to run. This will completely block the user from installing apps from the Store, but will still allow app distribution through an MDM system. +- **Allow Store** Whether Microsoft Store app is allowed to run. This completely blocks the user from installing apps from the Store, but still allows app distribution through an MDM system. - **Application Restrictions** An XML blob that defines the app restrictions for a device. The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher. See AppLocker above. - **Disable Store Originated Apps** Disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded before the policy was applied. - **Require Private Store Only** Whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available. @@ -561,7 +569,7 @@ One of the biggest challenges in protecting corporate information on mobile devi Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data protected and personal data private. It automatically tags personal and corporate data and applies policies for those apps that can access data classified as corporate. This includes when data is at rest on local or removable storage. Because corporate data is always protected, users cannot copy it to public locations like social media or personal email. -Windows Information Protection works with all apps, which are classified into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on policies. Corporate data will be encrypted at all times and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps consider all data corporate and encrypt everything by default. +Windows Information Protection works with all apps, which are classified into two categories: enlightened and unenlightened. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on policies. Corporate data is encrypted at all times and any attempt to copy/paste or share this information with non-corporate apps or users fails. Unenlightened apps consider all data corporate and encrypt everything by default. Any app developed on the UWA platform can be enlightened. Microsoft has made a concerted effort to enlighten several of its most popular apps, including: - Microsoft Edge @@ -581,7 +589,7 @@ The following table lists the settings that can be configured for Windows Inform - Override mode (encrypt, prompt, and audit) - Block mode (encrypt, block, and audit) - **Enterprise protected domain names*** A list of domains used by the enterprise for its user identities. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. -- **Allow user decryption** Allows the user to decrypt files. If not allowed, the user will not be able to remove protection from enterprise content through the OS or app user experience. +- **Allow user decryption** Allows the user to decrypt files. If not allowed, the user is not able to remove protection from enterprise content through the OS or app user experience. - **Require protection under lock configuration** Specifies whether the protection under lock feature (also known as encrypt under PIN) should be configured. - **Data recovery certificate*** Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through MDM instead of Group Policy. - **Revoke on unenroll** Whether to revoke the information protection keys when a device unenrolls from the management service. @@ -589,11 +597,11 @@ The following table lists the settings that can be configured for Windows Inform - **Allow Azure RMS for information protection** Specifies whether to allow Azure RMS encryption for information protection. - **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the Start menu. - **Status** A read-only bit mask that indicates the current state of information protection on the device. The MDM service can use this value to determine the current overall state of information protection. -- **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. -- **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. +- **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers is considered part of the enterprise and protected. +- **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device is considered enterprise data and is protected. - **Enterprise Cloud Resources** A list of Enterprise resource domains hosted in the cloud that need to be protected. ->**Note:** * Are mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings - specifically Enterprise IP Range and Enterprise Network Domain Names – must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key (so that others in the company can access it. +(* Mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings - specifically Enterprise IP Range and Enterprise Network Domain Names – must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key so that others in the company can access it.) For more information on Windows Information Protection, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt697634(v=vs.85).aspx) and the following in-depth article series [Protect your enterprise data using Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). @@ -682,11 +690,11 @@ Microsoft has streamlined the Windows product engineering and release cycle so n -Microsoft will also deliver and install monthly updates for security and stability directly to Windows 10 Mobile devices. These Quality Updates, released under Microsoft control via Windows Update, are available for all devices running Windows 10 Mobile. Windows 10 Mobile devices consume Feature Updates and Quality Updates as part of the same standard update process. +Microsoft also delivers and installs monthly updates for security and stability directly to Windows 10 Mobile devices. These Quality Updates, released under Microsoft control via Windows Update, are available for all devices running Windows 10 Mobile. Windows 10 Mobile devices consume Feature Updates and Quality Updates as part of the same standard update process. -Quality Updates are usually smaller than Feature Updates, but the installation process and experience is very similar, though larger updates will take more time to install. Enterprise customers can manage the update experience and process on Windows 10 Mobile devices using an MDM system, after upgrading the devices to Enterprise edition. In most cases, policies to manage the update process will apply to both feature and quality updates. +Quality Updates are usually smaller than Feature Updates, but the installation process and experience is very similar, though larger updates take more time to install. Enterprise customers can manage the update experience and process on Windows 10 Mobile devices using an MDM system, after upgrading the devices to Enterprise edition. In most cases, policies to manage the update process apply to both feature and quality updates. -Microsoft aspires to update Windows 10 Mobile devices with the latest updates automatically and without being disruptive for all customers. Out-of-the-box, a Windows 10 Mobile device will Auto Scan for available updates. However, depending on the device’s network and power status, update methods and timing will vary. +Microsoft aspires to update Windows 10 Mobile devices with the latest updates automatically and without being disruptive for all customers. Out-of-the-box, a Windows 10 Mobile device uses Auto Scan to search for available updates. However, depending on the device’s network and power status, update methods and timing may vary. @@ -717,8 +725,8 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au - - + + @@ -739,8 +747,8 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on a regular basis. The [Windows release information page](https://technet.microsoft.com/windows/release-info) is designed to help you determine if your devices are current with the latest Windows 10 feature and quality updates. The release information published on this page, covers both Windows 10 for PCs and Windows 10 Mobile. In addition, the [Windows update history page](https://windows.microsoft.com/en-us/windows-10/update-history-windows-10) helps you understand what these updates are about. ->**Note:** -We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback via the Feedback Hub +> [!NOTE] +> We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback via the Feedback Hub **Windows as a Service** @@ -845,11 +853,11 @@ The following table summarizes applicable update policy settings by version of W @@ -892,7 +900,7 @@ This can include: - Automatically downloading and restarting devices with user notification. - Automatically downloading and restarting devices at a specified time. - Automatically downloading and restarting devices without user interaction. -- Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device will not receive any updates. +- Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device does not receive any updates. In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ActiveHoursEnd) (supported values are 0-23, where 0 is 12am, 1 is 1am, etc.) or on a specific what [day of the week](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ScheduledInstallDay) (supported values are 0-7, where 0 is every day, 1 is Sunday, 2 is Monday, etc.). @@ -953,7 +961,8 @@ DHA-enabled device management solutions help IT managers create a unified securi - Trigger further investigation and monitoring (route the device to a honeypot for further monitoring) - Simply alert the user or the admin to fix the issue ->**Note:** Windows Device Health Attestation Service can be used for conditional access scenarios which may be enabled by Mobile Device Management solutions (e.g.: Microsoft Intune) and other types of management systems (e.g.: SCCM) purchased separately. +> [!NOTE] +> Windows Device Health Attestation Service can be used for conditional access scenarios which may be enabled by Mobile Device Management solutions (e.g.: Microsoft Intune) and other types of management systems (e.g.: SCCM) purchased separately. For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide). @@ -990,7 +999,7 @@ Here is what occurs when a smartphone is turned on: Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (e.g., installed updates). -The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide. +The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide: - **Installed enterprise apps** List of the enterprise apps installed on the device - **Device name** The device name configured for the device @@ -1004,7 +1013,7 @@ The following list shows examples of the Windows 10 Mobile software and hardware - **Device language** Language in use on the device - **Phone number** Phone number assigned to the device - **Roaming status** Indicates whether the device has a roaming cellular connection -- **International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI) Unique identifiers for the cellular connection for the phone; Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user +- **International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI)** Unique identifiers for the cellular connection for the phone (Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user) - **Wi-Fi IP address** IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device - **Wi-Fi media access control (MAC) address** MAC address assigned to the Wi-Fi adapter in the device - **Wi-Fi DNS suffix and subnet mask** DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device @@ -1021,7 +1030,8 @@ You can control the level of data that diagnostic data systems collect. To confi For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). ->**Note:** Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. +> [!NOTE] +> Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. ### Remote assistance @@ -1050,15 +1060,16 @@ Device retirement is the last phase of the device lifecycle, which in today’s Windows 10 Mobile IT supports device retirement in both personal and corporate scenarios, allowing IT to be confident that corporate data remains confidential and user privacy is protected. ->**Note:** All these MDM capabilities are in addition to the device’s software and hardware factory reset features, which employees can use to restore devices to their factory configuration. +> [!NOTE] +> All these MDM capabilities are in addition to the device’s software and hardware factory reset features, which employees can use to restore devices to their factory configuration. **Personal devices:** Windows 10 mobile supports the USA regulatory requirements for a “kill switch” in case your phone is lost or stolen. Reset protection is a free service on account.microsoft.com that helps ensure that the phone cannot be easily reset and reused. All you need to do to turn on **Reset Protection** is sign in with your Microsoft account and accept the recommended settings. To manually turn it on, you can find it under Settings > Updates & security > Find my phone. At this point, Reset Protection is only available with an MSA, not with Azure AD account. It is also only available in the USA and not in other regions of the world. If you choose to completely wipe a device when lost or when an employee leaves the company, make sure you obtain consent from the user and follow any local legislation that protects the user’s personal data. -A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system. +A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data is tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles are immediately removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and is reported to the MDM system. -**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process. +**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that also makes the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process. **Settings for personal or corporate device retirement** - **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system) From d10a8c112614af765169013aeb626c2e59284b41 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 10 Jul 2020 17:57:02 +0500 Subject: [PATCH 037/102] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index eb3f8eb24e..71132b1c96 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4061,6 +4061,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md) - [ADMX-backed policy CSPs](policy-csps-admx-backed.md) +> [!NOTE] +> Not all Policy CSPs supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + ## Policy CSPs supported by HoloLens devices - [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md) - [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) From ac1862a9cfc9f5121c64002a37fad1ab344345e8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 10 Jul 2020 19:35:44 +0530 Subject: [PATCH 038/102] added smartscreen link as per the user report #7131 so i added defender smartscreen link --- .../security/threat-protection/intelligence/developer-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index c6973ab9e1..ce1d4ec198 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -47,4 +47,4 @@ This is not related to Microsoft Defender Antivirus and other Microsoft antimalw ## Why does the Windows Defender SmartScreen say my program is not commonly downloaded? -This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. You can find out more from the SmartScreen website. +This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. You can find out more from the [SmartScreen website.](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) From 62d9effee1b1b89c199ca3db65289be360dfc42b Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Fri, 10 Jul 2020 09:20:08 -0700 Subject: [PATCH 039/102] Update update-csp.md I want to add a note that the update CSP aside from Rollback is *not* recommended for desktop devices. This is to ensure that MDMs do not use the update csp approval aspects to try and manage desktop devices and instead utilize the Policy CSP-Update policies. --- windows/client-management/mdm/update-csp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index bacfd4f923..324d9af45b 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -16,6 +16,9 @@ ms.date: 02/23/2018 The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. +> [!Note] +> All aspects of the Update CSP aside from Rollback are not recommended for managing desktop devices. To manage desktop devices from Windows Update please see the Policy CSP - Updates section of the Mobile Device Management documentation. Rollback can be used for desktop devices on 1803 and above. + The following diagram shows the Update configuration service provider in tree format. ![update csp diagram](images/provisioning-csp-update.png) From c6525c92b46dc7300f4d68e9f545fb4b4f41e7f6 Mon Sep 17 00:00:00 2001 From: Manika Dhiman Date: Fri, 10 Jul 2020 11:32:43 -0700 Subject: [PATCH 040/102] Update update-csp.md Added a link to the Policy CSP - Update doc. --- windows/client-management/mdm/update-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 324d9af45b..1d4d3a7e86 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -17,7 +17,7 @@ ms.date: 02/23/2018 The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. > [!Note] -> All aspects of the Update CSP aside from Rollback are not recommended for managing desktop devices. To manage desktop devices from Windows Update please see the Policy CSP - Updates section of the Mobile Device Management documentation. Rollback can be used for desktop devices on 1803 and above. +> All aspects of the Update CSP aside from Rollback are not recommended for managing desktop devices. To manage desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation. Rollback can be used for desktop devices on 1803 and above. The following diagram shows the Update configuration service provider in tree format. From db641a3a204325bec8c1c521d51eaa28895b26d0 Mon Sep 17 00:00:00 2001 From: LucasArona Date: Fri, 10 Jul 2020 21:03:22 +0200 Subject: [PATCH 041/102] Wrong registry path for the analysis --- windows/deployment/upgrade/setupdiag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index bea5439367..bca001f87a 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -48,7 +48,7 @@ When run by Windows Setup, the following [parameters](#parameters) are used: - /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml - /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results -The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\Setup\SetupDiag\Results**. +The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**. If the upgrade process proceeds normally, the **Sources** directory including **setupdiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **setupdiag.exe** will also be removed. From 925ef2a88d265f24142091383f033df54b1bfa8a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 10 Jul 2020 13:24:49 -0700 Subject: [PATCH 042/102] Update microsoft-defender-advanced-threat-protection.md --- .../microsoft-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index 74190892a5..283349edd3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -136,4 +136,4 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf ## Related topic -[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection) +[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/en-us/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection) From 9d086fe08587871c987c09b225609713076d5024 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 10 Jul 2020 14:03:37 -0700 Subject: [PATCH 043/102] corrections --- .../update/waas-delivery-optimization-reference.md | 6 +++--- .../update/waas-delivery-optimization-setup.md | 2 +- .../deployment/update/waas-delivery-optimization.md | 12 ++++++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index fc05fe55aa..b101477546 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -47,9 +47,9 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz | [Absolute Max Cache Size](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | | [Modify Cache Drive](#modify-cache-drive) | DOModifyCacheDrive | 1607 | | [Minimum Peer Caching Content File Size](#minimum-peer-caching-content-file-size) | DOMinFileSizeToCache | 1703 | -| [Maximum Download Bandwidth](#maximum-download-bandwidth) | DOMaxDownloadBandwidth | 1607 | -| [Percentage of Maximum Download Bandwidth](#percentage-of-maximum-download-bandwidth) | DOPercentageMaxDownloadBandwidth | 1607 | -| [Max Upload Bandwidth](#max-upload-bandwidth) | DOMaxUploadBandwidth | 1607 | +| [Maximum Download Bandwidth](#maximum-download-bandwidth) | DOMaxDownloadBandwidth | 1607 (removed in Windows 10, version 2004; use [Maximum Background Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) or [Maximum Foreground Download Bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| +| [Percentage of Maximum Download Bandwidth](#percentage-of-maximum-download-bandwidth) | DOPercentageMaxDownloadBandwidth | 1607 (removed in Windows 10, version 2004; use [Maximum Background Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) or [Maximum Foreground Download Bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| +| [Max Upload Bandwidth](#max-upload-bandwidth) | DOMaxUploadBandwidth | 1607 (removed in Windows 10, version 2004) | | [Monthly Upload Data Cap](#monthly-upload-data-cap) | DOMonthlyUploadDataCap | 1607 | | [Minimum Background QoS](#minimum-background-qos) | DOMinBackgroundQoS | 1607 | | [Enable Peer Caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) | DOAllowVPNPeerCaching | 1709 | diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index a8e262526e..0eb29e75e3 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -178,7 +178,7 @@ You can now "pin" files to keep them persistent in the cache. You can only do th **Starting in Windows 10, version 2004:** - `Enable-DeliveryOptimizationVerboseLogs` -- `Disable-DliveryOptimizationVerboseLogs` +- `Disable-DeliveryOptimizationVerboseLogs` - `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index ba1b1c034a..ae06cd3627 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -40,17 +40,21 @@ For information about setting up Delivery Optimization, including tips for the b ![absolute bandwidth settings in delivery optimization interface](images/DO-absolute-bandwidth.png) -- Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#microsoft-connected-cache). +- Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). - New options for [`Get-DeliveryOptimizationPerfSnap`](waas-delivery-optimization-setup.md#analyze-usage). - New cmdlets: - `Enable-DeliveryOptimizationVerboseLogs` - - `Disable-DliveryOptimizationVerboseLogs` + - `Disable-DeliveryOptimizationVerboseLogs` - `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` -- New policy settings (for details see ): +- New policy settings: - [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname) - [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source) - - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) + - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs); replaces DOPercentageMaxDownloadBandwidth - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) +- Removed policy settings (if you set these policies in Windows 10, 2004, they will have no effect): + - DOMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) or [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead. + - DOPercentageMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) or [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead. + - DOMaxUploadBandwidth - Support for new types of downloads: - Office installations and updates - Xbox game pass games From 15710d6dd2d52cfb6181d06f5cdaa2b9f334390c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 10 Jul 2020 15:04:19 -0700 Subject: [PATCH 044/102] Making final image expandable --- windows/deployment/update/waas-delivery-optimization-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index 0eb29e75e3..983594b78b 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -220,7 +220,7 @@ Log entries are written to the PowerShell pipeline as objects. To dump logs to a Update Compliance provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days. -![DO status](images/UC_workspace_DO_status.png) +[ ![DO status](images/UC_workspace_DO_status.png) ](images/UC_workspace_DO_status.png#lightbox) For details, see [Delivery Optimization in Update Compliance](update-compliance-delivery-optimization.md). From 79846452f4a7517240037411bd5c9896a5abf902 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 10 Jul 2020 15:12:11 -0700 Subject: [PATCH 045/102] Indented content in a list item, added white space --- windows/deployment/update/waas-delivery-optimization.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index ae06cd3627..76b225825d 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -38,23 +38,28 @@ For information about setting up Delivery Optimization, including tips for the b - Enterprise network throttling: new settings have been added in Group Policy and MDM to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface: -![absolute bandwidth settings in delivery optimization interface](images/DO-absolute-bandwidth.png) + ![absolute bandwidth settings in delivery optimization interface](images/DO-absolute-bandwidth.png) - Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). + - New options for [`Get-DeliveryOptimizationPerfSnap`](waas-delivery-optimization-setup.md#analyze-usage). + - New cmdlets: - `Enable-DeliveryOptimizationVerboseLogs` - `Disable-DeliveryOptimizationVerboseLogs` - `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]` + - New policy settings: - [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname) - [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source) - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs); replaces DOPercentageMaxDownloadBandwidth - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) + - Removed policy settings (if you set these policies in Windows 10, 2004, they will have no effect): - DOMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) or [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead. - DOPercentageMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) or [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead. - DOMaxUploadBandwidth + - Support for new types of downloads: - Office installations and updates - Xbox game pass games From dd35a6dd2e385664204729aca593bd236a0c7a08 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 10 Jul 2020 15:54:33 -0700 Subject: [PATCH 046/102] Updated supported values --- windows/client-management/mdm/policy-csp-defender.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 56f6870274..49855399e3 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1731,8 +1731,8 @@ If you disable or do not configure this setting, catch-up scans for scheduled fu Supported values: -- 0 - Disabled (default) -- 1 - Enabled +- 1 - Disabled (default) +- 0 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupFullScan @@ -1811,8 +1811,8 @@ If you disable or do not configure this setting, catch-up scans for scheduled qu Supported values: -- 0 - Disabled (default) -- 1 - Enabled +- 1 - Disabled (default) +- 0 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupQuickScan From 2db690e9ec9d158308e0cc15d6f2f45b9d3e3082 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 10 Jul 2020 16:35:26 -0700 Subject: [PATCH 047/102] Changed "Bitlocker" to "BitLocker" --- .../mdm/policy-configuration-service-provider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 71132b1c96..5e23762281 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -562,11 +562,11 @@ The following diagram shows the Policy configuration service provider in tree fo -### Bitlocker policies +### BitLocker policies
- Bitlocker/EncryptionMethod + BitLocker/EncryptionMethod
From 4e87357b9ed00d14bd2f34c4e2026bd4f66c9303 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 10 Jul 2020 16:54:09 -0700 Subject: [PATCH 048/102] Added bold to UI text/navigation --- ...ows-10-device-automatically-using-group-policy.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 95927fa42d..b68290767f 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -80,7 +80,7 @@ The following steps demonstrate required settings using the Intune service: ![Mobility setting MDM intune](images/auto-enrollment-microsoft-intune-setting.png) -7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is properly deployed to all devices which should be enrolled into Intune. +7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune. You may contact your domain administrators to verify if the group policy has been deployed successfully. 8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal). @@ -194,7 +194,7 @@ Investigate the log file if you have issues even after performing all the mandat To collect Event Viewer logs: 1. Open Event Viewer. -2. Navigate to Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin. +2. Navigate to **Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin**. > [!Tip] > For guidance on how to collect event logs for Intune, see [Collect MDM Event Viewer Log YouTube video](https://www.youtube.com/watch?v=U_oCe2RmQEc). @@ -208,14 +208,14 @@ To collect Event Viewer logs: To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information. - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section. - The auto-enrollment process is triggered by a task (Microsoft > Windows > EnterpriseMgmt) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is successfully deployed to the target machine as shown in the following screenshot: + The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot: ![Task scheduler](images/auto-enrollment-task-scheduler.png) > [!Note] > This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task. This task runs every 5 minutes for the duration of 1 day. To confirm if the task succeeded, check the task scheduler event logs: - Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational. + **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107. ![Event ID 107](images/auto-enrollment-event-id-107.png) @@ -226,11 +226,11 @@ To collect Event Viewer logs: Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment. If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required. - One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (HKLM > Software > Microsoft > Enrollments). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen: + One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen: ![Outdated enrollment entries](images/auto-enrollment-outdated-enrollment-entries.png) - By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational event log file under event ID 7016. + By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016. A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display less entries as shown in the following screenshot: ![Manually deleted entries](images/auto-enrollment-activation-verification-less-entries.png) From 524bd8bbcf529fd1a0e1a9550298bc7358d28c22 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 10 Jul 2020 17:12:45 -0700 Subject: [PATCH 049/102] Added bullets to lists that were vertical only in source The rendered versions looked like a jumble --- ...device-automatically-using-group-policy.md | 29 ++++++++++++++----- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index b68290767f..cf1bd637b2 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -168,24 +168,39 @@ Requirements: [!IMPORTANT] If you do not see the policy, it may be because you don’t have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible): 1. Download: - 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or - 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) or - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) + + - 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) + + - 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) + + - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) + 2. Install the package on the Domain Controller. + 3. Navigate, depending on the version to the folder: - 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or - 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**, or - 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3** + + - 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2** + + - 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** + + - 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3** + 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. + 5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**. - (If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain). + + If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. + 6. Restart the Domain Controller for the policy to be available. This procedure will work for any future version as well. 1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. + 2. Create a Security Group for the PCs. + 3. Link the GPO. + 4. Filter using Security Groups. ## Troubleshoot auto-enrollment of devices From 979a3b9635593f7c66400adfd68f94a0215e948f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 10 Jul 2020 17:35:13 -0700 Subject: [PATCH 050/102] Correct broken "Important" note and transition to body text This change corrects a broken "Important" note that might've included two procedures. I've fixed the note and revised it to not encapsulate the two procedures. --- ...device-automatically-using-group-policy.md | 57 ++++++++++--------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index cf1bd637b2..a1b759f011 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -165,35 +165,36 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. -[!IMPORTANT] -If you do not see the policy, it may be because you don’t have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible): - 1. Download: - - - 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) - - - 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) - - - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) - - 2. Install the package on the Domain Controller. - - 3. Navigate, depending on the version to the folder: - - - 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2** - - - 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** - - - 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3** - - 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. - - 5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**. - - If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. - - 6. Restart the Domain Controller for the policy to be available. +> [!IMPORTANT] +> If you do not see the policy, it may be because you don't have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, use the following procedures. Note that the latest MDM.admx is backwards compatible. - This procedure will work for any future version as well. +1. Download: + + - 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) + + - 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) + + - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) + +2. Install the package on the Domain Controller. + +3. Navigate, depending on the version to the folder: + + - 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2** + + - 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** + + - 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3** + +4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. + +5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**. + + If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. + +6. Restart the Domain Controller for the policy to be available. + +This procedure will work for any future version as well. 1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. From 904dc39f02d1cea324ab9d7a43fd0764de678ef1 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 10 Jul 2020 19:03:42 -0700 Subject: [PATCH 051/102] new list --- .../tvm-security-recommendation.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 3d72a507d3..c6b5159b9a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -144,11 +144,12 @@ When an exception is created for a recommendation, the recommendation is no long The following list details the justifications behind the exception options: - - **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall - - prevents access to a device, third party antivirus - - **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow - - **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive + - **Third party control** - A third party product or software already addresses this recommendation + - This justification type will give you point for completing the recommendation, which affects your exposure score and secure score + - **Alternate mitigation** - An internal tool already addresses this recommendation + - This justification type will give you point for completing the recommendation, which affects your exposure score and secure score + - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - - **Other** - False positive 3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. From 9a5933c86132060544bcc08ef4be695d3ce69b06 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 10 Jul 2020 19:40:10 -0700 Subject: [PATCH 052/102] better explanation --- .../microsoft-defender-atp/tvm-security-recommendation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index c6b5159b9a..1169a50661 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -145,9 +145,9 @@ When an exception is created for a recommendation, the recommendation is no long The following list details the justifications behind the exception options: - **Third party control** - A third party product or software already addresses this recommendation - - This justification type will give you point for completing the recommendation, which affects your exposure score and secure score + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - **Alternate mitigation** - An internal tool already addresses this recommendation - - This justification type will give you point for completing the recommendation, which affects your exposure score and secure score + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization From cb8703a5460255e4bf1cd5fa72fbda7d90266ecd Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 10 Jul 2020 21:38:00 -0700 Subject: [PATCH 053/102] Release notes for 101.03.12 --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 8e3150af35..61b9edd8cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -26,6 +26,10 @@ ms.topic: conceptual > > If you have previously allowed the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to allow the kernel extension, your users will be presented with the warning. To proactively silence the warning, you can still deploy a configuration to allow the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. +## 101.03.12 + +- Performance improvements & bug fixes + ## 101.01.54 - Improvements around compatibility with Time Machine From bc7a223b76794015eee9693faebdbc3780221c75 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 11 Jul 2020 16:23:09 +0530 Subject: [PATCH 054/102] added new link as per the user report #7144 , so I inserted **how Microsoft identifies malware and pua website link** **https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria** --- .../security/threat-protection/intelligence/developer-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index ce1d4ec198..2441fc8c12 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -31,7 +31,7 @@ Submit the file in question as a software developer. Wait until your submission If you're not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary. -We encourage all software vendors and developers to read about how Microsoft identifies malware and unwanted software. +We encourage all software vendors and developers to read about [how Microsoft identifies malware and pua.](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria) ## Why is Microsoft asking for a copy of my program? From 205a0ec6372ab111917baba55d6b1f7501938911 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 11 Jul 2020 22:07:44 +0530 Subject: [PATCH 055/102] Update windows/security/threat-protection/intelligence/developer-faq.md Accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/threat-protection/intelligence/developer-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index 2441fc8c12..b959041a16 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -31,7 +31,7 @@ Submit the file in question as a software developer. Wait until your submission If you're not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary. -We encourage all software vendors and developers to read about [how Microsoft identifies malware and pua.](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria) +We encourage all software vendors and developers to read about [how Microsoft identifies malware and Potentially Unwanted Applications (PUA)](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria). ## Why is Microsoft asking for a copy of my program? From 27cee5c4db8684bc8c41f65d41eff7570628c3c8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 11 Jul 2020 22:46:20 +0530 Subject: [PATCH 056/102] Update windows/security/threat-protection/intelligence/developer-faq.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/threat-protection/intelligence/developer-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index b959041a16..8bf5c9b5f3 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -31,7 +31,7 @@ Submit the file in question as a software developer. Wait until your submission If you're not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary. -We encourage all software vendors and developers to read about [how Microsoft identifies malware and Potentially Unwanted Applications (PUA)](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria). +We encourage all software vendors and developers to read about [how Microsoft identifies malware and Potentially Unwanted Applications (PUA)](criteria.md). ## Why is Microsoft asking for a copy of my program? From 1ee77c943311a6d0757cfade9f3cf9331889e8e7 Mon Sep 17 00:00:00 2001 From: Kelly Baker Date: Sat, 11 Jul 2020 18:44:32 -0700 Subject: [PATCH 057/102] Update windows-10-mobile-and-mdm.md --- .../windows-10-mobile-and-mdm.md | 162 +++++++++--------- 1 file changed, 82 insertions(+), 80 deletions(-) diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index 3837eaff64..98319f2e84 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -400,8 +400,8 @@ For more detailed information about APN settings, see [APN CSP](https://msdn.mic The following lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity: - **Connection name** Specifies the name of the connection the proxy is associated with (this is the APN name of a configured connection) -- **Bypass Local** Specifies if the proxy should be bypassed when local hosts are accessed by the device -- **Enable** Specifies if the proxy is enabled +- **Bypass Local** Specifies whether the proxy should be bypassed when local hosts are accessed by the device +- **Enable** Specifies whether the proxy is enabled - **Exception** Specifies a semi-colon delimited list of external hosts which should bypass the proxy when accessed - **User Name** Specifies the username used to connect to the proxy - **Password** Specifies the password used to connect to the proxy @@ -415,15 +415,15 @@ For more details on proxy settings, see [CM_ProxyEntries CSP](https://msdn.micro *Applies to: Corporate and personal devices* -Organizations often use a VPN to control access to apps and resources on their company’s intranet. In addition to native Microsoft Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Key Exchange Protocol version 2 (IKEv2) VPNs, Windows 10 Mobile supports SSL VPN connections, which require a downloadable plugin from the Microsoft Store and are specific to the VPN vendor of your choice. These plugins work like apps and can be installed directly from the Microsoft Store using your MDM system (see App Management). +Organizations often use a VPN to control access to apps and resources on their company’s intranet. In addition to native Microsoft Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Key Exchange Protocol version 2 (IKEv2) VPNs, Windows 10 Mobile supports SSL VPN connections, which require a downloadable plugin from the Microsoft Store and are specific to the VPN vendor of your choice. These plugins work like apps and can be installed directly from the Microsoft Store using your MDM system (see App Management). You can create and provision multiple VPN connection profiles and then deploy them to managed devices that run Windows 10 Mobile. To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP), you can use the following settings: - **VPN Servers** The VPN server for the VPN profile - **Routing policy type** The type of routing policy the VPN profile uses can be set to one of the following values: - - Split tunnel. Only network traffic destined to the intranet goes through the VPN connection - - Force tunnel. All traffic goes through the VPN connection + - Split tunnel: Only network traffic destined to the intranet goes through the VPN connection + - Force tunnel: All traffic goes through the VPN connection - **Tunneling protocol type** The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols can be one the following values: PPTP, L2TP, IKEv2, Automatic - **User authentication method** The user authentication method for the VPN connection can have a value of EAP or MSChapv2 (Windows 10 Mobile does not support the value MSChapv2 for IKEv2-based VPN connections) - **Machine certificate** The machine certificate used for IKEv2-based VPN connections @@ -437,10 +437,10 @@ To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such a Microsoft Store–based VPN plugins for the VPN connection allow you to create a VPN plugin profile with the following attributes: - **VPN server** A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address -- **Custom configuration** An HTML-encoded XML blob for SSL–VPN plugin–specific configuration information (e.g., authentication information) that the plugin provider requires +- **Custom configuration** An HTML-encoded XML blob for SSL–VPN plugin–specific configuration information (such as authentication information) that the plugin provider requires - **Microsoft Store VPN plugin family name** Specifies the Microsoft Store package family name for the Microsoft Store–based VPN plugin -In addition, you can specify per VPN Profile: +In addition, you can specify per VPN profile: - **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list automatically triggers the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention. - **Route List** List of routes to be added to the routing table for the VPN interface. This is required for split tunneling cases where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. @@ -449,7 +449,7 @@ In addition, you can specify per VPN Profile: - **DNS suffixes** A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to Suffix Search List. - **Proxy** Any post-connection proxy support required for the VPN connection; including Proxy server name and Automatic proxy configuration URL. Specifies the URL for automatically retrieving proxy server settings. - **Always on connection** Windows 10 Mobile features always-on VPN, which makes it possible to automatically start a VPN connection when a user signs in. The VPN stays connected until the user manually disconnects it. -- **Remember credentials** Whether the VPN connection caches credentials. +- **Remember credentials** Specifies whether the VPN connection caches credentials. - **Trusted network detection** A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible (Wi-Fi). - **Enterprise Data Protection Mode ID** Enterprise ID, which is an optional field that allows the VPN to automatically trigger based on an app defined with a Windows Information Protection policy. - **Device Compliance** To set up Azure AD-based Conditional Access for VPN and allow that SSO with a certificate different from the VPN Authentication certificate for Kerberos Authentication in the case of Device Compliance. @@ -460,12 +460,12 @@ In addition, you can specify per VPN Profile: - No other VPN profiles can be connected or modified. - **ProfileXML** In case your MDM system does not support all the VPN settings you want to configure, you can create an XML file that defines the VPN profile you want to apply to all the fields you require. -For more details about VPN profiles, see the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776(v=vs.85).aspx) +For more details about VPN profiles, see [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776(v=vs.85).aspx). -Some device-wide settings for managing VPN connections can help you manage VPNs over cellular data connections, which in turn helps reduce costs associated with roaming or data plan charges. -- **Allow VPN** Whether users can change VPN settings -- **Allow VPN Over Cellular** Whether users can establish VPN connections over cellular networks -- **Allow VPN Over Cellular when Roaming** Whether users can establish VPN connections over cellular networks when roaming +Some device-wide settings for managing VPN connections can help you manage VPNs over cellular data connections, which in turn helps reduce costs associated with roaming or data plan charges: +- **Allow VPN** Specifies whether users can change VPN settings +- **Allow VPN Over Cellular** Specifies whether users can establish VPN connections over cellular networks +- **Allow VPN Over Cellular when Roaming** Specifies whether users can establish VPN connections over cellular networks when roaming ### Storage management @@ -479,16 +479,16 @@ The SD card is uniquely paired with a device. No other devices can see the apps You can disable the **Allow Storage Card** setting if you wish to prevent users from using SD cards entirely. If you choose not to encrypt storage, you can help protect your corporate apps and data by using the Restrict app data to the system volume and Restrict apps to the system volume settings. These help ensure that users cannot copy your apps and data to SD cards. -Here is a list of MDM storage management settings that Windows 10 Mobile provides. +Here is a list of MDM storage management settings that Windows 10 Mobile provides: -- **Allow Storage Card** Whether the use of storage cards for data storage is allowed -- **Require Device Encryption** Whether internal storage is encrypted (when a device is encrypted, you cannot use a policy to turn encryption off) +- **Allow Storage Card** Specifies whether the use of storage cards for data storage is allowed +- **Require Device Encryption** Specifies whether internal storage is encrypted (when a device is encrypted, you cannot use a policy to turn encryption off) - **Encryption method** Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values: - AES-Cipher Block Chaining (CBC) 128-bit - AES-CBC 256-bit - XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default) - XTS-AES-256-bit -- **Allow Federal Information Processing Standard (FIPS) algorithm policy** Whether the device allows or disallows the FIPS algorithm policy +- **Allow Federal Information Processing Standard (FIPS) algorithm policy** Specifies whether the device allows or disallows the FIPS algorithm policy - **SSL cipher suites** Specifies a list of the allowed cryptographic cipher algorithms for SSL connections - **Restrict app data to the system volume** Specifies whether app data is restricted to the system drive - **Restrict apps to the system volume** Specifies whether apps are restricted to the system drive @@ -533,7 +533,7 @@ To install acquired Microsoft Store or LOB apps offline on a Windows 10 Mobile d Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 Mobile Enterprise edition. -Learn more about the [Microsoft Store for Business](/microsoft-store/index). +For more information, see [Microsoft Store for Business](/microsoft-store/index). ### Managing apps @@ -543,21 +543,21 @@ IT administrators can control which apps are allowed to be installed on Windows Windows 10 Mobile includes AppLocker, which enables administrators to create allow or disallow lists of apps from the Microsoft Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allow or disallow lists also requires keeping up with the changing app landscape in the Microsoft Store. -For more details, see [AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019(v=vs.85).aspx). +For more information, see [AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019(v=vs.85).aspx). -In addition to controlling which apps are allowed, IT professionals can also implement additional app management settings on Windows 10 Mobile, using an MDM. +In addition to controlling which apps are allowed, IT professionals can also implement additional app management settings on Windows 10 Mobile, using an MDM: -- **Allow All Trusted Apps** Whether users can sideload apps on the device. -- **Allow App Store Auto Update** Whether automatic updates of apps from Microsoft Store are allowed. -- **Allow Developer Unlock** Whether developer unlock is allowed. -- **Allow Shared User App Data** Whether multiple users of the same app can share data. -- **Allow Store** Whether Microsoft Store app is allowed to run. This completely blocks the user from installing apps from the Store, but still allows app distribution through an MDM system. +- **Allow All Trusted Apps** Specifies whether users can sideload apps on the device. +- **Allow App Store Auto Update** Specifies whether automatic updates of apps from Microsoft Store are allowed. +- **Allow Developer Unlock** Specifies whether developer unlock is allowed. +- **Allow Shared User App Data** Specifies whether multiple users of the same app can share data. +- **Allow Store** Specifies whether Microsoft Store app is allowed to run. This completely blocks the user from installing apps from the Store, but still allows app distribution through an MDM system. - **Application Restrictions** An XML blob that defines the app restrictions for a device. The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher. See AppLocker above. - **Disable Store Originated Apps** Disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded before the policy was applied. -- **Require Private Store Only** Whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available. -- **Restrict App Data to System Volume** Whether app data is allowed only on the system drive or can be stored on an SD card. -- **Restrict App to System Volume** Whether app installation is allowed only to the system drive or can be installed on an SD card. -- **Start screen layout** An XML blob used to configure the Start screen (see [Start layout for Windows 10 Mobile](https://msdn.microsoft.com/library/windows/hardware/mt171093(v=vs.85).aspx) for more information). +- **Require Private Store Only** Specifies whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available. +- **Restrict App Data to System Volume** Specifies whether app data is allowed only on the system drive or can be stored on an SD card. +- **Restrict App to System Volume** Specifies whether app installation is allowed only to the system drive or can be installed on an SD card. +- **Start screen layout** An XML blob used to configure the Start screen (for more information, see [Start layout for Windows 10 Mobile](https://msdn.microsoft.com/library/windows/hardware/mt171093(v=vs.85).aspx)). Find more details on application management options in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#ApplicationManagement_AllowAllTrustedApps) @@ -592,16 +592,16 @@ The following table lists the settings that can be configured for Windows Inform - **Allow user decryption** Allows the user to decrypt files. If not allowed, the user is not able to remove protection from enterprise content through the OS or app user experience. - **Require protection under lock configuration** Specifies whether the protection under lock feature (also known as encrypt under PIN) should be configured. - **Data recovery certificate*** Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through MDM instead of Group Policy. -- **Revoke on unenroll** Whether to revoke the information protection keys when a device unenrolls from the management service. +- **Revoke on unenroll** Specifies whether to revoke the information protection keys when a device unenrolls from the management service. - **RMS template ID for information protection** Allows the IT admin to configure the details about who has access to RMS-protected files and for how long. - **Allow Azure RMS for information protection** Specifies whether to allow Azure RMS encryption for information protection. -- **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the Start menu. +- **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the **Start** menu. - **Status** A read-only bit mask that indicates the current state of information protection on the device. The MDM service can use this value to determine the current overall state of information protection. - **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers is considered part of the enterprise and protected. - **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device is considered enterprise data and is protected. - **Enterprise Cloud Resources** A list of Enterprise resource domains hosted in the cloud that need to be protected. -(* Mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings - specifically Enterprise IP Range and Enterprise Network Domain Names – must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key so that others in the company can access it.) +* Mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings (specifically Enterprise IP Range and Enterprise Network Domain Names) must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key so that others in the company can access it. For more information on Windows Information Protection, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt697634(v=vs.85).aspx) and the following in-depth article series [Protect your enterprise data using Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). @@ -609,18 +609,18 @@ For more information on Windows Information Protection, see the [EnterpriseDataP *Applies to: Corporate devices* -On corporate devices, some user activities expose corporate data to unnecessary risk. For example, users might create a screen capture of corporate information out of an internal LOB app. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data and prevent data leaks. The following demonstrates those capabilities that can be used to help prevent data leaks. +On corporate devices, some user activities expose corporate data to unnecessary risk. For example, users might create a screen capture of corporate information out of an internal LOB app. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data and prevent data leaks. The following demonstrates those capabilities that can be used to help prevent data leaks: -- **Allow copy and paste** Whether users can copy and paste content -- **Allow Cortana** Whether users can use Cortana on the device (where available) -- **Allow device discovery** Whether the device discovery user experience is available on the lock screen (for example, controlling whether a device could discover a projector [or other devices] when the lock screen is displayed) -- **Allow input personalization** Whether personally identifiable information can leave the device or be saved locally (e.g., Cortana learning, inking, dictation) -- **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system) -- **Allow screen capture** Whether users are allowed to capture screenshots on the device +- **Allow copy and paste** Specifies whether users can copy and paste content +- **Allow Cortana** Specifies whether users can use Cortana on the device (where available) +- **Allow device discovery** Specifies whether the device discovery user experience is available on the lock screen (for example, controlling whether a device could discover a projector [or other devices] when the lock screen is displayed) +- **Allow input personalization** Specifies whether personally identifiable information can leave the device or be saved locally (e.g., Cortana learning, inking, dictation) +- **Allow manual MDM unenrollment** Specifies whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system) +- **Allow screen capture** Specifies whether users are allowed to capture screenshots on the device - **Allow SIM error dialog prompt** Specifies whether to display a dialog prompt when no SIM card is installed -- **Allow sync my settings** Whether the user experience settings are synchronized between devices (works with Microsoft accounts only) -- **Allow toasts notifications above lock screen** Whether users are able to view toast notification on the device lock screen -- **Allow voice recording** Whether users are allowed to perform voice recordings +- **Allow sync my settings** Specifies whether the user experience settings are synchronized between devices (works with Microsoft accounts only) +- **Allow toasts notifications above lock screen** Specifies whether users are able to view toast notification on the device lock screen +- **Allow voice recording** Specifies whether users are allowed to perform voice recordings - **Do Not Show Feedback Notifications** Prevents devices from showing feedback questions from Microsoft - **Allow Task Switcher** Allows or disallows task switching on the device to prevent visibility of App screen tombstones in the task switcher - **Enable Offline Maps Auto Update** Disables the automatic download and update of map data @@ -634,19 +634,19 @@ You can find more details on the experience settings in Policy CSP. MDM systems also give you the ability to manage Microsoft Edge on mobile devices. Microsoft Edge is the only browser available on Windows 10 Mobile devices. It differs slightly from the desktop version as it does not support Flash or Extensions. Edge is also an excellent PDF viewer as it can be managed and integrates with Windows Information Protection. -The following settings for Microsoft Edge on Windows 10 Mobile can be managed. +The following settings for Microsoft Edge on Windows 10 Mobile can be managed: -- **Allow Browser** Whether users can run Microsoft Edge on the device -- **Allow Do Not Track headers** Whether Do Not Track headers are allowed -- **Allow InPrivate** Whether users can use InPrivate browsing -- **Allow Password Manager** Whether users can use Password Manager to save and manage passwords locally -- **Allow Search Suggestions in Address Bar** Whether search suggestions are shown in the address bar -- **Allow Windows Defender SmartScreen** Whether Windows Defender SmartScreen is enabled -- **Cookies** Whether cookies are allowed +- **Allow Browser** Specifies whether users can run Microsoft Edge on the device +- **Allow Do Not Track headers** Specifies whether Do Not Track headers are allowed +- **Allow InPrivate** Specifies whether users can use InPrivate browsing +- **Allow Password Manager** Specifies whether users can use Password Manager to save and manage passwords locally +- **Allow Search Suggestions in Address Bar** Specifies whether search suggestions are shown in the address bar +- **Allow Windows Defender SmartScreen** Specifies whether Windows Defender SmartScreen is enabled +- **Cookies** Specifies whether cookies are allowed - **Favorites** Configure Favorite URLs - **First Run URL** The URL to open when a user launches Microsoft Edge for the first time -- **Prevent Windows Defender SmartScreen Prompt Override** Whether users can override the Windows Defender SmartScreen warnings for URLs -- **Prevent Smart Screen Prompt Override for Files** Whether users can override the Windows Defender SmartScreen warnings for files +- **Prevent Windows Defender SmartScreen Prompt Override** Specifies whether users can override the Windows Defender SmartScreen warnings for URLs +- **Prevent Smart Screen Prompt Override for Files** Specifies whether users can override the Windows Defender SmartScreen warnings for files ## Manage @@ -748,7 +748,7 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on a regular basis. The [Windows release information page](https://technet.microsoft.com/windows/release-info) is designed to help you determine if your devices are current with the latest Windows 10 feature and quality updates. The release information published on this page, covers both Windows 10 for PCs and Windows 10 Mobile. In addition, the [Windows update history page](https://windows.microsoft.com/en-us/windows-10/update-history-windows-10) helps you understand what these updates are about. > [!NOTE] -> We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback via the Feedback Hub +> We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback by using the Feedback Hub. **Windows as a Service** @@ -756,7 +756,7 @@ Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on Microsoft created a new way to deliver and install updates to Windows 10 Mobile directly to devices without Mobile Operator approval. This capability helps to simplify update deployments and ongoing management, broadens the base of employees who can be kept current with the latest Windows features and experiences, and lowers total cost of ownership for organizations who no longer have to manage updates to keep devices secure. -Update availability depends on what servicing option you choose for the device. These servicing options are outlined in the chart below: +Update availability depends on what servicing option you choose for the device. These servicing options are outlined in the following chart.
Cellular Device is only connected to a cellular network (standard data charges apply)Will skip a daily scan if scan was successfully completed in the last 5 daysWill only occur if update package is small and does not exceed the mobile operator data limit.Skips a daily scan if scan was successfully completed in the last 5 daysOnly occurs if update package is small and does not exceed the mobile operator data limit. Yes Idem
Subscribe device to CBB, to defer Feature Updates RequireDeferUpgrade -Defers Feature Update until next CBB release. Device will receive quality updates from Current Branch for Business (CBB). +Defers Feature Update until next CBB release. Device receives quality updates from Current Branch for Business (CBB). Defers feature update for minimum of 4 months after Current Branch was release. BranchReadinessLevel -Defers Feature Update until next CBB release. Device will receive quality updates from Current Branch for Business (CBB). +Defers Feature Update until next CBB release. Device receives quality updates from Current Branch for Business (CBB). Defers feature update for minimum of 4 months after Current Branch was release.
Defer Updates
@@ -798,7 +798,7 @@ Update availability depends on what servicing option you choose for the device.
-**Enterprise Edition** +**Enterprise edition** *Applies to: Corporate devices* @@ -813,11 +813,12 @@ To learn more about diagnostic, see [Configure Windows diagnostic data in your o To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required. -Details on updating a device to Enterprise edition with [WindowsLicensing CSP](https://msdn.microsoft.com/library/windows/hardware/dn904983(v=vs.85).aspx) +For more information on updating a device to Enterprise edition, see [WindowsLicensing CSP](https://msdn.microsoft.com/library/windows/hardware/dn904983(v=vs.85).aspx). ->**Recommendation:** Microsoft recommends using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices. +> [!NOTE] +> We recommend using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices. -**Deferring and Approving Updates with MDM** +**Deferring and approving updates with MDM** *Applies to: Corporate devices with Enterprise edition* @@ -888,7 +889,7 @@ Pause Feature Updates for up to 35 days -**Managing the Update Experience** +**Managing the update experience** *Applies to: Corporate devices with Enterprise edition* @@ -902,7 +903,7 @@ This can include: - Automatically downloading and restarting devices without user interaction. - Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device does not receive any updates. -In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ActiveHoursEnd) (supported values are 0-23, where 0 is 12am, 1 is 1am, etc.) or on a specific what [day of the week](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ScheduledInstallDay) (supported values are 0-7, where 0 is every day, 1 is Sunday, 2 is Monday, etc.). +In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ActiveHoursEnd) (supported values are 0-23, where 0 is 12am, 1 is 1am, and so on) or on a specific [day of the week](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ScheduledInstallDay) (supported values are 0-7, where 0 is every day, 1 is Sunday, 2 is Monday, and so on). **Managing the source of updates with MDM** @@ -910,9 +911,9 @@ In addition, in version 1607, you can configure when the update is applied to th Although Windows 10 Enterprise enables IT administrators to defer installation of new updates from Windows Update, enterprises may also want additional control over update processes. With this in mind, Microsoft created Windows Update for Business. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates. If you are using a MDM system, the use of Windows Update for Business is not a requirement, as you can manage these features from your MDM system. -Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). +For more information, see [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). -IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS. +IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS). **Managing Updates with Windows Update Server** @@ -920,13 +921,13 @@ IT administrators can specify where the device gets updates from with AllowUpdat When using WSUS, set **UpdateServiceUrl** to allow the device to check for updates from a WSUS server instead of Windows Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet, usually handheld devices used for task completion, or other Windows IoT devices. -Learn more about [managing updates with Windows Server Update Services (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx) +For more information, see [managing updates with Windows Server Update Services (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx). **Querying the device update status** *Applies to: Personal and corporate devices* -In addition to configuring how Windows 10 Mobile Enterprise obtains updates, the MDM administrator can query devices for Windows 10 Mobile update information so that update status can be checked against a list of approved updates. +In addition to configuring how Windows 10 Mobile Enterprise obtains updates, the MDM administrator can query devices for Windows 10 Mobile update information so that update status can be checked against a list of approved updates: The device update status query provides an overview of: - Installed updates: A list of updates that are installed on the device. @@ -944,7 +945,7 @@ Device Health Attestation (DHA) is another line of defense that is new to Window Windows 10 Mobile makes it easy to integrate with Microsoft Intune or third-party MDM solutions for an overall view of device health and compliance. Using these solutions together, you can detect jailbroken devices, monitor device compliance, generate compliance reports, alert users or administrators to issues, initiate corrective action, and manage conditional access to resources like Office 365 or VPN. -The first version of Device Health Attestation (DHA) was released in June 2015 for Windows 10 devices that supported TPM 2.0 and operated in an enterprise cloud-based topology. In the Windows 10 anniversary release, Device Health Attestation (DHA) capabilities are extended to legacy devices that support TPM 1.2, hybrid, and on-premises environments that have access to the Internet or operate in an air-gapped network. +The first version of DHA was released in June 2015 for Windows 10 devices that supported TPM 2.0 and operated in an enterprise cloud-based topology. In the Windows 10 anniversary release, DHA capabilities are extended to legacy devices that support TPM 1.2, hybrid, and on-premises environments that have access to the Internet or operate in an air-gapped network. The health attestation feature is based on Open Mobile Alliance (OMA) standards. IT managers can use DHA to validate devices that: - Run Windows 10 operating system (mobile phone or PC) @@ -962,23 +963,23 @@ DHA-enabled device management solutions help IT managers create a unified securi - Simply alert the user or the admin to fix the issue > [!NOTE] -> Windows Device Health Attestation Service can be used for conditional access scenarios which may be enabled by Mobile Device Management solutions (e.g.: Microsoft Intune) and other types of management systems (e.g.: SCCM) purchased separately. +> Windows Device Health Attestation Service can be used for conditional access scenarios that may be enabled by Mobile Device Management solutions (such as Microsoft Intune) and other types of management systems (such as SCCM) purchased separately. For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide). -This is a list of attributes that are supported by DHA and can trigger the corrective actions mentioned above. +This is a list of attributes that are supported by DHA and can trigger the corrective actions mentioned above: - **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK). -- **Data Execution Prevention (DEP) enabled** Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy. +- **Data Execution Prevention (DEP) enabled** Specifies whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy. - **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker. -- **Secure Boot enabled** Whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices. -- **Code integrity enabled** Whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity. -- **Safe mode** Whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode. -- **Boot debug enabled** Whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled. -- **OS kernel debugging enabled** Whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled. -- **Test signing enabled** Whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled. +- **Secure Boot enabled** Specifies whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices. +- **Code integrity enabled** Specifies whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity. +- **Safe mode** Specifies whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode. +- **Boot debug enabled** Specifies whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled. +- **OS kernel debugging enabled** Specifies whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled. +- **Test signing enabled** Specifies whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled. - **Boot Manager Version** The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted). - **Code integrity version** Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted). -- **Secure Boot Configuration Policy (SBCP) present** Whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash. +- **Secure Boot Configuration Policy (SBCP) present** Specifies whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash. - **Boot cycle whitelist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published allow list. A device that complies with the allow list is more trustworthy (secure) than a device that is noncompliant. **Example scenario** @@ -997,7 +998,7 @@ Here is what occurs when a smartphone is turned on: *Applies to: Corporate devices with Enterprise edition* -Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (e.g., installed updates). +Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (such as installed updates). The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide: @@ -1038,7 +1039,7 @@ For more information, see [Configure Windows diagnostic data in Your organizatio *Applies to: Personal and corporate devices* The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include: -- **Remote lock** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it, but not immediately (e.g., leaving the device at a customer site). +- **Remote lock** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it, but not immediately (such as leaving the device at a customer site). - **Remote PIN reset** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost and users are able to quickly gain access to their devices. - **Remote ring** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it. - **Remote find** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. Remote find parameters can be configured via phone settings (see table below). The remote find feature returns the most current latitude, longitude, and altitude of the device. @@ -1050,7 +1051,8 @@ The remote assistance features in Windows 10 Mobile help resolve issues that use These remote management features help organizations reduce the IT effort required to manage devices. They also help users quickly regain use of their device should they misplace it or forget the device password. ->**Remote control software** Microsoft does not provide build-in remote control software, but works with partners to deliver these capabilities and services. With version 1607, remote assistant and control applications are available in the Microsoft Store. +> [!NOTE] +> Microsoft does not provide build-in remote control software, but works with partners to deliver these capabilities and services. With version 1607, remote assistant and control applications are available in the Microsoft Store. ## Retire @@ -1072,8 +1074,8 @@ A better option than wiping the entire device is to use Windows Information Prot **Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that also makes the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process. **Settings for personal or corporate device retirement** -- **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system) -- **Allow user to reset phone** Whether users are allowed to use Settings or hardware key combinations to return the device to factory defaults +- **Allow manual MDM unenrollment** Specifies whether users are allowed to delete the workplace account (unenroll the device from the MDM system) +- **Allow user to reset phone** Specifies whether users are allowed to use Settings or hardware key combinations to return the device to factory defaults ## Related topics From 578464dc833a1a5840ae91ca7f4828ddca1280b8 Mon Sep 17 00:00:00 2001 From: Kelly Baker Date: Sat, 11 Jul 2020 18:57:22 -0700 Subject: [PATCH 058/102] Update windows-10-mobile-and-mdm.md --- windows/client-management/windows-10-mobile-and-mdm.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index 98319f2e84..af078bbe87 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -234,7 +234,7 @@ Enforcing what accounts employees can use on a corporate device is important for Email and associated calendar and contacts are the primary apps that users access on their smartphones. Configuring them properly is key to the success of any mobility program. In both corporate and personal device deployment scenarios, these email account settings get deployed immediately after enrollment. Using your corporate MDM system, you can define corporate email account profiles, deploy them to devices, and manage inbox policies. -- Most corporate email systems leverage **Exchange ActiveSync (EAS)**. For more details on configuring EAS email profiles, see the [ActiveSync CSP](https://msdn.microsoft.com/library/windows/hardware/dn920017(v=vs.85).aspx). +- Most corporate email systems leverage **Exchange ActiveSync (EAS)**. For more details on configuring EAS email profiles, see the [Exchange ActiveSync CSP](https://msdn.microsoft.com/library/windows/hardware/dn920017(v=vs.85).aspx). - **Simple Mail Transfer Protocol (SMTP)** email accounts can also be configured with your MDM system. For more detailed information on SMTP email profile configuration, see the [Email CSP](https://msdn.microsoft.com/library/windows/hardware/dn904953(v=vs.85).aspx). Microsoft Intune does not currently support the creation of an SMTP email profile. ### Device Lock restrictions @@ -248,7 +248,7 @@ It’s common practice to protect a device that contains corporate information w To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based. Companion devices must be paired with a Windows 10 PC using Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires the Pro or Enterprise edition of Windows 10. -Most of the device lock restriction policies have been available through ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply: +Most of the device lock restriction policies have been available through Exchange ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply: - **Device Password Enabled** Specifies whether users are required to use a device lock password. - **Allow Simple Device Password** Specifies whether users can use a simple password (for example, 1111 or 1234). @@ -521,7 +521,7 @@ Azure AD authenticated managers have access to Microsoft Store for Business func Microsoft Store for Business supports app distribution under two licensing models: online and offline. The online model (store-managed) is the recommended method, and supports both personal device and corporate device management scenarios. To install online apps, the device must have Internet access at the time of installation. On corporate devices, an employee can be authenticated with an Azure AD account to install online apps. On personal devices, an employee must register their device with Azure AD to be able to install corporate licensed online apps. -Corporate device users can find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system app catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. +Corporate device users can find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system App Catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. Employees with personal devices can install apps licensed by their organization using the Store app on their device. They can use either the Azure AD account or Microsoft Account within the Store app if they wish to purchase personal apps. If you allow employees with corporate devices to add a secondary Microsoft Account (MSA), the Store app on the device provides a unified method for installing personal and corporate apps. From c9661e0b52c6f06b51576a7bf056a7b749048d54 Mon Sep 17 00:00:00 2001 From: Hiroshi Yoshioka <40815708+hyoshioka0128@users.noreply.github.com> Date: Sun, 12 Jul 2020 15:34:48 +0900 Subject: [PATCH 059/102] =?UTF-8?q?Typo=20"\*\*Note:=20\*\*"=E2=86=92"**No?= =?UTF-8?q?te:**"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-object-access --- .../threat-protection/auditing/basic-audit-object-access.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index b6b09ddae8..ba5fc0f8ed 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -41,10 +41,10 @@ You can configure this security setting by opening the appropriate policy under |----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 560 | Access was granted to an already existing object. | | 562 | A handle to an object was closed. | -| 563 | An attempt was made to open an object with the intent to delete it.
\*\*Note: \*\* This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile(). | +| 563 | An attempt was made to open an object with the intent to delete it.
**Note:** This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified in Createfile(). | | 564 | A protected object was deleted. | | 565 | Access was granted to an already existing object type. | -| 567 | A permission associated with a handle was used.
\*\*Note: \*\* A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. | +| 567 | A permission associated with a handle was used.
**Note:** A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. | | 568 | An attempt was made to create a hard link to a file that is being audited. | | 569 | The resource manager in Authorization Manager attempted to create a client context. | | 570 | A client attempted to access an object.
**Note:** An event will be generated for every attempted operation on the object. | From 1c75515cd0b0d769315c968726564a3c4352bae2 Mon Sep 17 00:00:00 2001 From: John Bae Date: Mon, 13 Jul 2020 10:11:26 -0400 Subject: [PATCH 060/102] Update user-driven.md fixed typo in line 134 *downloaded --- windows/deployment/windows-autopilot/user-driven.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index 7786be9c94..7f4087f9a0 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -131,7 +131,7 @@ For VPN configurations that automatically connect, the validation steps may be d To validate the end-to-end process, ensure the needed Windows 10 cumulative update has been installed on Windows 10 1903 or Windows 10 1909. This can be done manually during OOBE by first downloading the latest cumulative from https://catalog.update.microsoft.com and then manually installing it: - Press Shift-F10 to open a command prompt. -- Insert a USB key containing the donwloaded update. +- Insert a USB key containing the downloaded update. - Install the update using the command (substituting the real file name): WUSA.EXE .msu /quiet - Reboot the computer using the command: shutdown.exe /r /t 0 From edb4daf1fcbb3e1f4c0dd4305184a4d8963726bb Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Mon, 13 Jul 2020 09:18:37 -0700 Subject: [PATCH 061/102] pencil edit --- windows/deployment/windows-autopilot/user-driven.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index 7f4087f9a0..2f93c58513 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -101,7 +101,7 @@ The following additional requirements apply for Hybrid Azure AD Join with VPN su - Windows 10 1909 + December 10th Cumulative update (KB4530684, OS build 18363.535) or higher - Windows 10 2004 or later - Enable the new “Skip domain connectivity check” toggle in the Hybrid Azure AD Join Autopilot profile. -- A VPN configuration that can be deployed via Intune that enables the user to manualy establish a VPN connection from the Windows logon screen, or one that automatically establishes a VPN connection as needed. +- A VPN configuration that can be deployed via Intune that enables the user to manually establish a VPN connection from the Windows logon screen, or one that automatically establishes a VPN connection as needed. The specific VPN configuration required depends on the VPN software and authentication being used. For third-party (non-Microsoft) VPN solutions, this typically would involve deploying a Win32 app (containing the VPN client software itself as well as any specific connection information, e.g. VPN endpoint host names) via Intune Management Extensions. Consult your VPN provider's documentation for configuration details specific to that provider. From a508fa42cce47ac6c38f9e2a6d9f7e35c21623a3 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 13 Jul 2020 10:42:48 -0700 Subject: [PATCH 062/102] added link to WUfB blog --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 489cb3373f..8518f5c4af 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -122,7 +122,7 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) enhancements in this release include: - Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy. - Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds. -- Update less: Last year, we [changed update installation policies](https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency/#l2jH7KMkOkfcWdBs.97) for Windows 10 to only target devices running a feature update version that is nearing end of service. As a result, many devices are only updating once a year. To enable all devices to make the most of this policy change, and to prevent confusion, we have removed deferrals from the Windows Update settings **Advanced Options** page starting on Windows 10, version 2004. If you wish to continue leveraging deferrals, you can use local Group Policy (**Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview builds and Feature Updates are received** or **Select when Quality Updates are received**). +- Update less: Last year, we [changed update installation policies](https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency/#l2jH7KMkOkfcWdBs.97) for Windows 10 to only target devices running a feature update version that is nearing end of service. As a result, many devices are only updating once a year. To enable all devices to make the most of this policy change, and to prevent confusion, we have removed deferrals from the Windows Update settings **Advanced Options** page starting on Windows 10, version 2004. If you wish to continue leveraging deferrals, you can use local Group Policy (**Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview builds and Feature Updates are received** or **Select when Quality Updates are received**). For more information about this change, see [Simplified Windows Update settings for end users](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplified-windows-update-settings-for-end-users/ba-p/1497215). ## Virtualization From 070e34e6426c335b5e1d3f33756ca610d079cc8a Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Mon, 13 Jul 2020 11:08:44 -0700 Subject: [PATCH 063/102] Delete desktop.ini --- .../microsoft-defender-atp/images/desktop.ini | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/desktop.ini diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/desktop.ini b/windows/security/threat-protection/microsoft-defender-atp/images/desktop.ini deleted file mode 100644 index c6b68739d7..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/images/desktop.ini +++ /dev/null @@ -1,4 +0,0 @@ -[LocalizedFileNames] -atp-mapping7.png=@atp-mapping7,0 -atp-machine-health-details.PNG=@atp-machine-health-details,0 -email-notification.png=@email-notification,0 From 50a251726098a74202fdc017267aa10430c0a534 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 13 Jul 2020 12:22:45 -0700 Subject: [PATCH 064/102] Update windows/application-management/manage-windows-mixed-reality.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../application-management/manage-windows-mixed-reality.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 35c17cbf6a..934a1dc45e 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -44,8 +44,8 @@ Organizations that use Windows Server Update Services (WSUS) must take action to Add-Package Dism /Online /add-package /packagepath:(path) ``` - >[!NOTE] - >You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab** + > [!NOTE] + > You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab** c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. From 9796bfdf7230db15271c3e50b9b854927c0eb3ea Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jul 2020 12:36:14 -0700 Subject: [PATCH 065/102] device value --- .../images/tvm-device-value-dropdown.png | Bin 0 -> 20191 bytes .../images/tvm-device-value-flyout.png | Bin 0 -> 20689 bytes .../threat-and-vuln-mgt-scenarios.md | 23 ++++++++++++------ 3 files changed, 15 insertions(+), 8 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-dropdown.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-flyout.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-dropdown.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-dropdown.png new file mode 100644 index 0000000000000000000000000000000000000000..2fe843f6ad6601e2c661627cfa596ab06d0102e5 GIT binary patch literal 20191 zcmbTeWmr{T^ezgbAW|xl5=u&UmkQD$-Q6wSpn`OFcXxNEu<353yV-P{iT?i2`Ec(& z&w1_#bZypJbImo!m}9)}JI2QEtE3Rh3)~klFfb@0!U8fdFi#S}arJX}@UQKv`aJj# z@td%+4Gauw=i?7-6cy@Q@Jj?+5s5DdYX~UlczFBjyX`PA?_fj(KFK*I?kzZ}$wBWg zkFjouwmy&%#RaR>xzfGJ%nHq_mCp9kD2euWsZq-{t5alR7_%QJx@pLxFk!PK{ozy+ zt)o1gzVdn9T9yn;PUcPLH>J&s9(o_9x5&R?CU34BkA^uQo2MMRjhhvTt2*@9$j{$< zz5M)qnWPv+9p>-h@eLVl4*1o3uWyuy?7#jV$%?d6JYM!bQS^!AzZ>KZg6UL57yT*< z?^bYC%ORg>cfh;B?j;E#5-@ zGU#^gPM5MtGP$|%q#_3mSE|OFD&%GRwi=!@wahkYIBTMAQ~{wSswKaX&7nVz{+5lk zqsI;Dz5HS%%j#T4(WmEBiFt4CSa_~+3zzrzeQNOdtTOtbYZ#d6kn5m~hlcJOzL*id zdXzDKl|TFb3@{7M!C1i^o)^qn4s&E)Rp*~pH^+uav7kgg@+Io;dMC21Whjge%-Rw> znVD;9;v3j->pme`jpg(Hp>FAKxwrC;xl=tFxU4oZqm>iX*botP-5-qa;Yy8C2@w2) z7ogGH4jm*oxBNp{FFS?ke=s;-EJ+u8+0+o*<%{y=?21qGGuQQ44*!=_<2?413}q+R zQ{DF>KJ$*t>s(vvhrckOhj;;twW2X??omtRQ!ku$Pj%{VQ^-HDPEl;O4i$5sUT{4x zseg*1*l$LN%P#PtuLxxVqL`F%F%b^&*YXJLG#GDg-C`Na;fnB;&gKSu zX7RDoe}l6q;#dH6zS7`LfQGRk1BI_g7xh!(dvcL z0TMy$BZlcND7#arohRQk1|W%h7&Cq!EKwr$5U&?ovOFB6Voigb{IB;&ER*l%Vx)IjZ- zAMh_&lRh}?iU-(OlJ#<+s8eS2>!%r9FbfUNeb=V?ZPckbEV+8v5g6t`@3My9PvFEA zGA}P*s%#Uz>37;~7gVz0wb-oPO2rM}%%K zpX_pItbBPwc>EVa0gM8s$Lmd?F(dHJ|PPl^i7VT|?iTMT1yUBo!O@^K=%3aF`C_1mx^k14}Z zXcjSdMN1+t|6GN>98A3K=2pbFSYFH9{9QE)s zp;c}|xA4@PYXhljYBP!?G<|prZ7Fl#C zb@f$(aujA{4kn*s+KX1^8zcFZnBgiOqWcWlxm+-t*zn1C5Ki;a?R%ue-do-{#uA>U z6!5Z{n|U5oL-(81Ad<+P$|K!@lP{$FR?h7+4rA&?Q(6o2p4LmpvF%bX@aeFuP2X4ES1u zEYIF@gU~VGk;S^9#)NmdhQPl^zKJ|VV~Edd;=ABhm#>Ec@7eZ^Lf>0kp^p?C^&a&G z5_pp$6h+g!GG+*MF=B|cs9!1HJ%~|Q;_%jeEgNpDLDo*Q#6c|>%@vt{jWhml@g#Lw%S2nkwt$F553GH?vw!h35NQ z5XR}>tLCSx`l1g7bnTRC892Z`i2Z{ zTKDj3^)B_ijTi(l#1Q9>;1+z0gEYPjEIF1rRzTCFYW9X1G5dFjtg+(^3( zD5>*R9~f6P5$25*tR$A-xamABY9GeV@v#-1GVr0Hy^Wr3c$iU#KiGoXU^`xVLB3nDHClFv(nC!iqrr%G zbDp~#UKCmsmRs&!VHZk{P(e2rtJ{(-8>23&6iU3BF7ae*7}1@>{221*D-lxMP(c1* z)BB9gj=_>5_q?abF7@RlDj~3eRWb5k;#Vcy45>{w_GpBjOEs|-uRPR|lq~$7?u}|m zkggg-zv>eZ9d6fzh$})>v}%1G+V!O z5Q?pMwQDs5lO_1xVb_GUOM-=uU|U%aJ&=_MWx+}4b%@@gk?LK*-d=;r7}7hk#aqX? z_2|%4N=v*`BG&NyTYrKc&a4ty7>0Hst z)o3?Oo8S4nn46bh&*q7KMIe&Dz)h%I%&xKmn2%pxlQ?%U<$FU${y@V)UApmxj&5sy zmT+aYPaRyGnK1p5y>ll+h+K2=id>b4RKfn;@A`h$Aqtlza`|~KGs4q+rKN@^-lX(W z9Gm=(qIM4r4qBP3#`y=@PrKPfy-S_$9QwuQv?$ZQ+5s!SY8gtC94+=<$mXKvC3K3tAROa%wd8Jy0og6 zcNjbPBer#3um!)Qvnnlw@yW0}SSW%aSc9(R_kr%gS#ZAc`_C&5BbFO5?dXAb6_Ky> zk~m{E8-L&%r8Gmjg9h1mEF(^w@azLZo4*j7CV~HF?7i8`v7+qFh{}q<-LCIB>y0{t zG4;b;VQZ_Dg6tarRW!w~jpPTgF$5n8K-BuLx zT(~gu^50b$eF|kk!6yf=exIE&HQJ?aqpu`;;!C%;mZgv!u4M~F-|R-NN=pfg}IXDzm7r?yZ-kmad&qO}}h< z^C|yurF>Dzfn^OYxU*@$4AAVEW{<6~oelk2GbCPgL%Ep;HQnm;!wzIai6XdFjfG;o&-|9Q_X zMebN#+pWLgMzXANNiRbTfd<2PD?8ju>zSOZdv98}>QYC!opEK$VfP`sD5rdK#d(OB z-e;ma`|ejQ6Sm?7%^Ng_Ni+4#lpa^pS7qd8`5UkHEsPLqmfMI8l_QN0Ih-V(2N@5Y z6|{^#_@Y^&HisF0%a5OOLDn+6exf1cFu2eN1HWkME<4b>f(0#^OF#y}TjTeY|spmUSz2X`$M)IJcI$0?JfF7O`tIv-5HH#v%q(Wqe~{bw;pLjrPG)zGh{Qz$)dP8zG8%%ljVRk_9D> zt8R@quU@AJyNq37PX9RHjvC0QQ$?3!!3^#bj494f>b;7mGfDKO>9$!57-+a8wfOF- z`L)exVu1^lMq4L6sLN!$(c%V|Q+j|!X7fdH#mVZ!arDFzMGr#4%u9MRN?r8TLijX2 zTGh|lLFR0%QghpjTB2hIJVo{w8MtLox0OE*zjOz7F)k9SqSgl&>Q$~#2PU)fOfIdj zoDJiHnD;U{dR>QCW;?9}CN`wMX1kEdslj#I?k!CfaM8AP77Ay&wSV{j#Cu-iwAy4- zHS=+_s*eTxv)sHOnF2$oTx`L8uVFEb<64<@IIG?(yHrFvA%romuTT>RRgAD`ueP}p zQ?pZ{8%;Aeb$t1Y3n5ReMKLnz^aS~?R221)|u{FeFds9pOFQhtyWTDH<=kiD? zZ~C(RH-6<*50UfEP8T9g8{0oGQ?kI@U3}Y${UBMxVzNazY zkU)dmGsq%@NNu72WsI;Ox4{AdAW~(8KF;c63_D--C95y+G2F`F=|7nLkhgJbEq%H% zfcMcc_V{#~9m1Q4FN}huPo#C*mA|;Tx+U~vS=$(My?Pq%d=N33{==sN<}5yFa`e#_ zsV)0a<=rZe*|U@k&K%;6)2mW{x-oj$vE(Zbl#bU(ZuYWnRZu<@m^ z*vh$ESI+8QFi_V_z;0Krki(f*0PP)jo6@d!FLo_;>YdBvshO<$TNo?9!hktpN+o7e zT+^wdoxXwi&s0OZFsf5uZ=2*bi0uk6DpJf$E}RB&HL(N*zITtcuD#daIL(*f^2$No z`&=-KNv|I8eZ88?Is_%K%ti_+Z{jZ3z|1XW`k}aWk)dQ|zOvCFuOuP#Qec*9sVyup zNS4J=)oj%{6 z*GW==a)n;Q7-gJ%i|yCJO=9@;yfw$vrY*JI(R++WEA79Q-Z4)n2;EeXRm+a;M7#_V z+a|rgu|h34<89<9$5+3_wX)PD&pR1Fmvo!^O(;Qub)KSif(1{2KN2m(dC6k?LqIpm z#ov(km*MrBQ=>k+31q@W*K>QPs;n`bhO93vKW~ypGnaf98Dr|GBgb!WF9OtX3ve6f z+VCZE&ifAp2Cgstx*<)ZXn_{Ja471i#|VEUcN;iQQyOsV@zO_-jCvB#10N*Zsy~UH z_(axG4_?Xzc+(2&%8g{U6w_X7J-|*ZLpmSzGb^Styk8b($(GzK{wS2>ahF@qa=W+Y z_L_6u8&lUi`f(C;YqYUm1@*>S^MmaQCu3kL1sr zzekd!mbkCMkws`D{}&dy&!=&p*(Lu%uO*v0X` zM#sd+YG_Cr8&kl0ruBW4^W}Rj8=7~&rxQx`IC5^ZzJvidd2n!0Ti$OgJzvZ8tZw|<3u&hRPM7aND7?M}{(D0>YEKEUG~W{ceiWd2oc8L!8}TxW z*Wdil+W}=$?%(}E^Zx4)kzHuxNuQ1_r#e4Ym#BsY zfz@hHL|B+~&bES`#RTbJ1Nf@cju=228@V?IllV0>G^!wji7Wwe6$Y@OVPV>sTBw8s z9qC^Jj?d4F8G|q&F%jY6YP%;pww&I)mmhb;cZ)1)0YxA{3TO!G(PKRvN@8+)0M`L6E&92p?5gIv!+$knku7>Ja%F5izlUqLow7Um9dEE zWG5@PS77D83uZ|FL>?=5xj3krQ*%FA6H!5^&UU*wuS7K)NaoR0XrM_;OLJ``_4EBL zEaTwOcC^f}1$AC@T(#2?>I}E~^9~0A^-1hAZkO{t?U|GH%!B)%cQ+U4e5TPen}LDI zXU;rRNF@>X12qOWl-%6<aLgqG{FJ{i6zgvwsU!K0a%&oE^~WEOWOY&Ur=YK(%7g<1?E~n;M@Dn&q45T#>}{aAp|Jj zYiiheu}ZN0D1A4=xYtt!+gA*V1#aw8&&wBBE6s8R5YbidvvhXKx< zF8=m-YBT0n%(UVs`m2tG)#L)~FPA9}Sn!{q4V!sOhKO{&EhH4x3?(!6#qSwnSG zrP~t>v$nYz5n1_bdis?przZm1dm_fsH1jxm?ey12K3=vtsi`nc8dAc-4#ju&C`}q6 z8YP>*!-&1SY-?0e)zpqIE;dirA*ky}Q8#6(H5T8GYlr+p6gPZ)e5mx1Uc5*bi=my! zHs&PH7LUu{3$a+JU*6p8xjNk}m^Tor<*GIR8}Wo_R4QAChDy43voc9e!4~S<#M&IH zsZ(>;;3XF7jF(6N)0wc|97+Mx`G^==Z@1gMnc~q6#)IOd6BO5}JVoww|RWO_8^OH~ZiX zE?JKG3ns$joTd#pULYYkozHCgrmzGMdffhSP%N=B(h6O7mmAxKQmb9Q=Bl<-Ji*~{ z7OyhCzPTA|bh25m05)@%xHW_C*fF>F`Wrht4+TU;8FQqPs%PZPw%FV8AY<2JIjTXX? zkUh0qXTOgdL#L_m#IQ-DWPD>H8eFB`U{A_)N)H~yTHsbCj~da5^7c0bvf72UIgUtUj2lg(Sscm0O&vKmyI@c=Ih5Sy=@T2JKENnd zq#)*c8xe^2%9MrC{qhJKI4N1Wlx2Iz=Q<6?g=OAEd4_$u7BY8H^Ry=GT%kyzGk~x) znx3Pf^~}vBfZf>VdqN~10~aL7-~RJizlRmUvUXbMP<&Ud)oP@Zl@)rVD+qO;=c>(N zALC3nz0D+b#a$TK$xf#lg(D%bE^5dppOqdl3+>pHo|9AEiK2|mXKn5GMJiP$e?}3t z^>%or$Nn@m3#0t4N_I+!=Zux#Q@u;u@)lKFp!qyDdoqW^z~s$;W-1yISC@2AZ((#F!$Cl7Z^ z^7CqHTW$$-B`6mBJ($TT>dfyG|6#WF-a!o-ZJAM=`^6dzQ$h=*)*q)+ai#0b5FdDS z+_kY*(l_mOnIh`oeZQ4EG`Dn)H>eDkcoNdm{#kjlZ0_o)EBtm+UoE?Get7sxVH8+6 zgMoNI$s8LM0?wphYuWSw*2v5xS^A2L@=A+!GF72uipk+15uUHu?$ck$*X|eZSbs9K zT=RPEP@AQsA7)AnVw!014|TzX{>!D|AXVPpwmhUw?ON9Me;#M~mx|!Soy)%m(=-}w zt5&?nc*|z?4kQpJ!vUFWr+;aqv8gHQ`?%a`oz9iDejNZP6<3~Uv0M(Qk1iQRSTeqs zH}&@V58Re5r!6ObNn^PZq8`+l2OLZn;xy&v`qtTOmb%|@YN(X9QcJMd1?|n(*%ba< z1v&hG!=Qc>v5Uhw!z!L^vbzC7*N=`$x#g~+qU8hTic)M*W%=9^X8TxU=dq(~6N1^9 zBmfB(_E*T?n9(&wM(Sxe=`+}D4r=dZgwX4skl33o4T20{c2JVw_YcUzO*^Genk$|C zPcOjtAfICTy8{?CH9SoKphHrmZpA@JN;n1cwro7+EF;#5nw4s$4xOzuCYH?>CtYp* zbWp!b%W5&5TF6Gln+%Y{%z4T~`h*ESWkgI27Dy`w?OuM3>>j*+Z&_1Ej0*eQ06G#i zr*1V&*{4?}<@N>(bbhcP2H;h^c>{>l&dYZC^~MeR>&A6_5;yu?ee%@m^YLndalLoRbcDHwT#*2*r;Ya^KYXwnr1wa5%l$mkk zu}H0QDS@Y0*0eCgoTV&=L&d$}v{An~- zO#?C*d}>@a4nLvub9#6m5fN42ApEqah5**EyX{meqm&xg6N}$e06Zaj|LM~wwL0r( zAPlO_KV`MN|31X`5J(}LO}Q-xFzl%+ZxZ< zDFd|jryr^T05w;5I|(v3NJ|D4BGmxVU0z+mc7L=5iN|1I z%uZw>^9}%!D$x!QjX~xsPlqMK zzx@;Ygj#mkX}u5Q_Vza4JREv{ZU9WvpKw8hgw@gwtkI8T8aU{;@GMlnZQt}rbvEkW40B;#2~V}dSwBJ+G zcWyEKmjIx-E}>{64woPhsuV>_96khqgf5DH{QFheyxS1Z(`t)>@^#3-#sXOMf;ReS z@r*)=T^M9S0#Ct=_mq_WAc=#px(@ac5fQO@w)P7z^B@_*N1~SvPDL5Gs?OQF#7&=-w>+Y6An{_3GHZWde=L?lf5hb|`r;=R+86UWt{DL;Sz&jk~d z+X<5)zJYoJ@e_|A16)Butpr$5SweEr0qWx7VrO^orFx)@0|PcP+vYCHV`6gFx{jx& zqf@*W6&3wJO`R!Upn#&rIf5Nmk2Y=U{XiU!``8zhPT&TGSQhdf-4MJZ@*>4yCIR=3 zXEg684A(S4O=*8!@nUA|Ff3y|IER?o=cBep7UKu)xFy{ zD=XtIqFdVkQ90VQzTS(cOg#7}gaiZxy#A(gPi65>KoCI5^Bg!iu~vgeQ`iu3w62TCcd|)YQa*Dgw^GHk*89EQ1BWiAgIEKwhwdkS!s18bYgTFo8@ZQ63af z-%_+aZR-bk$S%}*{ehO2R`j$!m*?M@xH3}~`JU+C3lvKze*_|P8@rCTWp6)3_Xw3t zt!`|17Zgwd=|u*jjPRfAp~s<=TUi;ovZ7O=?;j8lrNS_lV&p2`GptbIBqD-HN=gb8 z2H{d=p*70KPA-$*avjE0f2b)aq^}?Rx_jgjlovwap{?%`IV}@`?gFgIl4{{!g%McW z(6G9^{39oaoPdC!wyw@iV%#35?2REd@k_j$$*YGC;hgffTmc;`wI9o~Nps zniF(VK=MIQ_3Ajh$@U%yMs25$&+)T z_V(MOzo5J5rcL)jA1El=78dXc2?<@@+>+vBDE`dDlR# zx<3m~kqDA)YR3F zkB(Y9Iy&;4;;s#WOi1Nswl4ByklaNH0M1(2=ql}Oq4#xlb#Zrf_4UdU1t!k&9@QtY z7=%NB=zmd}odQlI{q<|>nn*-#gQAp{(Qh)JzLd`6z5g_96m$&vw00X>qN^L=7Iz7)14S5F|i07d9GkYF5d_OqCcN1u9l zc$AlygAkGikYI*T$Y_%bT7}Q}qig87HkRM_sD>Xwq3f+b;P&QfLe4CkAF-C2n%ZiL43IGrQT!u#>Bgy1SVDo7G)5br2zMX@N%dCX>PGT^br^9^T zq9U#b;MIO!G{0cMlBt9&Z923jjiL5mbQJ5r6gp>H3@o$Vw~ej~mZ2l?z zvxKrTVx>wW2Ef^~#A3#c-ojd#yHG)*=~}ko1@A^g0Jj5@b4VY`(I^&2Cf-1f8dUt) zZRQtuGn9Ht%;a8FT$X+cAim}0W!rzr8~_mQs=|MQ#QNzFUxuzvFe_Y5Xy}3K`3$PQ zTaqNOA|_BP^g((Q9X1Im;sz+{*|TSlmZE2^N{GLwnR=#M!TV8A5Po;61ny(T$Rnl% zd?dGR@m0`|e?Xqc+U`fo`3tRuA5>;s?ik;j43Xj*PM-`d&AlK*>uHYHR4M%qx)A}- z_S+hJ{ZtVV6=i0NSo-D)#HqB!GqMFSfLq%mJSV-Wmxt9E=SP2|?@d z>3MwYD>rAV?b#P5=Ia2>`UWJl0*C>Udb#cP>)C2^)2d|freFyAjm|;nk|D> zrc)n2d`J}od#Jx`9ddkn+A%aF#o>K$Fp6|6_z%~Oz%Vabm|;7;4Y@F(Xv@A_i1_x8 zynf_!xM$c?DA>leWQ*n=&W05w5xDz@HU7U*!?@>9{)dgEqMi>HTR%ZadWrJ!$zZ~~ zpE=#pnhjGd>#79rKwfNYMZlMe6oc!+P2~&Sw7Vz|alI9>26ja{Qgg?;8&*b#(T~oL zvbjB)=SEhzs+5x^=dC5HdufQ-_n+dEgTeayY0iDO2KEMAHsk}^LXyyc7b8ls1Q{e! z_;1p~17%uzs{-8PYJ5H~J3!)^PoJX&p&0adC)qk1AlkTHgdSZJNYeOcgQ7!a8op+S zZb(s^$4!>CcsJ>>xmuS`J2hj=@QAxwlfK7kA5UK}|Fbi*E$ipf z{5z>*XXLn8P^+-jRacn~r-;*UaDAfeb_a^}wkBx$E#Fq;&_4hCZqQZ%H#;J9N8y9<4cXaxQmeYhDbgCK~cwX!vCzY%jP2Ke(qh)dKOdbU<2 z_QIrM9JZTOSEEM;am-p=nin0UP~2lzyuBkjH1GC7ezN%i`vN%X*-JfIBvMxc#yZg0 z3A#5?rkN=sk4hDl*>ZG}Day*lqXoTB_JW@T6n)sZ6tamdKMPLo%_hcJ=Z@(fC8sj6 zyy-caReTl&xhTmUNjkF>KV12}cx=*j)-3KyilhGiJfKGqNDZ#gXTwdkncFN?XpE-z>7>+AbKLle~^cxlMV z`-l)?R9htFeh$}@vLv!KJh=5om^No-&U`dLKKn(5#j&)584o)g7+pjg?twzz93Opq z_*!Iw7m`1-|6%?HE&CAWD9dsla`sI0{N9tig}aTvk1;CSUpl#G8$Ia|}R z;`frSF}STkD)Yon5}DygD_X;4=@DJy%+eCkz?0%@-qwI!^ylY8WLH;88ZH)aJT*N1 zBZ>wmX$B00IbW z*$t6H3e7r_KN+(|50TC&%wmjI;~9*XlkgHW`}Y_QX|Fj*b5~h2&1K)k#B|dxPduC% zE~I#JBxCn<8lwg zKg>=`y2Bho8+o0I_-Alr#EU&r8#%)pURBEev{Q5S7uKJdaYBzE@?`Bhzhenq%`ZQK z59d%aZpOxTvWQ{NT4QD|$1Hu)3#wkO4j_~RS)lD9+Cks6LGzE-WnS(cX<7Ynhh7hjT{hu@Gmy(Cyn z&dB59aPD!NUqxx2h2_4OPCd} zf{n4v@B>Jye|ye}{AqW8b0hE^=1N2rlivq7XAM?hF<7qobCkbjBM(^p6&g+dvDZe2 z=&OQUUAoVe{Q;M*3%laCJ)K3zBg(_TebdFPkG}9ERob8Bq~gadO|WK;cNm*#D6%`N z-j+#0vvH2T&hJylvw7kZ?E5(%;EdBrn4&X;AJEYl%sRB$GBoKIUF~}{(2y{T0!AdqdpVPWNGTppfC2%p6oKZdQuAUWt80=3I7(C zs5B`(Cbu!s6O#NlSx*~n2!7R&kZ7XUe0ymaN*IRz-dc-x7sdw*NX=3j^ zq%t4&%z!XuP&~P8YKMc`RKlGskd@sTxaKw#rN;u9a&ai>a7tE1XeV zh8dsJsZHpu2*Khnmw*RIyhIEhU0?~H`^OEbo)5JdO!v(nr#^Js<9EbosbKRi5goBm z{vOE2J~}(|qUsS|XhPEsP3X<8DIPsM)|g*e4{7PH955Ab+Sk_MyjsmUe&YWf<^UhN zw|z=;If;+PKy5So&1TjybX#Ly_0lhB-8@H~Dap?t$zY{HOt{$`UfP_y?plnIuQo_m zxWGgKYAi~B!|qNJ^K%1si&y3IrzM;->ZiAi}wc^xp9`qdCh1T`@)P z5c2x{y{=NeC(Jt%3l3c_0)yq;AAvJ#U-~O?xodkKH11CvpV!xPe|t!k$L^^&^}}{2 zkK=no-&hh9FZ3>T$u@b%B`_=F`egX08}q(#9}`TAjhG|ziG?$otGC;1OBpZiQz?m8 zbB27vhb{*OYkfrB&3A0xPd~PL1}L*ZG3|$N`tI&-7+1FCil1H2DKFa3vdrIj^ICNdAvi9FGx!|k8XM3=r4r)kPyg>dlb6Cm!a3Ghr z@CG{gMytNQp0X+qw6OH00QUvTfapugkS```;yvxQcm-VEKu}^+L$=0vKJr1&<4sSg zIa(>pG2Jw_1&No@yX+E?vDM&51(1@G2vj4oB@#~NEL)_NlzcTxa&mKj@4e!BUC68v z&G!^o1^7=V&{fGK;(^ZL33v#2YHfY}%EmcYuAA{kAOH&RQ&Ev!T#`37@3Hf5lz^Tg zU%|mQ0`+xufUo_isj)gr%*!rpY@9E|lwg+J(UNuJmZ(Y^eWGfLAQQ86)~UMf^2rXNc`eE3Qz3r(eyO_AjA{;w41OR2<~ z7ZVjFEhEzo7>dzMc^2bVC$rSG*`h18rzA8bkFNM>5}TmO<2N9Eap|8CWW#jHp=Y~W z);~>TLxUd6Atdi)+aj`B{?~$pk_U(G*_L{Xbn@;pAxi%n1po;D8g_D@LE1>7e~3s+ zzjAgPSb{Ud#i7BCej0Bl_O~Rq0zZu;etx(#1Vn1%(M-P%_bXb>=Dly%hJ%UPJ;C?_ z0s^t?xlaTvY8tgJWsahk7p zs4QCU?7;${eH0eb#Duq>bNn@7B<(!0+ z^cU#Zh>NPLw^gY&>+OvouY0(^!Ow?cK>uqkBd9VSgC`_Rd5g+fQBiRWgqulK%dV-Z z7((~UPlzxQZcOA-$$>yR1YJK_;0KiY#w&Mk$`lLq*<_f{RV!?R@`0kr=5QLnXdFzk;|ij`zduM3%b@IZd2=%- z;WC~ptst>8ku{bnf)396sqD)xa|6eJ6flX|*w_x5E;LBD3MEdRfff1gFNyIvZDCUR zeNYp*9D>u+iNJWZj>kkzE*A>$PoO&!1%01BWuG}ice2LA!2(8uvTayW5(>5{86%~X!iGar$raOM&V4(r-&-(h81XlCN`~2YSq?8m*b54)zu@t<; zko5ciDXxfr+MLq#P%nrd)bzNE3J-t%)6)}nYr2fMCxr0vOqTIjc4TDaaHa7WZd7ka z2b_n;>C~#SnO;(ScjIQW<~0j~4fgwZq7B*G zzTIE`)q+I^Q}{~8wXUzPK*|!h{Nr!k#uKngIXLlfJf#3eMI1SC5e# zF4q?W>R#l>Tu|Kxw$Y`>7M7CQe0-+)tX!TSH!wOrm;D-$gXObLO%&X>(tP@_rQ)yE z;!m!@b~K*Ik5VR-bP<;r1I|Lq&aSlG5tou8_3axyn1`KFf_awB*6@2!<7;kicD;j6 ziKYzC8ch}|CuI`!P6)Yp&ouENj8m-mBc-6pVpI`)AA4i?bvwDa9IqhRp3Y3^ zcX;Zr18WvZy{TTz>!;Hfs3&qE@YJEX;oGL=jg4woR1_3xrKQ7^TLpuU8^h^@1PFxT zY&X7qZ}OJkc;NkG>_xNBddd!3$Gpb*!@P2tu)--c=+U#_)1WWrH+#O`ul z%SI%b8cRx&ruI<}GjgV(fL_0)W3Ou(8;&><%f(h7u2J@6Sv~48p0Liq zbYBMNF5gO2Xd{fI?w1Q%n6^rSc?OHGr-{S?*i!V z4>L5{3|1*i&*2UzVZpouD#nZv_J5Nw4D75z;P{*Hs^@K7Jq3 zXJ0H(cZF)Mw;%39x-is#YcB~28+b!|=eWOCMY{Nsx#4z18FGA*xcz`8g}D$z&r*Qy z*FEv*`y3*erym+SkLg&;zm38O($0x}!ue=Or0Xfa3+Tq!3Jt|GpXr$5>)RXz->*Lh z;@9Mp)a)DYkqPg=!n_H)nRuPN;9BTCr@`c1(felTKyao9i9roW)G#^AeFn%W-CsFx zltl*>idSc81fxE4dduz@GAFkkwP?zxcsyO`>I+fyc($Hs_DhTnk@eRlG3ffbwaTK? z`l|F{8Pnrf)h6l-H*t1_k?+ni>83)NK@I~p#dK4A7GJD^BZJ=k(soH%(!?TZh0>*b z*nXT-9<@@Ozp`&cMbae$(sYuc3kI|vsi&Vom6ppm_^vT=hkvpWG_}!4dPIc{kt^bC zVR}@3zjR=tg1da1I>#LaRPLl`S}RPtJ$iy&E@GXpK8alCgsiGH>^6j4aw)_@$X}yN zj5Xv>JI7|K;!LorWlwg*kx3`070csJ6g5-V{EstCYo3n>^?GYc7L4|{e(Q3z^E~kQ zKxfMhm0izB@NLUNV#APSs%OqY`rE`UP3m#o^AIFF@kW(|Sxc?8$G!^d9QlXaIdMCoUkU0kfC>Unw82AV5RMqf~En)(cEYBmJz8f2R5UKz>X z=r7wZ-v5?EiiR|oFv@fE9CZ&K2JPa3FteG z-5(?Nz#atZm?_HRKFmNEIrb9<2f2o25>>w+1JQ z<+;8@x}Q9Ow;R|^qWY%l3SZ)p*k;qqR_pDhI7lUy={gtEtyQ+YUz?la;J)J}!=O@p z16xqzr+1h6G*REsJvVWY;z>=yrB&o>+ZW61peCFvsf8@Xo3k_JXn}IruOUCPS(2Y^ z8}Z}R$;s9*Dkw)wT=85EMcytCA2C2$C zH4?7l7QI=s@&!rJJ_c(D44c%G*$bUy;`lN=o`}ORLiWeY921N~ zcS+b2jCVbOtCFNa3wSr{-J)SPZuvXQ_wTu@v^aSr?ig5-a9FPCqL5O!0%@^6iVdaZ zuS(Y@xRHw!2A5gp>^LF^5`DHIc9PGKcmq0szI6XMyu39hKVPDrm2%3?-=1?Iu&B`a zW@&M|wK9eo(xcJ+CF$Wp^Q!{tFlG#woWwGgd-vB@($NocuM%r;)$1&l-H|aizc2UO z>$AkrderANdyQ8m0ICichK!7iI<)lV6TRWkOX7ky-LOiJdoC$gc5erF*bhYeRI;(l zU)Gik=gdXf`~tW1F+xompie1pHq{$6q!Aox6FPRD-TeBNv#y0(gK8TL!<&DpmP@?* z+UqI&aE0ab%mkAKe_>Uep46y&qnj?!$0g@&Tg1rR412eYvtrEhzXHz)F!wb(>$s}9 zxrh&+xSJ2{reWUivo^ARR=-Oslh=la@>&(k>r0LQYVV2RPF}63h0G@PppMCRYT=i| zq^kPZ4jB-s9Lw6~)hL`hV_p+^M>uYl(Vy$>xO4!+j}@QGe!%c6&>GyjJwRESX+{Qy zQ-JnI%8ynAv29~;DcW4I?sg2PilEJ}#^nHrz@>|`YTKR16m+_}y5jEc&ZSG2xPJXQ zB_$=4m6c&I7?eLD{>V%}%v@YtaC38$fKv#ExOFCGS`_chNwt^}&8U8L{3Or3Z1bj9 zcW)aDdE#%U<|{aMF>m}dlV`W8drTIf`(h(=zxa?1kG{!@CnIf-ZoeTdX=x*t%{{ZX zt~07aF4@1-a@F>c#QX_ft7!2(zHKkM(OQ~jrm2p{UwGg?(?;GvUX4NiMf1;YVBJ9M zg^QggZx;X)J7r~Ml$V!Fz$rupb-?NB>M8-J5DqEM9%{S%V-azYv@Yge=3i%iu>^&*bH{|rk) zcCx67KBslb%Rd;%Rz8n??;ub0a8_=fG&S2STaP%hCzyz#A@D;*?eLK_4(B{T)9)&4 zF+E53r>AnDZzQiqpqV4Ji$(nZ_U=EXsVj;D__r-2C2F0hJVAwnIIN-~%R zx&(`h1T$DOe_+sI1n1@;E;t?Pm@uY}O~@jFY>3&yObleqnwhdJiqWA{x;USifhdV_ z3ke$?ZTCmt>$`1VD^M#E&nIc<`_&f6OHaYQ>u^=QP|GZqq;_@5+6s;bq*h`l9c9q^=PnMSA~jrvFj0t!X9HX-`Yw;clsmcLIwr#i9R@JKUu(N; zg;<`hf+;JN`5%V%UNcS|%Va14+_;1ZXBr~dVfFETxNb1pkxL=-#Hn*2Pt1e!rVvnG zgJZna{d`_FWQzbSNP|oPcVW^i41V8~NArS8qzJ>gXpR~h)%YOeO(S;cyk{;2ddD1o)fd0iYRE(mqT*& za^8HX+3ntDwEV&sFO3eO^T0t^rLLQTDE&%gGuuN=rP$RvApSl8?DshIwN|11s^8^P zrp@qfab($FiiREz_l1e14m(Eg44|vA9zFMbE{-)Ik7-oj_e}>p?KdL}k*D|0V~6x! zfefF;A#)bemSte|jyBlF9)8KRsL~?k@P1l2K_^+wXyNW$M+bc_< zNM!!ABNn*s^3PvNcAqCtV1~^{fZu=SpPL~|nqB4TQUyc8PlZC^o}(5K;rU4qde9@n z`@Wdrdzg@!)3+C^m+h52S7*75>+>M4E-Dn7K zI-o+~%Y24WnSzv6KxeP`Ior2pi7N|5s-Ofy>y0@#2PK;|urv#Q#Zg!q&9F53pIZD? zZ7A>Lwxj@CvszFs^dcP_M0?d*@ptktU{8_nKJQ`mp{rucqZqRhI^Qwiklss*(D|5|Y>8xp$#3#e475 zBtsSne$}9EPrxbDCh#ZBf&3*Q3o0JRqIAgTO#N4SQm|PY-yw9$Y!c$lbHB{+=OE;X z#+|D16p;XcvS=GjaR8u1=K2bzz0f$U2Mz~p)UJP{1cm@bJ{t3J)cFRgY7^>?S3>`g z>UX8K1fMlmdiC@SP6h4epPYGS=5!B^Bt_qQ8 z$KwHbj*B_69zGycJm0kGtI_FtJGAeE{ z^m-Fa>y5~a^O<9)-Gr|@W0=pTLUdLkD$6z_SIY&-luiL($n=A$3n#zrhNVwj0#dnf zF;dbE$bH=e#4DMAm0ikGZGvHm#JQoqmmj|I z`;fSndiWZ@yUCNxP#!j7qPGK1>sh!STyh^!Bmgh0fGlSVB38sg9w0p-kI#eSQmeRQ zflv1G#U$^!qDY1;iCKhxmSHQ_eH*_AJ4VRU$}=6sMfrb19=$8|NZZin*)-Jrh{pU! z+&+mAGNb70laR@y3@0Ik5HbyH7L$TcLV}}!lMq4(2@wsU6A~O14G}^JA%u{yqJWbS zLI@#*gcSvxgb+dqAtbD*N}Uiw2qA=o6=gUHA%qY@NLW$8NeCf?5JJN0f1H=1C=UBR Q=Kufz07*qoM6N<$f^;=SFaQ7m literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-flyout.png new file mode 100644 index 0000000000000000000000000000000000000000..be50eefc3ba650e7cd2204ed09ca59c786f733ea GIT binary patch literal 20689 zcmd?Rbx<7L-!C{2!3pl}!QCaeTW}8$+}$lmaCdh?aCbJoMIPuc1^~Z1W1eyj6Ym3?~a(OOK*H2X~ zzvg<5A+v7{$-M+vaP0h+YIf53T0Crr=lD)y$s{3>k&$B}o@^HIAxKC_ay`}ciGjxj z!@$7c;9$!rbPV9xJnKuQ_nQ~%rrwIvu*-_`pe|TA;B8j1dTV+w-dH0~t1nE&wU4lv zKBp_ELme+Oya_m}>cIO=Cl*-B{-;&!Au7^R zb_p2HFhC>53h!<%aeX(QFqZf`IvK`)J>YR@{oBAff|dZF6@RY(pKeMu-`^(w|LCAd zh5VXDj)%ft3+_V)XSmwR@-ehk64||{uJX^9PNw_@9w`wKN8yJESr{j_pzC|u@*dTr6#BUwgboQ+-)v ze=F%U&&C`5`$-2>$4iQJH%5h}yz*P}lXkO~yiY)nytf=9cifu7awp*RZNEDzt&RWU za^NGn@!bW~2ovcMxq1LK+YI#aSE#fJ@_eU)Y4OtZj&1E1%!SikA^j zF7W*#?DcGPv=maj;-^;v8o!EOXjASi$?shx>K7qyTIvqkoAAK1tBeLL48&IgpvCi+ zMlX3j0!vupUBw0KUWGd;%-=zUP)PyeB8)45+NTkI$FKDEZ*7 zS;9U#dK{w_9=nJ#>Fq_C}X3S%*?P z-B*BqIQfuw@}0qm8rszZp&}DsOkSFff9VBf*%J!n{KZAKt@5bC&RK57-~x6y>(0sf zERpE?P6{^6k~^}!*JJebRP8LIX09I=)Y|k2s~g-NU#1NDwNUZpQ~{s=sYmxwqPP_F zD`86QRHznr=;|i#~=Bj4fu)bo$nM@`{milYE^|N zE<bM`e3XVea>{+o(;Bz{5r!--mz`RbBN@Qrd2A z5K0v$n9>BdRL+>6_1t(u+J*JQTkj7Z4eDvJ8$okE4p?XlnIDSUuU29$i3tC0I zJz+pkq_pM#xcvv6>_uNl{dyzrCip;0T9mLy&w9#tr(xrE-rpyDw)%>j@5m=)^ICvY z3>c(UPv{t}nB*rccjjzC8$vFMAv-mD{`HuW{naKo8R8L;wA!`czN@DT6fb_Tj?b^Z9wOVbtyAC39)y zgU4B&k8+arw};Uh&a%>nxERvY61_HjFpI#Tfc4I`mu#bsdgPOTil9XM$P0R{w=Bdw=fcqX9c`3TyX|(LHgS4!PAz{6Z zW59>*DU6evG^E07Jgh<^;PT`}`nlt41L24Dh1 z3o99@GUZd`M;7-2*GShI2#H=hke^vP&jq~E5!x#>OZ6l;;^0~YyrE93$5GDj(J&GP z!WIU6l?|k@c$A{#El< z!y7Oy{NXnP;^q?Uy(bw73H2y@L#4Lhxkr~oDB%+3uVZ|W!nYf99N5R*bgWO6(O_T2 zZ&8b=B7Ma+H2zM8u6tYJr!5W)U!hLCIfH*zL*}_%cqqbt)na;{>Cme189;0m*JgKz zcjM#V6@U8fm(R?;J(cnO-5Yd1zay;OGs`7Xg_WdZCX$ z`RNx|O>}?XrCj{EwBI8b^S(%Um&4qM+tMbKu!rxZw#Z#DU3nc@`8W*w879u@>dtkW zy!Ae^uNk{mEK_^90W0K>yy=^odtt;ZF(>IR*=V5 z9a+1BvK3wPn`imZHTj%}i}@?NE!omR@aT+y;^dc^@fHDUN4TD|BO4>|-7eu+`#DY3 zHx~jElh5bR6{TOcXY*W*b;@XX6sY-wp6?x8jb&hNGFXixMHvlLQx@zne;#yOy`W@y zIAZn91pKD9DT=w@V#24 z!*{0xwzbWTbG-%*Pl)H;Jhy2mg{eUQ9ud(Ay4u)10%muS1-l1vh0w|yz2!gTpCneWgg1puin1%*{K!K}rhW8Buqka$Y z6Hcg)F#-+n4VzthpI&CZ&2!}gpzC}#6L#RF(e`2K$}~cR>A5Cry+X+PP6toSy6H_B zHXkUo<_2wSe`53r;)WxpQdIBsV9rx$L zvn~%O##;Wshb(%#@Nq{9ygh5mi{%jri$h)M$~u?7*@ywl{MOF;mf%;3ya3pub@ObcS_H51Fk@rIQ zlH;(y#m!6y^VyjsbXfRmR)+!)j+{`7R59Eq)88&6nCd_WU?~guFaV|_p<&-ed3~(z z{mUNa2xwm6{a26DN}!g<998}03-#dtLk^k@z)DxIgh^##COk>rojiZlUqGu|o|ecR znF+hJ`j z$P!3CSXbBD?&+1d_88-D=Mwkv(qDMM5xTy{#U=cT;?<5M#+r3E#>M2DUE@2XW{4He zzP7oD+z0`J8N{eeX=$sxDu1Vzl*nqZM%52B`B>9*r>l&ZxN-RjDY9&Fy0?7)_TapG zjL~;42qAp2&_2(QzG^9kh$L-3A0v?>Jze^X>Jta@ueo~?^9_|Ps-^T`ofp+2yZYSg z`5&b~|Du~(GzX*$UdlT{#F!S|vG5Tjws?68UEFvwP#?4)XYKWR7nrGAI>*1rkzlCS zqoykLTupAT%gn@x57#=*X3*5dbRhH z)r^^ALA9gpw#msmxwI&xWjvj4xug&C=(*dIX+WGj-7QBO`m7JnN49Bj`^H zQf?-Meo$y5-$<7qcF1t>2B);>gdXW;B5c#sMlLyVCnIzI9qFN#QoZbj7#{@_7ylX- z2Dt0TVU$sY=o;2|KUaZ(d{|Q?)`T^~wxA|z)Z>zL?~bab3&Nz!kcN|81@w&J#X+f^ z1|yY2;hnK90#j2EPDWB{YoGQGGgDn7RCJjHuC?I)6+s+^J-=R@*aGio8==_zZl=B& zcIvWXExa3v@8I}?fxL13xD$*>53;NVS)8`?r(qXQVw1MID)zn|mFoif68-&ax{5Re zB~m+D)F4MUWp2yr<#}~23W7P;pKg^zSD_0=*A)-ie;U$jgYTFqUdon=q8nnp1-38G zba5@>ZY)x*nTDIdZflJ=P&%IUQBvO#21KlRulDL>zOPl$9yVI^r}N7&m8Ui`NVMt7 z%Vnkzcno-6LZ8JXO*utuP;5V?vbt-hCCcE1pOc{q9C_D*`?%%qd6{L@AdKX6^@1zR z?#7eMtd_M14xCOFXl*WcYM+~lD@yc+@q}w0tGOAN9rY!}X1L=HlE#`Tc2u_))z)Vh zrVB$l)O&j>hswd*J8922>wOyXh+V6xiMVejEPiY`iMT|?+!$qk|4OLExjXH54hxbX zW#GSv6!Q$Lur8A5hQKkfKgQiiwig^F#RT;9Tj2Ot`OPh8E%IBNpX8P;gb;e5_CW|pEq~kGg2ap(Td-f7IwP8=m7(E9}v{HGFdFHqUUQ`Mmgg>>g>V3 zRNLw$I!lIhC~7b4Z@Bov&5k$(2UkZtKFgqI2?-Bx<6(=t#|Z|L{+X$Cc`1J0v1t5) zE&kDW=_$jyH{Aze9}gS`swM&(QH<|)tq&^v49XH2#ijNa)i0<34O3 zuP>=_+U2B`!z1x86+RR%T63q5*V19kB~}*e`S5642Kl>9)|5X<9@<~FAk8+OY#nC(OBx}c6t1YR5y4GOMl>Cxt<|N^Erh@SHpHvKw?%6!k zfn&!Dyf)>|BC{%)^7o#$iFuaBC^Vm944-I+>E!8fOem_pu_g{TB4PdL9Z&gD4c|z> zK;*h~HGAthKxcx}Y3JA=pG%<~)(^cJC6n7h+`!t%GNZr|yAw3lcmwU5@1zOW{v5Yt zsS{|#A4>4nb{<9s^I~!|NXdLN#jApd?MeHmWVe zpLx;tgI7)6^t?hl2Tfa3s5Q4fm=M-&JfUF_U9gz;$3hVUj;aNFxXLox^s~j+H~oI} zgq6(!TTXn*U!1I)kf8$^+4SI)CrO~86qslkNPYc9^-6|@8+h|9SS%b-OP$0nNLbnpiZi}uRuQLaV(YA-;Tp)g^OZix{AGfqkRlTO|5KphyZ zKP8*4@McCW+d?bC`eVu`v#6k95vID?0Ns_~U z4;GPOCEUjg2x?%4d5IreLwrF*I&PV1kk7qAACWiWX@Hu%utJ}VCfL>lR zV~Z-S&-p_Em{jNhb8e2Jt`a_Pj#68sq}kT}IGEA;D~M7_S2js-BURL&EC+Xx_7CM2ou8?rrsFq<)>$GZjTj01ZcTPnp}o8Lt*h|4KBgaW5wp#_Y)`C& z9He10PB&_3sk7#JfOp zq~TBe73U#N(usFf46TpJpK1IQbIjU)!WBW0%zFg|RN#PO{INq3{|br5vFTm-JntKY%TwAmumXojAC+b9XQLbVz+g!>rnq zH@O-%3DuN-xM|;YD}`03AdPB1w!?PxK8)?9iWD%AF$7JP%j(0?ZDDh6WyE#&O3Rlt;WOayR(SUl~}R8BGvaC{d0gQetIvOj z_6_9diI=YGJpP5&#+r8Q@=xc}<0GG&tL%-33+U|8!GLb<95+|U(b9@0lHoUdI?%aM zltt`GYGpiIU6N+S!ACHha^=Dj@_l@r&dp6gUrWO zt0H#yU-RTDlwyn?>w3#$AdX(zzp)9rteeJtdE+Gwf}J38z~=QgGjKY~b@Wg5!*r zc$fGMQfoUh5yqoyI()|1d=Ao{;&umWd$D#x+&mL5N8rFCBy}~CY4aW>-LI-Yo&yzokl8it5+{gz~HfFYp9fWw_yfPUI!0$h_WiYF6zLT zmYGUPtSsJK%}GuzJUOY8-EE^#I;_2<&(SBa`K$JF-JZ(%3`tu`;}##dZbxzrO!`qf zFP@omnI=GS){Ue{(R#`<67o#K>Ul%o)dnf}E>}w}LRzyST{3H%KNn%)=b^g%w9K!EPu&0?KVHnl>&qYqAT}>{IP-l^)1D{${A980d_9Gv{4w^Z$+SNRN*6lDS>XJ4Z16VMEw5lWY3{oY2FX}5@<<%1Tk#l)t*O#lIoW zDBSVLp{hjW<%-x_s5?)Z7|c^F~l zu~i$Fr%<-yCb{-Y%(760+UND;zB+0bzJrZ5rV*Z@I~8^8{vnzY4}ZB~C$^Sycduz$ zn!W0F=QOaEM@LM4Ak&@AfCKkVbIDN6w~?uX(V&LPe6ai%GDoTf@m=`!kYFEtV)8T3 zx4XRAkw!5l<3q!xXO zPw8!&XDFdn_!J{SF#>Rb@QqR)u|5ZLUfF)(-{%=8KNrsrOoOwPQWQp8W%fF?GI}-q zHGahb5R7Ut^2ijrQ^$6(8+$M=Srb0HP)J8taQ~+K}ebq*I1?86J;sbXdoO0h^hOl^ew8c z&-yJhgZywr$`;N05@Bi=ICjbjqzEp{of`Wna#C@utL#VY=c2ACG!lk;;c$L_=Cm0h z)C0Z;cA%ueE{BxfhDB~~?t3%DM`WrRrGcT2bs6ySwd7>L7Pbjn&5)Sz4>Uci4+7dH zRPCJ#gLY+9GX$6>T>ZuraHUilj6B|%q?|gKi5)emUYd2>5j8BbruYhpe8i3<00#d8 z;s0){U%!8s#;dt(Q5A86^hAsZt#k4bxzQ#}-?j=)o~ojggZ6_c6W5A^!O?eVAGzSc z{>e;`ts~A}5Rs~!Q(h?>gq!Xc6&&d>??%K@4(s!w{lgwsUrE}Tz|pE2n4|u42~j$3 z)(0(tBe&wL-fS2Msv3r!e6?i{{TZ62@V?W$2}X9e$nTkRZtJv#uRSnJw$8*Dc>^Fp z`nS`HlJyTJKxW{dEWl9H_hnVYmvxkJF*UIXhpYRVkLVap^_g_{G{udcNwk{RK}A*O zwuZ2x2wAjJdfFr2#A>SV2khMC+JES`Vzo;qb2mU+p9!8JBH7Fn?gU0Q>U))d6LgKko0KieDF!}qMjjWki~J~0 zf9Jnww+Z_CNM@DDF#$8CJ&-7Cikudc`->LW8H)#cecMl|u(>n;^RE*Au{KXziSoY- z^wNd!?7F?W<{9M3ky}%Xb{zNQ^jJ%$H@B7-0=69_@f>9#oRIGdZBz(gjqTfa6f~om zw_M&8ryP>^*2?7Iumyi{ufr=gMTHDaR_(I9uk4a%3g4#b>W|K5 zo1o8!o&xf28uPVZD!O^)cDT#rn}A3u;4Z}S!=BN+DFlWCGDn{klbLe}z`mxY!Ykin z+LOm0Nn|r|*)=Bo_PMinO#Px(L)}|XLn+ca`2{4#MG8eS2S zpsan19^HGH;(9FQ*8Ckn*q_L%hh0dz#~h^Sa771W4~s=NWH>U>psF(FeX$eac)e4O zi6_LT61I{<(Ki@`!-x87$bZ#@D;DO`RdIiWg0igRQFw@=W?S*2tla8VKrggw@ zPc);!%3+{@wWExqeiQkN60D}w$`|S5`^cbR;}s>O`-cp{+MsHA7%rUmw$(!3xjnag zgo0EcJe6q+$s7lvr-Uyt@0XrITb;adZTi1nu`g%8v$4ChY!?l6JH_IWV!Wt%!V#&2 z3Kdx0voqHlmJL;WRaNZ1B#VQT`UP@23H>bO9UyNodPqTo9(NsOsTZbli%87ROSmbw zcau>!j(f5P4l$cD-Q24BZHAN}>3&I;(C6GqhAU%-JK3t{6`EuDA9%a?^LxiZ!>2?H z^b@KABrT@Ll2>-XKQeC(2`7)ZixbVg{b1lEjx!#gMPH>bJDp=pKR!kK5g*|VC%$Bk z#+>sDc6M!WV=+guYhe91Brru=`ETrQR3T5A5kc&(+You^w=3pk#HMNRRb-doYo=2A``JCvGo|xl+_Um%5jl z&+c#Y0+(HGWIy4Q|EnKIF=x}d_>tMI@gU5>=CZ2?&2A!z-bwJ^SkmiqwPYU&BEEYtqGt zw6u4$-R}fK;#zAc`!zMPv6iicD{+l^an1~+h;TprP2v2xW^e68fjiK>pdC)B#u08g z<=%C+<4^Kla=vIwv5xuLfqAsSbg9v5FEGc@x<5xb{0>FT$VbMFtyPe>lZg!6HP^Vi z{-akCk@DjqWoZh7q--8LfdQ5z*K=y^Kt-udB&6LM+mOBc#Jj>FGC8+%2?V``Co*u6 z7q1mk{qxn*{H1AgC950NX4Cd;0WuuTnaVjsVQVKpN5|kqf!k3V7L;8mh?uF7!k1bE{^LRVj}V$H~_ zwCaCrc1~hPo7VpNgcuPHT=Ou)up^%)nO?e{+vh9G%fPE$sH&dY5m73eG!gfTaJ#Y2E`KJC{-%mUQ@#+;f zb2iiv!Qc)<`Cnfs41Sx#%Zq7q77z2SamC8E)Znlc#`&YC)eEiX2RM8h5_Aii+6puK zO2Ng0E^NtIu$1K5nhwnLb>WJEQgK1YM&TRfvw8Ni6P7am@;!$saq(v zJ97Dna(zzRTHYGx4FzWcRB>UX;}SZ`Oiflzd>f!y%D6A)-T(wd`h97RBq*~%3+XD< zv};nds=BCJu54X?%{JV5xew&-`f1jao8KzqmS&)SKzO1VOhaPS9MXtnrcDU|{M}tN zbBgx?@xVx!$)#iwZ6VCSsQN=qVwGqYnpdpBl3UC z;aq%eijvLl`|Z5lVpAbQvTw5l7ueDN!UNf2Q)7EOK%GIX!>^t&nE zBhga)1R;fDu(SN!fi~WW{9~xv$&^m;<9&AR>1KXjW9y~(?Is3tjE?27l2E2*d`8In z9ZR_k3otZ5&!!SsjVWT5wpbA!TWOz*2N)bbkdMtUYp)J3LI?2x1udnfl&M#1$LR(H$!o=%Fk-bL`0m!XqT~2Au!>q%@SXQNK+ViDd z*kUznEjqEgKzX?Mg^U*t;wuVp>h?@M5p}4Af%p)A9AnM<5fPq$3Sm;kLQALnnD`Yi zRxdH^odu81=Wi5?<`tHr5l!%sxwu5s2EQ>klqkJr&R0E#=n7&;qKk zS$}BqaX8?_8B^B_Jpxr1P<~5+i+}&ij&18LRqNFE;9&N}!ZuF&xs#sBWv58JS%aC+ z+6_|fyx~v9!mWa+$T4)5a!I4+@cv<)N(9an&Q7mpE1i{Vk^=1^5Gz~cwHa6o1tgFe z7t+kTPlx+NK+WJ;*M5y?e)UL~1`O)|1WEtbO7dS)rvD!uY$2wm-8*BXeu&emt^g`f z0>2H!gET1yB4Csbh(5TwU%1o)Wvc=c*Q>j9!0+yCw%W0xOEuoA z#6e<@CIe_fN%TrlXse%7kaa!?tIG_&DbR3el7$==x3$fIv z5W^Iwng^AJiLzI7b5DSS4E%69tGOK)xY2nI$Ue4O>~uIOPta~Lb6LrRQk=_%z`SE1cf zoZk3jHFfvLw_-xy1FrtD72`Wq(8c#-MXQ0DA&8lY)a%&z!4blw@B*G&<{wMblKZb$ zY1YN}Bl7GOA5#Ywr~oqm;~Z5`?-+`_@9bVL(NfsR3m4MUsUS{ z2jXHVYN^kh4`F^)=nY%$h>05yCTYJ9NY1|SZLe{Hsj`J0h>@JI6Y2$nsb7XB7zl1k zh0Z6VhQU)O4kLO@ZDK~=UPdxs+%qALue((ur$};#>U#{;UrVmS9AtVrYJ0|ssL_C} zGnaA;gk3a4@5j7~|6v1iBjE-25A}d>zRSE1QH>XN&~W(2S_73bxOg{O*W9`n;y!pS zrA7g=$ZtM~)m_$c1i{jDKnAxUF%j4c`*^FE5QC0%aLOdp~zCPI>Bw;M<9kEeX*yBvTF;J|ktL^SlWv z1kftix49-#d++atoP0=wN^8}zf2{;mm_hETtv<*Gr@!igTj~!R6G;3!Yj+HA_NkO~ z=7zqcRy}O{7$y}TLGSY<@!&AR*Tk&ac_OqP$$-j^j>UX<4SYiXN4=W~ZMC=}$Rfp* zj#OrfM#W5ZvSvi9JrDKq4dhE@JR$K1VpcKvKmLdeg{&RPfPO~TRf!TM!s37RdIFYX z7U%U_UkS322O^o~@4R)U>3h9#ovW>z#n##7+#^G}*4qTwgNW~CqO$%xf4+P**O&=J zpn*~DTT?_)h4+)q62=Y~jSSWuIKq~?%jG+!nJ!(_fZnpgql)kF5>1@GrpnC z^2O|6#Wz1()oyYIEVlmQa1tt`&m*%evg=yeSn5-urys?*-+%fp$>T4$m zE;>CXHtg9cc2aL<)-%QaJKSI=QUre^Uk*~OXr!CqIZA)^Nt^6s4mZxS&3lC&)8vOy zjm$cN_`>wc(>Lpz+He1&hfNh+VcGX<=)Hs=!SN$u#vpsO?~CTyP4Ha6Ak-8xYQyB) zH+c;==9pPui&KncT}V$vL^e^~d)lMA8@EAv>+k>wfq83)Rs4Ze(NQ(yPY}zi&ORr1|a=}>HL6nWzp;DXD4nq7_>4k5xLIO2yWD1kG;OkadGR7SQZ+=bk?P{fXD ziICy)cO^mT_0Ce$MP!57fCFYAdroyv7&5Ue^PQU4b`VOaLH%zC_2tL1D8E;3?PZQB zizq`LhHyYm&H~iChAd*D#7AjZbPUwgBILkf2{NL;ZNu-NC z3R+hF1O+M6eyZ5$M2$fSGH~~Kf95z+Fx>8kzgJ~ zHFrWsa%|S!X%Hxw;;g?^kuieM@>#9CHX$xzkq`*B&wI5sPM5Tbh#WY*QC0`t4dufO z{(PZ;>}Gz7&4RribshOT9tb`ffM=?=BxK<`>qYXCf#zMH z^<+Q&oI0Xh4aCE4uszFrU371Cn?ee~UFS4+fG4FF;sSuf{^#WC599=e`dX+Hu3s?oxizP55w+ncP~tFy!h`DE=cM2?fy8MY&jc|k0phCpCwU~ zkxu6|^5qs!tbdTv3hK81k`A6%{oQ_Y{fboV;PaZ2nTZZZIES=W#wA2*tz(DkYFVZE zD=0523JRM3AYtU|0t}pZ=Yq|wc8K(ff=p5hFV1tFJ4w8tD`o31bN2)%*r0+p8%+}f zou)<-PCrDI^{wE|JRe=uOXejN9G;&oV(oWD=f5*^w4_5VS`HA@oV=}%kg^bZWI3RS zgjtaspI1+#pug*y?$wG|0RE1Cub=kH*DKf&+ESm;4gSJ}F+AK7UX+cpg$nu)K#Gd| zxY^47+6aj-!!k2?Z!&?nP!bU|o_=bS!hOwxij73N+&zPK1F#B2;`%VBhc0SmN%N-vg{ahJA z2AC~#yo%$QOD3qAEM|-;Fbn;jtUMR>0I^r;tYYdTl?KQ+EQ>Pb2tuA+h1Q%rCgM*s z7ohx0@zn=@bV|W@$Qe}Mnt9A;f5{Mhi_rTUP5C_{v|-`kxQvKnM5R|?&&HJ|eTCj% zE#3MJ=<22PbJEH^g$>5f(Yky$*`|bretp-pmf8SUQLb?74sSIxYb>z@0`(=42y|3u z)z`$0?EFSCy8qRtM&OtMtHPA}`6A<^)07nduJs^>+t=X;Url122z^_{ANf>EM)ut1 zV=PMATju2G;&a1728QW+dtt?kj~t4Nb|~ZFWQDo1(3X?FUjUKk%R^HDf!8Gy@6)AH zvOL-9nfuvpUX+#0ul|bb3Aryg{jz;2PwuauqYDMfODnH>t;0&+8F@IOHN4NwH<}s) zSQoiCzBVxvdAggyoQ2Ml*ev!=V>+YC;SBY+G=HruKYts+9cf@dG|?GH6H-itBu+<7 zy1w(V8xfueI(a(=9Y~3>W=XGSTfqJZ``UmYI`hIh0}!k+irRY2>S{ah0x-h)ibxf> z&np|wzbF<&!G!WtRGfH>jHDW7p`r3{z7EdcUpP5K`ireCbc^#*^ZlotzhRVS+0E_S z7!3W>BKwVx*O*YtS-}Q1QX1^!4HY;q#ppw zDMAM7!u-x*y8 zcR&mWwQlz0Kx{(+66$KDg2fVmQQTd1KQ4>2ZpXNCYJE+~fXu7Dhz<>Nha}1y0*HSr(JN~wpqlya`-v)GyN5pA*;wEpd3QWtC)1A8 zbkv;KW$*H9;+FUh934yHT|(Rou-Lv$uv5`xeF)m(wNM|iv(Ij(56onNARZDCnR!1v zEyEryMvEtU_vtJ_ggSCj7F*D#-47@??1m5Y#LW=EM70#9qoGNo2LgZeYaw(bxfW1> zSZWOdq9LhyqK^0|$aC=j#+ncRhMoWWUd&gPd`Qnidg5+8onZ2$GZQu%%CwS}g52z? zg(eQ<&9syHo(3Qf5p&2KSINvwnxd|s%|Ve+ zc_1eW@|bfA1U2nUdnd&NDexiQbM2k>Yn|_E>+7?}cSJ2L;OMm*ZB^F#=x`*vJNIRp z><^@0Ye3@Kpk?b7;2fu6)=o(=6Py#$$S6W#af# zvzSQ6=E)Rkyf=EHq`h+Zx>2B9f_-Luoc69YbFd>ZahpU~J=(nuu;iWg0Au{G0NZ(P zx3%z}Kx^85B4(sVewU$zRC1?tELmAZog{yS_`WRkz3C&15yB-C4|3*3&h_b*H=4B%;#g=R5~uZ%RVqW_Ula?6LGOY{2zj z&u!?ZBQEhX02x-`LITqpk&wr(`v0@OyWf(=47wr#)BcNH- zO)SenxhYjxuXEBQu`-q;-Jo%7to&Fh(?~Po;1ZjvMxMrk9ZPn02Xoqv6bUksp^&(v z8b9^2aUsu?HMG+cjc>Q}_h2$A5S&V7K4X+EDZ+?gkycR3;5A{bsg&ftd~o~^b?c{@ zWPQE1!Rs0}k5*k-^4FERv<(r+N}9`U#bDSN8|#BUsc?;tjyziYdeu(1V2W<%9A1+> zQQa&9&(NS!BDM{o>_37{1@uf?^zoR@UZPEcMpOfwWrA;oh-HQd{T}ME-eb0$inMr3 zhdB;98g^7@T_|pl6V396q*n4O)$oQffgg~Nb)qcw^xZDUz^9iJ^7{NSzTktNyeR(q zK#!X|htA!-bOXXQHaIA%!VL2N$`A%U(>lkgSLyF1N#c&wk}56h_W^QgYeG#2u&*`g zi(2k$_MAIy6et~~PdeTCEyjd@jE+A}=YgM)Y7zdq3C=(ITN z1M6sw0}MPOqW(;|j#jP7EBMdMQ+r6h5DR<*AotT2se}U7!jT_zbgz!s5P$4O&!PO> zvvNI2;%lgH>?cq#haETW20fHwUHK>0<0#93SHvjKJYj##87k{ANqz@9WlSN{rLNNB z^_z_WoR)YVFdA~GBorA0kzN{|R3krvMp&xC3B(S3*OY{s{`I>UNhDNm15Z#=y;zG% zTdeH6GDUU_s8BnK+b9gxSH-|0n2B1GwK62p*j=#`8hZf zYtW~S+Cf(r(hz{6?(!9%MFqHo8HDl9abO$kf6y?X(%sfQJv3VuE!niy5&$|wa8}B& z*^^}E#Bc!Jxi|&O)`KHipm99`@|aWaHF_c(CVh5Y-Ma*S22Cw302l|Be3%4OIT1{x z5M$l%Sp*+U^d8EcuLf_n9dUu?)5m`8sPD|1J)c4(*Ak5bUh!2rKatX z`+oZeFHN;#Ly*3vi~yjHVTxJm9vLv-4wEgfJ3{`|84deO&LfJj8Rt9NEyO0K>Z!XW zF^#Rgox90*Kp-Ub*Z&JZIaZ`4&Zqi%x>isEc2?lXeOy1keV1yKq@7!FUP#9^=fD;v zMbd{SCV-vV8N*JL%vZk8lZ8fOtjc@kO(u!hTuc!h97-~$EiGNMdEw6dqN$l02Cx7BwgX@~-s)9CYtlEGi2)oe_M>aVyzx}5 zb}~so65Fe+J_7LYCQl|VX#}v)Qub=i>P8q+SUx!mX%F(x6poR4QZfwaTTE2Q7h!F` zo;tCqlJkIhE*U4LvwU!q5Vz6<)`$~telm&jJLZ(M7&lF;)~n%6+o}pmjxukY+X~zu zI69lMp^Im*@^rFOZbzMAqq}%T_o=RFMN^&~>s2TlKLpeO0Xy+XOMM#^W?<_o&gACZ zcrb!_+B{&nCDFUs(_AP)2|VPCR88 znkJ;scbVRI8b>RBs~bA%1mVQaKXHwuQeUk%lAxVp6-@-0a~}EnWQXkL;VjvceO4e5 zZC)grj&Px#w0?$)1tU5ZV}@);G&>&<<1pt8F|b66^R@lSM|wjiXYOnXXi+mQg2Y8tf8D26*75Zz z#KAIZaUAQ$o4-pUe&*-y_e#5-+CI4Ig66$}zGD&pMb0|K`@Pp(`KY6k)b~k2K)bFz@5;S^QzQU-rc64+r$f!j)T z_f3;{q@I_?*$r^M(2C%E3CmT&9)SqK|CF`){#k`FyhfD3!r*{<%G*|p>oH7P0`qeM zpfbL%bM@vAj$A0T!_aZ<%;ljXC>Avm(Rj^>>uyGCO|bTiDV>N$HCmg#o6Y<1%kR~c zTZaVTA`-QQh=|$WXr84FgcVFCX>tZnEVjRc zdp6Ftycjym_@^wnoN*VXm3j=fR-CR?15_Mjp%u?-v7IO^zIQ;LR>Qj@37}N}Bj z^bHpI$W}_lGz0v?MB$qU|FB-{NE;H{PZX=(|GZd^FTG|Mf!CRKe~S<7^1zOt0n{&0 zOz>|WW0`YYz`cdhF}`S<@56%&UYS#hQy+FLKub2ESQ384FKl4FJp<}WElS*87+$yc zKjvy6xb4(_jj#YhV5$JB=3Fag;wAD@|w|#$Z-cAmwKWT*YF~ymx#&-&Z9fN zrKD+<3R6OQ5|;jf)F2B#1L-qiLy6KMZwrr&xy@kK}L)Ps&$LV30%liM-%GLify}t1eD)+x?V={d^7oahXBIO||zvq?#k^i}AAkW|vBJQZU@qmEdmd1k9w$(U^% z`)E(+viAv>wUe2j7=#h&i%*oK_lH{HEOrEDIOdn zaZ;!CGXY$F5f7$fnDVuUT?+b|2hM+k-{J9v?nMSU93tB+|wh0{k`RYbj(rAMcXc!m7tTkfHm zuzyov9614_3Z1G#zMO@up2WWtx|?%tAU}~9hr&*^IVN*X`1L}u8Ijk;yq)TrZlM99 zLNv&Gv$DGsSpuVcO17VFsieWcx4GEmx_RGW8@5$!*BkLRfI4Mgkes|8N9Owmg*b`f z>zu?|CTOV(V;aY3rvelu_$V$x_tlurobsjrP=lz?yDsY8`BUTvpPcb}?eqHYuuKNh z4+y+@yM6C#+>t4afliDYo*v2&HoP#Jt{6 zUT)x=QppjS2DdxIrSi-2`Sj5jcg>288udLmQF%l`EXV9d224O~m)$ndoH57a;w^;w z0Z+CfvlBEh_K{@yGU{pHfgo zKe}art?rD|pV#7M58`M4veL+Wj{sObf5q96f!_Q8JV*m#T377Xu977e#nXKf{7UbS zq5Z)Jz^28+LsJA3%qJRCnMm*a>(ne#B|gW|Zn^V9wa0&}*_cn=+SyD!!<;*902H{f z-V>lq;|+fNM)u!cKeky#JnOy z^}|xzl^uLPVGf?jFvPoF5_M5Z9$916lhs%?%KE^JIY5Qw6XEjP_Taw2meZv5OI`Pl zu=-zA7=f={6-{QbAC-LlckfVPXs6z<&_~DJlhG&AB(1Oc;vR%c2}^pM{rf2tlBpY_ z_N$Qddq}V(-DD4yzrRsIKrl>;bi<)ob%lzAr07IYC*Ay@XW*>{| zIkgNtIHC9o$7hrBn9HU)1Lx9d+1%$TnP1&a#kTqlLPe*3sqpe zt~`y0z&9wyYW=q-s^j12dZbjftyI8BBpX!c>x8U~g`>vD3^kmOL}uT0wD>tnKrdWq z$c8$zoC<;{+b-xiP3pvm9aqFyo$16gscE_0Eh@6X*c{^?q4S~ZzmlRLOgs)l1iY+lFE2rl8&!C zG3WBdic$Np$5kes<8Ci}q&jT?0ED=?x6#6yyG^yw#m{~%IjehLXK?U@GO`ubcc_jn z>UnvwcH(GdF=v+EIIJt}b8AfWK9&dz&Lu{mW(C@(8(p&RM|zk&H3W9j;xvA{=D6h2 zHThAb3cv25z_Ri1LoRWfEUdF#Ydqs?qQ+-BTwg+bdC_N{^`MH~tgF|3q%Q=gez#gofy>=%bgHJ7^}$Q}O&)iJATeK(Xx(M!M&F zU3j?T4abfC@$s+9`ovbGW6k!K8S`VZ(=wK_ap+JiU+48>{ri5~ye*ksrR8vg5w_~; zg7m&c&)W`#AuJK?vg?(sbxt+K-izJ7?Lp%_d#p$&tix_Yjj5)0EqAcB_0py3*Yw3uK!N_e>0}Cx#mfnKdbA_hqefK Md-{4*?g~l$8`7s_sQ>@~ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 7084b50423..0f5af6bdf7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -36,7 +36,7 @@ ms.topic: article 3. Enter the following queries: ```kusto -// Search for machines with High active alerts or Critical CVE public exploit +// Search for devices with High active alerts or Critical CVE public exploit DeviceTvmSoftwareInventoryVulnerabilities | join kind=inner(DeviceTvmSoftwareVulnerabilitiesKB) on CveId | where IsExploitAvailable == 1 and CvssScore >= 7 @@ -51,6 +51,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId ``` ## Define a device's value to the organization + Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation, so devices marked as “high value” will receive more weight. Device value options: @@ -59,18 +60,24 @@ Device value options: - Normal (Default) - High -Examples of machines that should be mark as high value: +Examples of devices that should be marked as high value: - Domain controllers, Active Directory -- Internet facing machines -- VIP machines -- Machines hosting internal/external production services +- Internet facing devices +- VIP devices +- Devices hosting internal/external production services ### Set device value -1. Navigate into any machine page -2. Select Machine Value and define a value -3. Review the value in the machine tag area +1. Navigate to any device page, the easiest place is from the device inventory. + +2. Select **Device Value** from three dots next to the actions bar at the top of the page. + ![Example of the device value dropdown.](images/tvm-device-value-dropdown.png) + +

+ +3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device. +![Example of the device value flyout.](images/tvm-device-value-flyout.png) ## Related topics From 062d2454e8643273c6ae95d79407669fdd99a6e9 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 13 Jul 2020 13:59:29 -0700 Subject: [PATCH 066/102] added link to redtiger video --- windows/deployment/windows-autopilot/windows-autopilot.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md index a24ff772a4..cf333e1a55 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot.md +++ b/windows/deployment/windows-autopilot/windows-autopilot.md @@ -48,6 +48,8 @@ The following video shows the process of setting up Windows Autopilot: +This video is also available [here](https://www.microsoft.com/videoplayer/embed/RE4ATOx). + ## Benefits of Windows Autopilot Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach. From d8b1e9f52aa668bc9b559611ad0b0bc06324ed6d Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Jul 2020 13:59:34 -0700 Subject: [PATCH 067/102] Corrected [!NOTE] markup --- .../threat-protection/auditing/basic-audit-object-access.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index ba5fc0f8ed..c3bada3ea8 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -28,7 +28,8 @@ If you define this policy setting, you can specify whether to audit successes, a To set this value to **No auditing**, in the **Properties** dialog box for this policy setting, select the Define these policy settings check box and clear the **Success** and **Failure** check boxes. -> **Note:** You can set a SACL on a file system object using the **Security** tab in that object's **Properties** dialog box. +> [!NOTE] +> You can set a SACL on a file system object using the **Security** tab in that object's **Properties** dialog box. **Default:** No auditing. From f071b4e68835a14d3a07b005d3a0e8f78ef74ca6 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jul 2020 13:59:36 -0700 Subject: [PATCH 068/102] link updates --- .../threat-protection/intelligence/developer-faq.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index 8bf5c9b5f3..d28d6d20d6 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -35,16 +35,16 @@ We encourage all software vendors and developers to read about [how Microsoft id ## Why is Microsoft asking for a copy of my program? -This can help us with our analysis. Participants of the Microsoft Active Protection Service (MAPS) may occasionally receive these requests. The requests will stop once our systems have received and processed the file. +This can help us with our analysis. Participants of the [Microsoft Active Protection Service (MAPS)](https://www.microsoft.com/msrc/mapp) may occasionally receive these requests. The requests will stop once our systems have received and processed the file. ## Why does Microsoft classify my installer as a software bundler? -It contains instructions to offer a program classified as unwanted software. You can review the criteria we use to check applications for behaviors that are considered unwanted. +It contains instructions to offer a program classified as unwanted software. You can review the [criteria](criteria.md) we use to check applications for behaviors that are considered unwanted. ## Why is the Windows Firewall blocking my program? -This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. You can find out more about Windows Firewall from the Microsoft Developer Network. +This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Windows Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security). -## Why does the Windows Defender SmartScreen say my program is not commonly downloaded? +## Why does the Microsoft Defender SmartScreen say my program is not commonly downloaded? -This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. You can find out more from the [SmartScreen website.](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) +This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Microsoft Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) From c820645fe7bad32b4592639b79022abf9eed5238 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Jul 2020 14:07:09 -0700 Subject: [PATCH 069/102] Corrected problems with notes --- ...ng-system-components-to-microsoft-services.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 8b92505fa7..b73606d090 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1550,11 +1550,10 @@ You can control if your settings are synchronized: To turn off Messaging cloud sync: -- Note: There is no Group Policy corresponding to this registry key. +> [!NOTE] +> There is no Group Policy corresponding to this registry key. - -or- - -- Create a REG_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Messaging** and set to a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Messaging** and set to a **value of 0 (zero)**. ### 22. Teredo @@ -1642,7 +1641,8 @@ You can turn off **Malicious Software Reporting Tool (MSRT) diagnostic data**: - Set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to **1**. -**Note:** There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data. +> [!NOTE] +> There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data. You can turn off **Enhanced Notifications** as follows: @@ -1737,11 +1737,11 @@ If you're running Windows 10, version 1607 or later, you need to: > This will only take effect if the policy is applied before the first logon. > If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, > you can **Enable** the **Do not display the lock screen** policy under **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** - + > > Alternatively, you can create a new REG_SZ registry setting named **LockScreenImage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in > **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **1 (one)**. - + > > The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. @@ -1900,7 +1900,7 @@ For China releases of Windows 10 there is one additional Regkey to be set to pre ### Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline -|**Allowed traffic endpoints** | +|Allowed traffic endpoints| | --- | |activation-v2.sls.microsoft.com/*| |crl.microsoft.com/pki/crl/*| From 916f29f16b8c4968f363464ba273e0a3880eae9c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Jul 2020 14:10:17 -0700 Subject: [PATCH 070/102] Changed sub-list to auto numbering and corrected indentation It seems like automatic numbering is the only way to get the correct hanging indentation for second-level list items. --- .../manage-windows-mixed-reality.md | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 934a1dc45e..082fa016f4 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -33,21 +33,22 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD. - a. Download the FOD .cab file for [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). + 1. Download the FOD .cab file for [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). - >[!NOTE] - >You must download the FOD .cab file that matches your operating system version. + > [!NOTE] + > You must download the FOD .cab file that matches your operating system version. - b. Use `Add-Package` to add Windows Mixed Reality FOD to the image. + 1. Use `Add-Package` to add Windows Mixed Reality FOD to the image. - ```powershell - Add-Package - Dism /Online /add-package /packagepath:(path) - ``` - > [!NOTE] - > You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab** + ```powershell + Add-Package + Dism /Online /add-package /packagepath:(path) + ``` + + > [!NOTE] + > You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab** - c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. + 1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. IT admins can also create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx) to allow access to the Windows Mixed Reality FOD. From 3ddd0aa2c7e4d9b75c38e1ca6c2eaf2fcd3f25f6 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Jul 2020 14:39:59 -0700 Subject: [PATCH 071/102] Fixed table headers, experimenting with H4 --- .../client-management/windows-10-mobile-and-mdm.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index af078bbe87..670a77d671 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -69,12 +69,12 @@ The way in which personal and corporate devices are enrolled into an MDM system - -Personal devices -Corporate devices + +Personal devices +Corporate devices -Ownership +Ownership Employee Organization @@ -559,7 +559,7 @@ In addition to controlling which apps are allowed, IT professionals can also imp - **Restrict App to System Volume** Specifies whether app installation is allowed only to the system drive or can be installed on an SD card. - **Start screen layout** An XML blob used to configure the Start screen (for more information, see [Start layout for Windows 10 Mobile](https://msdn.microsoft.com/library/windows/hardware/mt171093(v=vs.85).aspx)). -Find more details on application management options in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#ApplicationManagement_AllowAllTrustedApps) +Find more details on application management options in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#ApplicationManagement_AllowAllTrustedApps). ### Data leak prevention @@ -741,7 +741,7 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au -**Keeping track of updates releases** +#### Keeping track of updates releases *Applies to: Corporate and Personal devices* From e76ca7b5e6009541213cdc197bd4ffe5ea6ee9f6 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 13 Jul 2020 14:54:46 -0700 Subject: [PATCH 072/102] delete .vscode folder --- .vscode/extensions.json | 5 ----- .vscode/settings.json | 8 -------- 2 files changed, 13 deletions(-) delete mode 100644 .vscode/extensions.json delete mode 100644 .vscode/settings.json diff --git a/.vscode/extensions.json b/.vscode/extensions.json deleted file mode 100644 index af02986a5a..0000000000 --- a/.vscode/extensions.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "recommendations": [ - "docsmsft.docs-authoring-pack" - ] -} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 9c0086e560..0000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "cSpell.words": [ - "intune", - "kovter", - "kovter's", - "poshspy" - ] -} \ No newline at end of file From b48c0e4bc36527b64be72c0ab919bdb09a2537c0 Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Mon, 13 Jul 2020 15:07:03 -0700 Subject: [PATCH 073/102] Update microsoft-defender-antivirus-compatibility.md EDR in block mode link was wrong --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 1c06747e7f..cdb56d3bf7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -27,7 +27,7 @@ manager: dansimp Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. - If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode. - If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.) -- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/shadow-protection) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. +- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. ## Antivirus and Microsoft Defender ATP From 1892e2a3a2f04d88de39d9831b95de1638a73b30 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Jul 2020 15:07:53 -0700 Subject: [PATCH 074/102] Changed some bold text to H4s --- .../windows-10-mobile-and-mdm.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index 670a77d671..a87401def5 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -654,7 +654,7 @@ In enterprise IT environments, the need for security and cost control must be ba ### Servicing options -**A streamlined update process** +#### A streamlined update process *Applies to: Corporate and personal devices* @@ -750,7 +750,7 @@ Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on > [!NOTE] > We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback by using the Feedback Hub. -**Windows as a Service** +#### Windows as a Service *Applies to: Corporate and Personal devices* @@ -798,7 +798,7 @@ Update availability depends on what servicing option you choose for the device. -**Enterprise edition** +#### Enterprise edition *Applies to: Corporate devices* @@ -818,7 +818,7 @@ For more information on updating a device to Enterprise edition, see [WindowsLic > [!NOTE] > We recommend using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices. -**Deferring and approving updates with MDM** +#### Deferring and approving updates with MDM *Applies to: Corporate devices with Enterprise edition* @@ -889,7 +889,7 @@ Pause Feature Updates for up to 35 days -**Managing the update experience** +#### Managing the update experience *Applies to: Corporate devices with Enterprise edition* @@ -905,7 +905,7 @@ This can include: In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ActiveHoursEnd) (supported values are 0-23, where 0 is 12am, 1 is 1am, and so on) or on a specific [day of the week](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ScheduledInstallDay) (supported values are 0-7, where 0 is every day, 1 is Sunday, 2 is Monday, and so on). -**Managing the source of updates with MDM** +#### Managing the source of updates with MDM *Applies to: Corporate devices with Enterprise edition* @@ -915,7 +915,7 @@ For more information, see [Windows Update for Business](/windows/deployment/upda IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS). -**Managing Updates with Windows Update Server** +#### Managing Updates with Windows Update Server *Applies to: Corporate devices with Enterprise edition* @@ -923,7 +923,7 @@ When using WSUS, set **UpdateServiceUrl** to allow the device to check for updat For more information, see [managing updates with Windows Server Update Services (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx). -**Querying the device update status** +#### Querying the device update status *Applies to: Personal and corporate devices* @@ -982,7 +982,7 @@ This is a list of attributes that are supported by DHA and can trigger the corre - **Secure Boot Configuration Policy (SBCP) present** Specifies whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash. - **Boot cycle whitelist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published allow list. A device that complies with the allow list is more trustworthy (secure) than a device that is noncompliant. -**Example scenario** +#### Example scenario Windows 10 mobile has protective measures that work together and integrate with Microsoft Intune or third-party Mobile Device Management (MDM) solutions. IT administrators can monitor and verify compliance to ensure corporate resources are protected end-to–end with the security and trust rooted in the physical hardware of the device. From 5ea71cf11f13be96a9a41fd61c11cc75e7fc8d52 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jul 2020 15:54:25 -0700 Subject: [PATCH 075/102] added defender --- .../security/threat-protection/intelligence/developer-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md index d28d6d20d6..e3d47a044c 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.md +++ b/windows/security/threat-protection/intelligence/developer-faq.md @@ -41,7 +41,7 @@ This can help us with our analysis. Participants of the [Microsoft Active Protec It contains instructions to offer a program classified as unwanted software. You can review the [criteria](criteria.md) we use to check applications for behaviors that are considered unwanted. -## Why is the Windows Firewall blocking my program? +## Why is the Windows Defender Firewall blocking my program? This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Windows Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security). From f724cc19ff0a2b6c24cd4a5ffe465f38c4cccb72 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jul 2020 18:04:40 -0700 Subject: [PATCH 076/102] terminology updates --- .../threat-and-vuln-mgt-event-timeline.md | 22 ++--- .../threat-and-vuln-mgt-scenarios.md | 12 +-- .../tvm-exposure-score.md | 4 +- .../microsoft-defender-atp/tvm-remediation.md | 2 +- .../tvm-security-recommendation.md | 4 +- .../tvm-supported-os.md | 2 +- .../microsoft-defender-atp/tvm-weaknesses.md | 2 +- .../microsoft-defender-atp/user-roles.md | 84 +++++++++---------- 8 files changed, 64 insertions(+), 68 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 3c49e66665..e2d4158d0d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -1,5 +1,5 @@ --- -title: Event timeline +title: Event timeline in threat and vulnerability management description: Event timeline is a "risk news feed" which will help you interpret how risk is introduced into the organization and which mitigations happened to reduce it. keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender Advanced Threat Protection search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Event timeline +# Event timeline - threat and vulnerability management **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -33,23 +33,23 @@ Event timeline also tells the story of your [exposure score](tvm-exposure-score. You can access Event timeline mainly through three ways: -- In the Threat & Vulnerability Management navigation menu in the Microsoft Defender Security Center -- Top events card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most machines or critical vulnerabilities) -- Hovering over the Exposure Score graph in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- In the threat and vulnerability management navigation menu in the Microsoft Defender Security Center +- Top events card in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most machines or critical vulnerabilities) +- Hovering over the Exposure Score graph in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) ### Navigation menu -Go to the Threat & Vulnerability Management navigation menu and select **Event timeline** to view impactful events. +Go to the threat and vulnerability management navigation menu and select **Event timeline** to view impactful events. ### Top events card -In the Threat & Vulnerability Management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page. +In the Tthreat and vulnerability management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page. ![Event timeline page](images/tvm-top-events-card.png) ### Exposure score graph -In the Threat & Vulnerability Management dashboard, hover over the Exposure score graph to view top events from that day that impacted your machines. If there are no events, then none will be shown. +In the threat and vulnerability management dashboard, hover over the Exposure score graph to view top events from that day that impacted your machines. If there are no events, then none will be shown. ![Event timeline page](images/tvm-event-timeline-exposure-score400.png) @@ -118,9 +118,9 @@ A full page will appear with all the details of a specific software, including a ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -130,6 +130,6 @@ A full page will appear with all the details of a specific software, including a - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 0f5af6bdf7..7ab41a7658 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -1,6 +1,6 @@ --- -title: Threat & Vulnerability Management scenarios -description: Learn how Threat & Vulnerability Management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats. +title: Scenarios - threat and vulnerability management +description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats. keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Threat & Vulnerability Management scenarios +# Scenarios - threat and vulnerability management **Applies to:** @@ -81,9 +81,9 @@ Examples of devices that should be marked as high value: ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -92,6 +92,6 @@ Examples of devices that should be marked as high value: - [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index b1b2897be8..19805c1e0b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -1,5 +1,5 @@ --- -title: Threat and vulnerability management xxposure score +title: Exposure score in threat and vulnerability management description: The threat and vulnerability management exposure score reflects how vulnerable your organization is to cybersecurity threats. keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender Advanced Threat Protection search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Threat and vulnerability management exposure score +# Exposure score - threat and vulnerability management **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 324c695ff6..a94e2b07c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -1,5 +1,5 @@ --- -title: Threat and vulnerability management remediation and exceptions +title: Remediation activities and exceptions - threat and vulnerability management description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management. keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 1169a50661..a1d0887eda 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -1,6 +1,6 @@ --- -title: Threat and vulnerability management security recommendations -description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value. +title: Security recommendations by threat and vulnerability management +description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value, in threat and vulnerability management. keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 6551d5f13b..3b048f904c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- -# Supported operating systems and platforms for threat and vulnerability management +# Supported operating systems and platforms - threat and vulnerability management **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index dc76e06b79..aa166b9796 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -1,6 +1,6 @@ --- title: Weaknesses found by threat and vulnerability management -description: Microsoft Defender Security Center offers a Weaknesses page, which lists vulnerabilities found in the infected software running in your organization. +description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender ATP threat and vulnerability management capability. keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index 18a1a896b3..d58c080f49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -1,6 +1,6 @@ --- title: Create and manage roles for role-based access control -description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation +description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation in the Microsoft Defender Security Center keywords: user roles, roles, access rbac search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -18,6 +18,7 @@ ms.topic: article --- # Create and manage roles for role-based access control + **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -26,63 +27,58 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] ## Create roles and assign the role to an Azure Active Directory group + The following steps guide you on how to create roles in Microsoft Defender Security Center. It assumes that you have already created Azure Active Directory user groups. 1. In the navigation pane, select **Settings > Roles**. -2. Click **Add role**. +2. Select **Add item**. 3. Enter the role name, description, and permissions you'd like to assign to the role. - - **Role name** - - **Description** - - **Permissions** - - **View data** - Users can view information in the portal. - >[!NOTE] - >To view Threat & Vulnerability Management data, select **Threat and vulnerability management**. - - - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage device tags, and export device timeline. - - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions. - - Security operations - Take response actions - - Approve or dismiss pending remediation actions - - Manage allowed/blocked lists for automation - - Manage allowed/blocked create Indicators +4. Select **Next** to assign the role to an Azure AD Security group. - >[!NOTE] - >To enable your Security operation personnel to choose remediation options and file exceptions, select **Threat and vulnerability management - Remediation handling**, and **Threat and vulnerability management - Exception handling**. - - - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups. +5. Use the filter to select the Azure AD group that you'd like to add to this role to. - > [!NOTE] - > This setting is only available in the Microsoft Defender ATP administrator (default) role. - - - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications. - - - **Live response capabilities** - Users can take basic or advanced live response commands. - - Basic commands allow users to: - - Start a live response session - - Run read only live response commands on a remote device - - Advanced commands allow users to: - - Run basic actions - - Download a file from the remote device - - View a script from the files library - - Run a script on the remote device from the files library take read and write commands. - - For more information on the available commands, see [Investigate devices using Live response](live-response.md). - -4. Click **Next** to assign the role to an Azure AD Security group. - -5. Use the filter to select the Azure AD group that you'd like to add to this role. - -6. Click **Save and close**. +6. **Save and close**. 7. Apply the configuration settings. - > [!IMPORTANT] -> After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created. +> After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created. +### Permission options +- **View data** + - **Security operations** - View all security operations data in the portal + - **Threat and vulnerability management** - View threat and vulnerability management data in the portal + +- **Active remediation actions** + - **Security operations** - Take response actions, approve or dismiss pending remediation actions, manage allowed/blocked lists for automation and indicators + - **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions + - **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities + +- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags. + +- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups. + + > [!NOTE] + > This setting is only available in the Microsoft Defender ATP administrator (default) role. + +- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab. + +- **Live response capabilities** + - **Basic** commands: + - Start a live response session + - Perform read only live response commands on remote device (excluding file copy and execution + - **Advanced** commands: + - Download a file from the remote device + - Upload a file to the remote device + - View a script from the files library + - Execute a script on the remote device from the files library + +For more information on the available commands, see [Investigate devices using Live response](live-response.md). + ## Edit roles 1. Select the role you'd like to edit. @@ -99,7 +95,7 @@ The following steps guide you on how to create roles in Microsoft Defender Secur 2. Click the drop-down button and select **Delete role**. - ## Related topic + - [User basic permissions to access the portal](basic-permissions.md) - [Create and manage device groups](machine-groups.md) From 973b236ed5cb25f1400e72afc500e23b6d39781b Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Tue, 14 Jul 2020 10:57:29 +0300 Subject: [PATCH 077/102] Update edr-in-block-mode.md Feature is not in public preview yet. We need the docs to be consistent: "When EDR in block mode (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items." https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility --- .../microsoft-defender-atp/edr-in-block-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 65f8212bc5..8740ad82d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -29,7 +29,7 @@ ms.collection: When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. > [!NOTE] -> EDR in block mode is currently in preview. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**. +> EDR in block mode is currently in private preview. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**. ## What happens when something is detected? From 0a1fa980ba7227521895077bf46161f57c9bb85c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 14 Jul 2020 11:42:58 -0700 Subject: [PATCH 078/102] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a6be5fa509..94af8d7fe3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -96,7 +96,7 @@ The following sections describe each of the 15 attack surface reduction rules. T |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Not supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | `01443614-cd74-433a-b99e-2ecdc07bfc25` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -191,9 +191,6 @@ This rule prevents scripts from launching potentially malicious downloaded conte Although not common, line-of-business applications sometimes use scripts to download and launch installers. -> [!IMPORTANT] -> File and folder exclusions don't apply to this attack surface reduction rule. - This rule was introduced in: - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) @@ -385,6 +382,9 @@ GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` This rule prevents malware from abusing WMI to attain persistence on a device. +> [!IMPORTANT] +> File and folder exclusions don't apply to this attack surface reduction rule. + Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. This rule was introduced in: From dd702d78a2629145ebaf66efb249f9285f6243c5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 14 Jul 2020 12:00:57 -0700 Subject: [PATCH 079/102] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 94af8d7fe3..9ee5965970 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -31,7 +31,7 @@ Attack surface reduction rules target software behaviors that are often abused b - Running obfuscated or otherwise suspicious scripts - Performing behaviors that apps don't usually initiate during normal day-to-day work -These behaviors are sometimes seen in legitimate applications; however, they are considered risky because they are commonly abused by malware. Attack surface reduction rules can constrain these kinds of risky behaviors and help keep your organization safe. +Such behaviors are sometimes seen in legitimate applications; however, they are considered risky because they are commonly abused by malware. Attack surface reduction rules can constrain these kinds of risky behaviors and help keep your organization safe. Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. From 8be00827bcc78359700da22c2257ed92d317e65b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 Jul 2020 12:18:57 -0700 Subject: [PATCH 080/102] Updates per PR#6578 --- .../mdm/vpnv2-profile-xsd.md | 399 +++++++++--------- 1 file changed, 200 insertions(+), 199 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index eecc7c7075..ecebcd8133 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -1,25 +1,23 @@ --- title: ProfileXML XSD -description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. +description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3 -ms.reviewer: +ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 02/05/2018 +ms.date: 07/14/2020 --- # ProfileXML XSD - -Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. +Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. ## XSD for the VPN profile - ```xml @@ -51,15 +49,15 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + - - - - + + + + @@ -89,7 +87,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + @@ -115,7 +113,13 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + + + + + + + @@ -148,23 +152,25 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - - + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - + @@ -187,16 +193,79 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro ## Native profile example +```xml + + corp.contoso.com + true + false + corp.contoso.com + contoso.com -``` - - - testServer.VPN.com - IKEv2 - - Eap - - + + Helloworld.Com + + HelloServer + + + + + true + + true + This is my Eku + This is my issuer hash + + + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + + + + C:\windows\system32\ping.exe + + + + + hrsite.corporate.contoso.com + 1.2.3.4,5.6.7.8 + 5.5.5.5 + true + + + .corp.contoso.com + 10.10.10.10,20.20.20.20 + 100.100.100.100 + + + + + %ProgramFiles%\Internet Explorer\iexplore.exe + + 6 + 10,20-50,100-200 + 20-50,100-200,300 + 30.30.0.0/16,10.10.10.10-20.20.20.20 + ForceTunnel + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + 3.3.3.3/32,1.1.1.1-2.2.2.2 + + + + testServer.VPN.com + SplitTunnel + IKEv2 + true + + Eap + + 25 @@ -261,178 +330,110 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - - - SplitTunnel - true - - - -
192.168.0.0
- 24 - - -
10.10.0.0
- 16 - - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - - - - C:\windows\system32\ping.exe - - - - - - - %ProgramFiles%\Internet Explorer\iexplore.exe - - 6 - 10,20-50,100-200 - 20-50,100-200,300 - 30.30.0.0/16,10.10.10.10-20.20.20.20 - ForceTunnel - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - 3.3.3.3/32,1.1.1.1-2.2.2.2 - - - - - hrsite.corporate.contoso.com - 1.2.3.4,5.6.7.8 - 5.5.5.5 - true - - - .corp.contoso.com - 10.10.10.10,20.20.20.20 - 100.100.100.100 - - - corp.contoso.com - true - false - corp.contoso.com - contoso.com - - - HelloServer - - Helloworld.Com - - - - true - - true - This is my Eku - This is my issuer hash - - - + + + + + +
192.168.0.0
+ 24 + + +
10.10.0.0
+ 16 + + ``` ## Plug-in profile example - ```xml - - testserver1.contoso.com;testserver2.contoso..com - JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy - true - - -
192.168.0.0
- 24 - - -
10.10.0.0
- 16 - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - - - - %ProgramFiles%\Internet Explorer\iexplore.exe - - - - - %ProgramFiles%\Internet Explorer\iexplore.exe - - 6 - 10,20-50,100-200 - 20-50,100-200,300 - 30.30.0.0/16,10.10.10.10-20.20.20.20 - - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - 3.3.3.3/32,1.1.1.1-2.2.2.2 - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - O:SYG:SYD:(A;;CC;;;AU) - - - - corp.contoso.com - 1.2.3.4,5.6.7.8 - 5.5.5.5 - false - - - corp.contoso.com - 10.10.10.10,20.20.20.20 - 100.100.100.100 - - - true - false - false - false - corp.contoso.com - contoso.com,test.corp.contoso.com - - - HelloServer - - Helloworld.Com - - - - - - - - - - -``` + + true + false + corp.contoso.com + contoso.com,test.corp.contoso.com + false + false -  + + Helloworld.Com + + HelloServer + -  + + + + + + + true + + + + testserver1.contoso.com;testserver2.contoso..com + true + JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + + + + %ProgramFiles%\Internet Explorer\iexplore.exe + + + + corp.contoso.com + 1.2.3.4,5.6.7.8 + 5.5.5.5 + false + + + corp.contoso.com + 10.10.10.10,20.20.20.20 + 100.100.100.100 + + + + %ProgramFiles%\Internet Explorer\iexplore.exe + + 6 + 10,20-50,100-200 + 20-50,100-200,300 + 30.30.0.0/16,10.10.10.10-20.20.20.20 + + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + 3.3.3.3/32,1.1.1.1-2.2.2.2 + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + O:SYG:SYD:(A;;CC;;;AU) + + + +
192.168.0.0
+ 24 + + +
10.10.0.0
+ 16 + + +``` \ No newline at end of file From 8732be053996ed4c7da7f1525759cc6756fe18cb Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Tue, 14 Jul 2020 15:18:55 -0700 Subject: [PATCH 081/102] revisions --- .../credential-guard-manage.md | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 7e98cba59b..c5da818c42 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -8,11 +8,14 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: dulcemontemayor -ms.author: dansimp +ms.author: v-tea manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.reviewer: +ms.custom: +- CI 120967 +- CSSTroubleshooting --- # Manage Windows Defender Credential Guard @@ -154,14 +157,25 @@ DG_Readiness_Tool_v3.6.ps1 -Ready - You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials. - - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: 0x1, 0 - - The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run. + - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: \[**0x0** \| **0x1** \| **0x2**\], **0** + - The first variable: **0x1** or **0x2** means that Windows Defender Credential Guard is configured to run. 0x0 means that it's not configured to run. - The second variable: 0 means it's configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard. - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\] - - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] + - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. + - You can use Windows Powershell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated Powershell window and run the following command: + + ```powershell + (Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning + ``` + + This command generates the following output: + - **0**: Windows Defender Credential Guard is disabled (not running) + - **1**: Windows Defender Credential Guard is enabled (running) + > [!NOTE] + > Checking the task list or Task Manager to see if LSAISO.exe is running is not a recommended method for determining whether Windows Defender Credential Guard is running. ## Disable Windows Defender Credential Guard From 0fa7fcc49950ef80d359c5108ccc0e458535a9b6 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Tue, 14 Jul 2020 15:27:46 -0700 Subject: [PATCH 082/102] edit --- .../credential-guard/credential-guard-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index c5da818c42..c28c0a5c73 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -235,7 +235,7 @@ You can also disable Windows Defender Credential Guard by using the [HVCI and Wi ``` DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot ``` -> [!IMPORTANT] +> [!IMPORTANT] > When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. > This is a known issue. From 34b3e113518de946f6bd68d4e962de8ae1fa0bef Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Tue, 14 Jul 2020 15:55:27 -0700 Subject: [PATCH 083/102] Update credential-guard-manage.md Edits --- .../credential-guard/credential-guard-manage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index c28c0a5c73..b4bbe78a9d 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -158,13 +158,13 @@ DG_Readiness_Tool_v3.6.ps1 -Ready - You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials. - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: \[**0x0** \| **0x1** \| **0x2**\], **0** - - The first variable: **0x1** or **0x2** means that Windows Defender Credential Guard is configured to run. 0x0 means that it's not configured to run. - - The second variable: 0 means it's configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. + - The first variable: **0x1** or **0x2** means that Windows Defender Credential Guard is configured to run. **0x0** means that it's not configured to run. + - The second variable: **0** means that it's configured to run in protect mode. **1** means that it's configured to run in test mode. This variable should always be **0**. - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard. - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\] - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: **0x0**. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: **0x1**. TPM PCR mask: **0x0**. - You can use Windows Powershell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated Powershell window and run the following command: ```powershell From 3248954b9fa956d2aa4beebe01089e6a8e3d67fd Mon Sep 17 00:00:00 2001 From: Luqman Aden Date: Tue, 14 Jul 2020 10:31:02 -0700 Subject: [PATCH 084/102] VPNProfile XSD: Add missing elements. --- windows/client-management/mdm/vpnv2-profile-xsd.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index ecebcd8133..c0e32c95b7 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -14,7 +14,7 @@ ms.date: 07/14/2020 # ProfileXML XSD -Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. +Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent::AddProfileFromXmlAsync for Windows 10 and some profile examples. ## XSD for the VPN profile @@ -25,6 +25,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -34,6 +35,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -107,6 +109,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -127,6 +130,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -138,6 +142,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -155,7 +160,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof - + @@ -176,12 +181,13 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof - + + From c060703ab83c10ca3df575a1778790798a504d4e Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Wed, 15 Jul 2020 14:03:09 -0700 Subject: [PATCH 085/102] Update update-csp.md Updating to be more specific on the functionality no longer recommended. --- windows/client-management/mdm/update-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 1d4d3a7e86..310b0192c6 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -17,7 +17,7 @@ ms.date: 02/23/2018 The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. > [!Note] -> All aspects of the Update CSP aside from Rollback are not recommended for managing desktop devices. To manage desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation. Rollback can be used for desktop devices on 1803 and above. +> The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. The following diagram shows the Update configuration service provider in tree format. From 10f3bbe0453f35d102372de9dfc54d6df4461fac Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Wed, 15 Jul 2020 14:10:00 -0700 Subject: [PATCH 086/102] Update policy-csp-update.md Updating to show the Require Update Approval policy is meant only to be used on Mobile device. --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 7fd2c3cd5a..1648a29310 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3256,7 +3256,7 @@ The following list shows the supported values: > [!NOTE] -> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. +> This policy is **only** recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. From 2c20c40617114bc24b0af6f360d45c45e257af0f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 15 Jul 2020 15:47:20 -0700 Subject: [PATCH 087/102] Update enable-exploit-protection.md --- .../enable-exploit-protection.md | 36 ++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index b0cad379e8..2251cef5dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -108,13 +108,18 @@ The result will be that DEP will be enabled for *test.exe*. DEP will not be enab ## Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. + 2. Click **Device configuration** > **Profiles** > **Create profile**. -3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. - ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) + +3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
+ ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
+ 4. Click **Configure** > **Windows Defender Exploit Guard** > **Exploit protection**. -5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings: - ![Enable network protection in Intune](../images/enable-ep-intune.png) + +5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings:
![Enable network protection in Intune](../images/enable-ep-intune.png)
+ 6. Click **OK** to save each open blade and click **Create**. + 7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. ## MDM @@ -124,19 +129,26 @@ Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt ## Microsoft Endpoint Configuration Manager 1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. -1. Click **Home** > **Create Exploit Guard Policy**. -1. Enter a name and a description, click **Exploit protection**, and click **Next**. -1. Browse to the location of the exploit protection XML file and click **Next**. -1. Review the settings and click **Next** to create the policy. -1. After the policy is created, click **Close**. + +2. Click **Home** > **Create Exploit Guard Policy**. + +3. Enter a name and a description, click **Exploit protection**, and click **Next**. + +4. Browse to the location of the exploit protection XML file and click **Next**. + +5. Review the settings and click **Next** to create the policy. + +6. After the policy is created, click **Close**. ## Group Policy 1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. -1. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. -2. Expand the tree to **Windows components** > **Windows Defender Exploit Guard** > **Exploit Protection** > **Use a common set of exploit protection settings**. -3. Click **Enabled** and type the location of the [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) and click **OK**. +2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. + +3. Expand the tree to **Windows components** > **Windows Defender Exploit Guard** > **Exploit Protection** > **Use a common set of exploit protection settings**. + +4. Click **Enabled** and type the location of the [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) and click **OK**. ## PowerShell From ded649eb13b5f7fe264c66d0dc554e2293c296f6 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 15 Jul 2020 16:04:29 -0700 Subject: [PATCH 088/102] update to message to reflect reality --- .../microsoft-defender-atp/tvm-security-recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index a1d0887eda..3555d2490e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -94,7 +94,7 @@ From the flyout, you can do any of the following: - [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet. >[!NOTE] ->When a change is made on a device, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center. +>When a change is made on a device, it typically takes two hours for the data to be reflected in the Microsoft Defender Security Center. However, it may sometimes take longer. ### Investigate changes in machine exposure or impact From 64c887ca3fcc89ef0e153a1d5cf7b4f9c09c60ed Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Thu, 16 Jul 2020 03:31:42 +0300 Subject: [PATCH 089/102] Add self.events.data.microsoft.com Updating endpoints under Office --- windows/privacy/manage-windows-2004-endpoints.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md index 73e8c9e0fd..14db2c3cc4 100644 --- a/windows/privacy/manage-windows-2004-endpoints.md +++ b/windows/privacy/manage-windows-2004-endpoints.md @@ -85,6 +85,7 @@ The following methodology was used to derive these network endpoints: |||HTTPS|*ow1.res.office365.com| |||HTTPS|office.com| |||HTTPS|blobs.officehome.msocdn.com| +|||HTTPS|self.events.data.microsoft.com| |OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)| |||TLSv1.2|*g.live.com| |||TLSv1.2|oneclient.sfx.ms| From 4003b939958259bf8381acf565604329f8e5d5a2 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 15 Jul 2020 20:03:09 -0700 Subject: [PATCH 090/102] changes to incident naming --- .../images/atp-incident-details-updated.png | Bin 0 -> 52540 bytes .../images/atp-incidents-mgt-pane-updated.png | Bin 0 -> 105001 bytes .../microsoft-defender-atp/manage-incidents.md | 14 +++++++++++--- .../view-incidents-queue.md | 11 +++++++++++ 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png new file mode 100644 index 0000000000000000000000000000000000000000..0e2d2fd92948b04e667641ed8b7af1c370b615de GIT binary patch literal 52540 zcmdSAXH-*L699@=1r-4WK?Nx)f`W(&A@m|r1OiC!h)4@frH2v)X(FH^Es-vrgc>^J zQUn31Aqg#s2uKM5DIpLDJigC+^?U36dB0vcYb9Cdob0`4&&-}av4;9uY^QinF)=Z* zJI6W*RXWrsgUe2ld2F(C&oEgs$+b5R4SF)>vpvhFz?KfFKr zRNK;riHW`QKc6GX;_Q5f4_SO4fHYWUnU9=3$DYe!G|R;Fwe`V$HIqQQWdh4bZY<$o zZS}7>ZPQNX6Jj^TdG$u`YpC8}X5|fi%yQ%L<(O-qqt4i#j-fnwthRr_{P;2V(~3G} z=eUo7?&m%9w=}eL<0*@|PEkRpOVI{At;d|k*Mrb@c~UMv^w9y58!hu6%bJ^;J^wlc zR%Jjm`4wBfsB_IyrW|d8hF4l$)&Y`wl{|lDlcob z+T<;^jN@7Gp7(ox4Qnv1((T@9i5~8VL_X4Teg0-(Rg&QI>~lxwDt_G0K7Yhalls-Pf z7LciCt`RD$T8PjcecNXfJ@Ok{E~sau)<%yJd%&j%6)wPir^r}z^NIsw+I$y06CPqa zyee!9nb#F#_d3U@cg|dC+%sPa_`whHnrWra&CwPIr>_6O2lDx@w#{ziN|WFF{f678 z&-Cxh|M)89H}MeBvc_gb!+Ch89~1&{%s%4X9)u^McM{SiLiZ(=ATvT#`3d@zf=O+Y-pkr0t@8 z+k5p}j4Btu`4}le*zwRK#C4B{Mi}IrEPI_d{%cL_wMKIDqZX~xf!Yq@g>YqvCC%1H zzwDq5*`klrs2jw9fzV(R{j}{^;x@EysnxRl^I!Kd`)N{sKNhum(8f3k-0}nB-Et`B z*JJ-~RyDcglTc;r5^!_B&On^Pb*@udWuAk+LGADjoN-Cr}IMh-XCI;S?S?&$}{Dx12peby0`D{vfsqPCdqAT+j_Hmx^VF= zh`gC^Ez&Xw2wuL(E4%cJyH?f=-LS?Jze{MCXj<^H4a1(hrj_7~c^~b&xPvG6V1vn< zq@X@hU_PC{UQ1a#*C!M$aijuqR`g!G$i&iYX)_gqnF;eTdCGRGaOu4d zw3LN332KpS9fk)WqV}32Pm%VuNfUdginP-#Na%-KIDsCZPMi-l8vSPEb2M;m;Hiy& z3!VPGy0`V=zZhXMgz22(q#5r>g>GfodOxyc5%zSkr~K*w|?Vx!h=SypNqt1AHedK)@J)bW*X;~ zS0aUti{=h}t8Bw)uo4`@B_B(;;Gfy(R6aB*Znb3I9bo2&uE~+F_00Ek-`XntgEGHE zA-9~(u40)}$2zg-LXhY>C9UF8G2l8MU!!8@B8aj)uw2iuC;qJO*i3?=i}4C|<_Y#j z4<=5J%ta`OPl8}(N|0hW?SNa{yc@jFJpe;CsMHRP18vHc5jGC#A&B!XipW8}%xrP! zq*kn?XTI|J)7Z0KVw==BDeCNe24HqCsm8#!yLoOmGo%FOoVdD;1x{3?vXj@n zCBhhw;J;O$DtAeZGG~*&f~j|_tbK!MR^b+M8Qy&hFUQ5>PFcRg`;>Yb|HO$kBW&p% zWG3>seEwkNNe9bFMp<5C{csvj6Z1TxgfzWqhZ?+sR@M|iTc{e*L+iW;gJT21eepq#@WpF5m%^bYG%DmXs zQ*HXwZ@iEMn$t4d zlCnnXWe4r2JFaP60}w0=X0BWM&tGn&O~d_gFWooWGtAvo%QKgtGkNp?IoRcXVcsh# z<(h?yCB{)91ve5sN6HUj!0LDu*=J(x22a0^jscHZL+hVP_QTAIr1V!-PW`XCkkmF2 zrJ~E4_JihqzzW|JL3}d zCr{fQKmxpwPdv}sA;X@E?W1GM6`=~#Cd(j$D zc5nc8I4&k?cJuz}*)6mUVLzxaleBs_UfI*2>0yoZLE_q(hrvrV&#oqKEXyhpcXTq6 zjFh;39~uR#Ys|4m{&;cU;PQq>$a~+O57wi!XzaT)Yscanywj`{W%Ls-{bXSyqa53- zM=YTU#9DM_c>u{z!>Ja{UbE@57Ob;^8}fi1c=!9w}rf^ABOIWf#~((_8k<&l9U394$~Ot8@u?7(Ii;Mi}gwfwG$Q zfVY%1>g-8c+&wvBCFGO1#2GEfPpIIK0;#F}?qas1!Cu2A)wmH#=e+hL7M|itXBg~+ z3TUE~OHvcOuJ^Z)%VGSieIHjz*jX(*Kdwm^5<@=lfMG@k9>e4e;*p>!mDP!w@kw4E zf@wVO@oRGr-7e=kg35{e!Ha|EiFty9(EG;S8Hg<3h2m0Cl^l}HZWHp0_-Idnjs17!^I7;eJ~Z7Vr=v4m-_}2wqR_cFO|4V{;;ZdwF1BFcplT3)EY&iV{j5UM)}=o5cVWwP1xP@1L90s0rY@VpgV4bAErGzq0$Zw-cYja2r){yar;5)cZ{Ds8 z6p3>olyxH)XHq7W#|e_76mx;{P@H1%q*em{YUxsGx_Krhw1S3qj#9h6vXk4(>2i|`t@<}b%xO@fwYVrMjeOM;^6 zs`d5t+PV4p()#)_?%&Uuiu$_VT&&Im|Bpvg)N_LK&mTSsY5%s3nBIm9{c)gFPlezA zeIA%@{J%8lOK)G_WJ*?6d3g9==Es=)y1UrO*rI2~!2fus|GmCa>PY(W{{w3A|4X3$ zUomNtD?#6+%<%@%&{(HUGFWPz&97m{Gd{#2UYRh<^A8mauRfWZoAc}&95h!`dnx|c zi$=$pC@Ofgz8F67P#L%Iu9TV$7eg1oWcJTceT`MAD782N$)RsfY`%MkAm5m8ed!m5RCyOOZDby`N-l?fQO~Oi^Y@1;_Z^y)**FouV+rb1~T0}d9RaAzTtq# z`>nTx_t1wPy(^ixS|C8U+OZwv#V)2XENwd)+HB{a6r18kk0ki&!i>G}bGdGP;U}T| z>VTH(X=U6gNW4!lz;uwal(*J!FoJiffjg^daa|lHGul)xm2pr7E3|H=X*QBgl7y#> z72Y1Cx6l7_-BpthwP>{Kf|`Qlz*X&IFEZL;H$!bbHCqe6t%a;_Zk=dnZxbt%@2(R91U#eTY$*CmT!0Eygtz^?^e|$CClAs`7bt9cZ8#2+~5Z# zcMrn{hT>!Ddk?K-LZ0^?J($r<7=7k-Y0Loz7I|#t zepo+SgWCsQ+5m2q@Kfm<%%xe9g?h zuyE?`Pxz=WD0AYip>7{onjO0twB{7<%oPDkXmig6=|lnEUfE#$;D}g%v@`odA#bDk z@`z0?=}A72-xCJ#s2$D%(k~YOv||I^;=r5U^GS{EZ_%XPpr#q)xs<|I14&OmbAPYp zTZzV|#d%)6KIr?kXE$jJrsvZ=V@uM)NJAUcVI|9>CZb{V_{`nEL50-F%wU>U##n1I z{8m=#dF8w?+m>=&rKS@5X%B|@H1Y0(`7VX7&G|dc0TJfuoxwL2KQ{2jOKPP)kcGxh zf|N;jdREb2RVXE&fBO-Y%sFET~u@4Mu4`uxn%rQx4c7L2B z?Ou}{O?z^3*KkRWDoioh3;D1X@+&GbdK+6T@;K&D`uW2c9|D}T{GJ*YW9BMKEFv2y zqZ6P4CyqJEdUO76O_&lTusljcu~~Aovv>q0bI_)n9~*(q+r8&UP0cEsZWwe0kErij z=5_4MjC$j)d+)&W$y4;*Aad|sUe(jMkHjRxRtr^vFL~@-E{z^(8-Z_?-#W*w-#pHN zea@`-%|M)Hr1Y)7iS(E8YM@s}T3+RTqsI=?>srqbH-}FR_|DL~?;QQRW##?#Z&qBm z_IY6Z2@390PJ8|SxP#93+mIA^di!M8!WA~?kmpRBT9p?wMxc695dEVVt-`wb_s=Ww z`X^$WDTB|tlT=ja{iy>pAMsrGK1EhP2kd>-*=HE}^RcaBRe>rkCb}|>Rmb2pv+0is zQyvCvD!HxV;vAE!#!uvO0iX$NQ-TjMh8S0j2M0Fk&EI)<+(|u;_C7!|U~`4>D!BTm z9SBQp3t4S>M<$d`@1=HYmG?Yh`#NOsWSH;s5`WV`ZNiOMwcw~-()O-wVIuVO{@%;a zu(Y+z^{>_!G%vgAyjsVzJ2AHDagFK(@XPy>d6OJ@2*xaL5Wd zB-idaxHrh{hh2%(V@cW%`}qthVDf`A1;Xr(l&L4@I7bP(0ALlez95Kc&rw2jJz`S`SmlwJNm7rVG~4SPFp_EKA&DTn{yJwu~!A zzajFo6-5MNX=_t7;M2Km^S%V9?UV_ypW&wTLL! zy_V-+4u!Dba-Q7zV`QBor4-?u2ilX)7rDn{7so^dh|6cp;O-x1!FN(d^&II8w^ILW z%t$q+OHq%*HnN9RON^XKH*QdT8Fg81-{ICa=`I*C(8nfAeAdK+48De{=O@FZODj{K z@?Ql^jSxvrRYsp98^Eb1akmTO1EP8Zy#;{JUv~9Utc@r`_s!q~6tw%P8jq1x#~x0& zP&_UMghumYRiIUn!Ah$yc0tdj@)EE=L$YZe==8DoFfR5d#OU`DNprD_%E5cI7XgF_ z3QLFK>V1)ezklifY&zW{Pph@?=c2A3`&qU_?PwB9<-NV`hk6DTT2Aap&+}}oaX<;2 zHZ#17_Qy!QHp|v=zHCpArpQ%&eG*+=Aq8}`yPH#M7k2!f1S=PVdQ8ox@%FGcXH}qK zNHFfJ)5UzYq&?M|D$6w2-Sfxf(%U<~PMh^yHXe8vYSWK#-N;tZ(ajjk&&jl2Yk+Uv zv@M_C0wcLNd@*x#;OZ{809zEx6%?}+iIjiia*TvljK}mxv;j|5J{ygV8u25QmQ1)M_f>QP@el@PU9N{Q>ZwnsB|>HXDC zdrn8PdntvLGl?T5YY4xWKx*FZ%+o13+vdCClAf~n^Hr{Jz-DV&ciyWPrFOG$&?9c& zs5H1o7MGZ?nPqo!C|toJu8r1^fl>+_W>tE!_u)WOW@K@uk%TAPVw1+Bq9|;dyy4#}o;7=@+Tu#^0AbT|yLPHzSa~ zug!vVHSYzhT=JXAKeZBPX?*p_T(hW7(Qukg#PDBFfUsxK7RQ8R(L7%ZxWY2Gml@NV z#>q7t`5SN~XkqthW`I)5E|GZjL6+k`XdDKv@|f+O86N#A^o)$}rSD^fWNW53+>@#O z9cqU4ZjmY^L60f%>Y&;;f?`O;I~F`l{;yZ1zcQZHH|si@n>~Oee87Gs%MJrT3sJ=s zo2RqD#gEO*ON)sT1N4_B zPvESkTfDKw^UKa|j}}9PQ*`y=uNc+t&!J=9HtTnqoDK8lpDuhW5e2K(Ay z|D4iagZ9LFSvD_P9JK0ej1M*1&MMm8wr&wTy_@ppAnmg2dd;WM>qmDL`QThZjO*OH zH=1Yy+Vo50;ZRrMr@#EAqLZzdWP_0MnSmt}g!=uY9%4aklJOTnauIzhGj{lzppsMCe(E3#2I!$ar(+tmy!KUfe*U=@i`= zwbBSp_F{Or-_9Ty;`a?)Y@b==J>vbfjw;IhYWRH>)je={&AyxYd)G;%(%$9LwaN+S z%a8qch4iEyFa@}CO96vVY@*lj)wECFs7y<5N)Yc(n6#vJ2VfQ~jaGj4tce)^VOagLUQ_);?YnXNEb>Oe)WF%y}jFrm8cnqOB(-zFsu_=nK9ZmHul(hu^B6rhWiUe7tdsC#n9V+hj`lUV&D%%=uJ=iaNQkVw}m1)@P%} z%%d{_X*uwAA41L+=p0HTs`5oM2s-YenPa6Ls}pw8)G~e&a$IHmvo-9^`T<9_bB^Yf zf7d83sc|zdovu^b4aptZun`UXG#XYH#8%qG1 z|21OiZlPvrihiw~vA^7o0pRv0Z9Dh4p5~ zw*OsoId|=crBwcY)goQ1#wv>FU%PV9T3g$QEoY?l)JDmbka8{W#r$%F{sZEujDm`G z&5NOMg;K!Sl9`I))Pw`7rn~6t%S>wFc29+n>P>^{Pb+?5r07MMG0NF60DW^T`r~Si zA4!X$iUDiTcgGhDoq#)?3T~xStpDzs>BWTG{IOUE3%rBh?Xm6FL}mboZV{X7w0+B9 zxoJzXXhFH9g_)W9T3!UhFL_KQ4-nbdU6fs$OPOy?bi;TJx*N|}6Mjc*m{ch>#^Id^ zDvkB8j?KSU$Ux;T@~? zi1lx`Gd$UROwj2j2i@I_GsEqjWrCUhKEDGlFD4|#B_+MB!@^omojPSRoZ!$O6?I51 z(+S31;GE?_4avX(RYATC9$Ij8TI4f7GdAk`zE(z_Bse&+m%tl_#R_u#%P8aZ4lOW% zq%{=rFEpdvz(jODZ0nuH*>OsKL7}sN&RguJwi6H{dF}q6IL{KSgq4$Q3X0D{^fSAX zTN4ZTYbi4A63L(Je6W+03xF?S9o(PZag(5Q-QS~BJ?nhH!Xng&G*c)LXm%3D(w|s> z^7_aZTXCjR1G(hV^5azRBeJ>I?-Bo@!Y%C@5v`1}{?A@FD-dc5Kr=O*uiF!ahn6Jt z634?y-XBF_an2>>(1!P4Yq5!Cz+%nE?TY_yhbfz9>;{0d`aM{<!KbGW*Ho6%gF$>Yu0;$~O6U?BtbDVXw*e=Q>R_4`OQ*y1E-<@Ash2R>P=< z5woMUdCvA&`b}26BH%#pzrIwPQ8~;Eck|3IVz)h zr2|nmmvim;?u>-E;c7bzEbC-sN8^7}mI64GtR+>f(9P`6ejAG#l{xd&a1^R&08S~K=2s#24F&K|0-!jQ-}wyNDGKUFdEOt<#RN`2WDLYXyS88y zRc0W-QUCdng+My^YJr2=qbirjtaVdXPP?pLigih4jsn<<6Z-ZcQ=86c*J8AcSqFPLc zlB)>pE-V7Dhf%S|fImF6HVXcuK5)HU`392aTLI^bh#U{5KNYsofQ1s0{kUa;ll?G} z@{U!(N{8cg|355LQe48u392#s&atWue-GY9H522L)o1LlH}!}T+sbr`)LfT5>$?SO zwQ9zVO0gCP-ELlD6`uH)n~A@X@xrROH=+~Kqvl|=Q4qFKI9HUMhAoS(;@j7?q-$CS ztl9A))as`NoV@FCpyb5kudMm(e-t!R_O^9&stbA;qJPkW(!k=i^}ww)#Ph(WJKbRsnJn%!1vWM){CA4Yq0i1y1?Nd=Scx_M_$qS%bVS7l_SUFqk3vrMyJRs zv{FFRp-pAOHw>21#HVsf|DJ>i^;Q2Qr*U{YNc_X0IqP+$0N^kCt^spNfvx}Zn*v-JUB0d zM;L}cc=ZAlJ!JK7*9N+oLFE^ zFnP3r#2fSdkN6_$vvE3wUR!xy1b>R+1YQH^Hqz`(%N=eo_`Mi9RG>)I+c^}XEhkL- zLX}kv6{!Ez_=vT$`ypTdA(vq=WlCtc8ZZ)4jMXWl?V!A_JVG7FpaPMdRxf%`%zb?% zP0WLnlSOsYnKh`hza`j<#z%!Lv0?G|OVck{9n@6eRDOv3<&ai?b*vF+9Wy3mCp7|- zMim(4)jHF(UAO)$Sk&(y_I4q5>yTAv=X;6U)=r*b-O0ypE=-=il8l!{xpTi1t?d+(s_BiJH%Dg@l}Zv-_Q#T!WrLT8b<}Uwt2Q(= zAb(L>Xt;mIyI2Ik$zSSufl@jI1EOHDJvYZDiLlr(XdFm1|5XGP&6mn~#mmjNRb~~^ z^50~-|Ho*7kP4l9_p7}K^RU3xWB;Ts-rAu~amG_4>JeeVz&Xmd0&`4MEUr8UYgY59 zqReBw|8PQS7x3lB5v$(*#z$DC>!ceHHst?Ak!w>UgH7E!qS(An|Cg7ATEORpt)9{x zH(UrNLdI#X4y1wFXHJkiVn?T>{BEeI$mGQKT}FL37;WG2 z7ST~2xzMj$WLxhP$y;_Pp7~au9Y3OS-{ZNp4nl)T6}z(rH-$jkk|66npQiJHD6s9E zOozF*t6?P)Y`jISe611? zyF`_z(V1c7868$et&B&h*ZgU-tXsjQ500AGcW}Ecz0CtW0l$O$|46_L&wLN)7%5gC zAp*Ipd`qI1XM=COM60Mvql`H24nPw%2Hda@TDyDz1IjE@XC|*T{YVZ~+VkNhrKo(E zRu-e$jJKL?G3t|!Wwpe1Bs77RC(M5eto~GBIIWu~xpshDn(hr+I!4^}-tO~8One{j zg@=?(toqj@(=LrZQCzMI=uUYMDDhwPsa`ZC3k`2Ggsc$l%K}K@NB!>$$iU$-_xJAH zQK0k!cL6NNO}GlYijAo#tsDSd(VZa2WR-&2q#$!>WIZP$Xh)LXznJPy-%|WU+^k*q z{+JDlILP+ln8*%?67%{7K4A_a0?kYM)-J17WXJjmKWq9&o-(aCouB2zE|TtqoZ)UJRY~< zB0H~=C1E?qrq-*b(vM4cB-XcFdQWi2`|ggre<*l!edLRdL8U%6aMDaxQQ9y+<9mi5 zvc&AnLc-|wc0;AZUa^>!r7g*&X|ZBu;Fk z-?G75QDu~ubw*fs&GpRVhH-9yvq|o^{!)z$-3!l5$J;0|+kLXHwajsuM^l_lGQHyt z^6Kzmr4n9^imjO&p9&DlcJup#YQ4BZtG#7+uzznLV@tU11!mEFzIbrS4f0(7d*bbq ziCaypI~Aoz+|zUA|Mgzu(1+AaQbtpfduJth0b0@2H~FEth|2XSJ%> zLt94s`Cx@w_KYw6YdFFqM5Z9an(c&r@OM8tIvLKr8ukpCnI;r3D}LJJ<`dqc@z4Tr zZ%l-ZrA@h`zG>UC1}c}wg7D5aKK0hfa=0--_H=>*+vqoAR_R@;Q2mmxi6H;xraQ5; zBCnr+{x8Dp-!=Fm?FxHBNPeBjfrj_aOdNG7+P+u=-r+Y^$pWt1D(nLDZMmc2R{lTF z>pVuC)3yGUNE52&Ju4g~186mc2ec4D$M;}S07c^TC|1IeY{HkH6%~AeG+-$ zGVEuk67OgqT*V7XQY2-cJWibY3v^*Nd8ePSaLT(WM> zBU2wY(iRx&QQc~fR#WjHilCKq>smi^?JnZ$YHP%Ns3vyT%_ z*0aEQS4n+5KiV2cC^tyl?2Dj$!dfZE+h}h2Lmk*k?6?b3fwY_$%Gb6z)Dzk zWwze1o?^M!>-Zk2F^igRe4ixxjzubP{U38Qq=D`iXr6bwvd**{G4Ho?d+mQ)B z3lfwYvtUpu-3|M`A?1aFzd-yu)}X+7Ra=?G8=xi%9=yKf*$8PTzeeY(CbkagnIA~G zhW}icHdtJ_yk)4UrM?oTV?cnw*ey0{y6hPh$_vjU1p=3DC_N=q_R^h0f36?vL*+h7 zVwV@z%0KvU#hSt{t1TvmV?jP~0XNL6f$Mdppdpw^8o2#El0IW9>K5QFFCJ`;QgDbF zSlBdRFp~WyLI;(67nFmSnl!w@pHt|>zu-0B88lQSNXqZ)xE84HGx-$#Q~`LFmGA+` z;GEmr&ah`JEm}|bd$TxzL2?Jr@&nU z6JF?AorHI<+ACA6@qPDtw_fDlc@Q?{kX@dzLiR+Ay2&Q|=RAP6#+f{ur(xM2$CM@4 z;R*a7-kNY(H`trB8!vNY+!$@BR$uN8+Nsn3BibmqztHr=Ij=;ymKlX>A-kQiOmz#GO{T zX76QX$&oLwvKwCQmY6gxzHsc=(jLUQML!U1t+Mb&(5;$+vNT*8AkFqp>Kbh2rbfe4{wzf=Vr&sl>7r7xB30G z2Y;p|KHQJS}TInkl z+0vQBTKLc2y(aJ4S!D5c)a~1&jFKyenq$JnGEeUH%cF6G6Q8YIsXBwaIojIXCsh=v zM&)<&!9LUp42uRV6veoh|BA={P~jC>#8+M7$Ic6JpDQ#;))gN+SUY*dS<<_Z3(ifg zg@#_Z_rvwuH)G0d_tBj2$DcV$&ATcpLhu$~405^qp-gP3a1_9ft7G~~i*l1{p+FLB zfq7nx_x9FE(b~J#!X&u6-~7^|E2?*)Va2aDfWITS9l+pK7|gUg%J9thzs@~0|CO#TO_TMfLPsza-GfOR~*W=(F0N_^@n(7Yri_owIqW#d{*~$4zVfOfNW<5B~4p?RXv)f8G3 zNf|5|vsI3_3a;_ZOJ5Ey2~*iRO{v=+cD}tlWW5i2t*R78E z0qU$0DWu`vq}7TuC9MGE?thd*XpV*79iJ%dTa(`(Lry?xA`=H`)xN{Y2YFewo;lvc zk7cm|gq-ou@S6U}Sb(ndrJA7|#MLZ&GV)P4bL8bWK#S^pwfYg=Jf8SeP3E~Ckd0!B~*OA?xIFVR<;|d%F@*4E$>f1FxhkXcwzn`K&Q=Nyfz7bg1|mkg0gsUb0~?m z{^se;f-4Q4dJ{g}PN?1YU?l;i^~I`4$7?n&lU`$+p0dYE5wC<=KnnclPKL*0-?M?w z6l@v5%0g%vSYiJ>?#)@YRPjN+5r91%XFoG{{)OIHcIOcmswk!1{E@@)##xKvI z2ki0oLe-0(-2@T`U0#pt4E;zhHFE5`oG0Phx;unv?4e9c!Op>+=C~HeFbGOF4!Q8W zrV7~dDTvi5sZ*aKFK!*Yv}~OWVJtHahVEf|q0`5ec2bXk(VGtOjlue` zR<;1VfM@Uii?AJ7;-?>=IWhGW>8zWuvWw)2($yRm*TF98XsZtg)*7RuqOxm~5%eQ{ zZF-aoOa42%%ONS0hRI>6F-i*9H#i7+hNyA!rjQ1B?}6sZSCeU`HYyEy+QrW>UEs;Z zM*y$jdVQrscZC0P%jKbLo+;}HeC59)tgVjGafq~lG!8c&18yzz*;(Xqpn?Rl{qkKnr#m>X)gLGE|F1WQ5ZUv-%6 z8iXe3^EnqNn1=;ksxn;34wNddylk6P)uVI5+p~!!KE|H(^vhVZYmiB{WbZmDAeQDC zv|Onr4m1Ps0=<^IemTn{rE6-Bzt9ynkA8Meq`%AsIPkKbX$dlmILlPhUI3LCWhFf! zk0lKllkE5JD%%9Y^uMP3P*SmWpQ^f}LM{nIC}UJaKv=ZO4pDsDE^BZ1251-G$l1|E zry}lPun_MxYpd-MajVwNX9Q)3Orkv_e+e~a9sDF@?Z||rme}^+OQ00zq}M7p-?9%r zbTK!g;=n7OcydXp`9fh~W?=_AQFokZU$LBJTXJ?+B}dmghL+Lf#xRGh7RS=@^z0lw zg6dC8@Drrqzw@`$=ETA-g}suO(Y4pOO`x}u>MdDG*Uj?Gb{D>>bKs(&dLyJD!n~`imh8+h{UJ5&&{`8B%r1>5j#)eRx3QCkEW^sp+zQD*$spKPUJDfy5)B6 zIOKcmr=cF0QmA~fLG#c^G4FX+_J{(@zD^FvDe39hZ5@X4-c-HdT}Wwsbcq_~qmxt4 zg4%;!#egYoC4L#a)$4rYnb5uC4i=Cb__6ZivTDHS`Oa1Mbs?&p*qUsK*iH8K>FzoE zkuhcA^~CALo_E=!u&ePO-49x0E*Uo*3kB%c%Z)^Tn=0O~-3yJ|%(rNGF8vci_Nlyt zdJ^i?u*$iscY38%I@BPg?JesqLoY9{AAJZZzkJM*Qotd_!Tj`>SB_kH zk?~}!>>^!cSC%R(zqldV)Ra&uyhcskTz+lL#9)kv(eA&a*@$ z2RfmpB|VKx4?7a`QZtk2n@cIqO39L?VYR%Ww0Cx`G@Xozrd0ZNM-U_|(b2Et%_J7> z9t>cE3m{0^h4BX}w#Eng8G+wp_n$6(JKNY4rozZ|yYSB0Em4N0cr8><)Zf%D_CU zq{iRm&AH*!T>jqjZ(4LI68V05wURegXXbYQnfuVGWc(j9Gige3KV`!FFr#OvIj(|H#>q1k z=#beiaF!-pRn5=!Ew6ubS%%gG#eJUtt@hW}I4q6#n@A{n_iu_x6{PjQ)$(p<|ED+L z|7YFKSNHR&y?eax`#UltiPj3Z*oag@>nGJb^nLmP_* z9UHDmN9(CQKCIyPZEF$pO)^48scgTX&)4@XeId<{FWG{&Hs;m{(kQ|cf=YItcyY&% zc=N>J!TOV{Uc8yUcAP79?^jSkjrqHW-6Qzr)M%p>ch0fo0ZZyPEOF&vvuG-sUC(-I14bd*pOl zd{|8ngB*j_MV1YzOK)!5uLPw;%`4|cZcIs+6th9d@2ofLTb;n7^M~(aKFxE3C!v=s>^KP4Mkh}G1AY<3-y3Vx9pJti zB{E^p=IiRw*uw64i$W4n4hsJj-O2hh3z#641 zrH)&;92jI-O63s`DDS!6sN{V?a3$pFt==kugO8ndF7F5OD2V~flHCIt*5Ja$%p~^~-vv?{)U{abWV# zU&oYv|j-_ zxJ`dPPAi$Qs4D}$`A@@v=23QT@OP6%EBL{;{E^PKrQy(=MtYyYmOByzI^_`}chnbc z?NafvZm|++_Ayc{43qA)KXwV!e2w>!=4UwJ4Wcw7+4`xJ1(yPIH<$I`@drorgU%64 ziyMjd_@f;y>MhxD$jxQmvPp%lDNAF{h~6*jZF>)IF|BV=QWk>v3%`kds=B?__+Z|N zovY)_+SIPEZREX9?F;VRA5?@mFL@PaUX7T+-DpGkf__+y$ylwCAJaw=!@->j2CPku zL5%P->$sna2}&A~Tv<=?70dI(=O8radOPddJRm>wbDk^g85k{&?TuwRkDKqNG7afe z8SGimDyVCPer;#|Y_-SBZe;h$P8eDr2F?ll0u{6}uJ&pT&`*uOMGkF_ZnXV)L+{P2 znDYS}DP=n)58qxGy?Yw2sIE$+9)?1Mro=MUP1pHiN6OhKHnbl2G_uEQ_01C zdHht1X6@4Uze`;P-=O&7{%I`;PnsF1QT1>T?)-xNNw!&-1;#EWcY^hp0r*pK=5*uq zbD*Yij=grur_sim0%?HtfliVz4+x%Xd2)B`u&E%BOQYOffBFV5A7!;N7xetFX~5lf zqf$<5Yb{|)VM~fYPl6u>yqlAdyN-hf-!6ZqIf;QW^kr4^DroTj_vfI;~;YBd<#^`Nhz_RLsV-e zDO27t(4zEt`aYo0kip#5f%$kOVpI~6r3Lrz7uujJodj`+wn`eU1bC0TOIQYk)26cn zjl1?+Ofq+6ZPP4v@7*_^Q~TZyRE}fusys7vuXAwoX>?$9Aut4`M%&(aPsy=9s4o-= zH2+q``!jy^Q&I%ACHP4wVIxG*H)KwI(XtM)s_(iWvFmqF=pqzRC*f&$ z-W%$|f5sAzo^i;Dj1esks<`DH=%2{eD9ow%Z+VD+lpkb!C4f5m+LTV_UtLHS;om$M z0MGo0l$$81ytmsRqaU?kSpALX$ z-D!p$QW4r|vecINkuI7vYUEz0u#y%t;8xbnAoNHkZR8wc9r@J35H8i+iraH@s5EQR z;H+^gocch%Fp;ov;T=~~p!gg?69$m4G9YNVnRV?pdweHz+=nYs;b*s!?fS-6)+&0Y zpI%TZZKgew*4tAR#I>IpUY=Fvv^}vs8~_QlRVO^XXAHgQ^M7#no?%UGQM4!?kD>+y z8wdyy3pSe4lorJT2oaFpL5j2lluk^7N)e?f2na}5TIhscB1MqiLr4e_kltGYgd}f! zik|!K{qg?1d*Ao=555n=&R%QHwbzxuDM$Z^>hi|8D;bsHJYKr*{7D$^5WL>3Wkh;;Y?=Dk$YzfbIz={<1!! z13agOjKVG(eyEshej~jxE`W7X4S41FDQO~QKgBCi72@v+O%&nCHzqwLg|E*X|N5|@ z%qcbjGiKeNS~T|DN9@ZYwQ2Z>}GSye)EY_&@E_~aulIE(R(5NabjA&;~(lcs?n!Q8o0_qpBUZN zso9usC}V9sd(?;PD$^Dwal((rnS@#ojQ0v-B;-*1cId|mUoD?$5r(g*xt3=simUy| zmYqS}`pIR}-U)EJ*)a@$AnX22aEZ&c0!Ss^n!9PgnN+5FL85$n7-B(as43w}cJ{E+ z0PLF&Bbz7aRR(~6MaaAwSaIL=hqD)PKbf;9b7T07pA#eKay>_!PP&T7$lAi6p7>|- zXg>jqn*y;Sig#nI9~9z{6V}bt+j;cz5RN<-^Iq0+{u| z+F4)k#()^%0&yPZHDhNWe@YarCAN%=En+1{GSH!`{J}T&3iS}ed3suC*)`D5_7;GU z)nTlgq8Y98^3q9MxeL)M@jcH*lWgF6N9_aQ=Gl9xje(j3j>Z<)SQBM6)R!g<4}LU#?|fu+I?D29@-`U z?3s0YLG6cP^%?wY>p@l1zNTK$7EeCgdD()XJ^MWm(k5=}XF-~6x`%a-;gQEk-U2Ts z{$2VPxWl{#mFdzNkcA|%#oF@l8@ZM8GS0a*_3REC7Mueax&kV9QpDF1zIW;`pFMb_ z9dqCL+#feRZ~r@tNDa@W_Ys@RT4h!H*iIk$ExuMt&XCw7+{SDYN9j&;lY%m1 zyL)BEA|Lo|EQnm*#c^$Xf7o#6@7^l(JcJ6leF(p<=sQ!;8rZjRHF$QnRfAj{;xY;? zA^)^oS@*)#cgt2bdKYjOCzL;}pQYSwT>cOkMSr|2ZUXm8Vplx3d?i1Dqs(qzVphR* zy8{nhLU?rAv6R)^In<{mq7JbH>X!nsq#}1yRSKANwh?jY1Z^xBJog@Tp`{CUy=HqV z0Uq*NK+!?_b3RwJF!`}|PT)%R&Qpfdyz!{+5=uxnl-{%Yjsd%}nce!RVYL_i90`5jh zcTSwyzFk^ozMLJpN4)Pw;cfQLBq=#B6p$0pty&F&%q>+fJ=M_b_;E?sqv?oh#iao; z%lYAM0jHHCt7<8p58O+=CfY`C?|#uzpHBe z-ByGvybzLdkah1;LYqsa*c0F~*+qxW}8 zH$HqP8O>69b1H||Wu*MNqrVi`ouJq8-M~AD5ex6>XIxWo<@u28of#uqsmnOqx!nTB zf1+Cmh=CFW0N!2rl1cF$@5Je7`p~)T+3EoPx_8Up@~J}$gsX%8%iUw!>x9zl=(U9{ zrMOg)gv6n(()%^R>0HDYlV;mz3_qy<_}E-hsw4ha2uemiC=7;ryPp5TVyG!>n{@f{0uue|`(W#|Tbp=sLy_eM6z}Dbshm2ZCSt z9;Bg^7BliLU%D`Y)o&BIn)NxxsTWi^H-&sfn?+UGcSWG7BB;8c>&xp9m#y0nfBh}z^=SxY}^Lsz`6yr3vxYI(px<+n?p1$}d=o)&p&hngc zPa(U5N|R0YRe+Z2M_9^g;v(sJW>^ap`eVPW(w&gL0osD`^+PnDe5xy zkqYad1r`W3?kNhJMtw`9z2BT|$sz=#^O00Wl2eAeYCTE{#^7qB1 zI!}2=qDDbGcDV+@=F>CNTO74B1@2W$>5l4I zOCK?+YxD5>;~8wK3=VHwObk=1rYSRj;6v0$;h-tOoJal=VokHu-S**eQLT2crzI zY#eOpjDxts`r~BR44Spw`cdYC(ub5F%6zmZystzf-H-S+jO6|~_Vp)=MDjVO*x`to z{0B=drYi~PX`jGBxqFStS=haeIZG+3 zDp;wjrb}caAF=L*L}-OGZnlk*LReiz=*)A>1Clx_k_juzncqvt6zSy;=Biu}RGKsa zzCh6zGIiZr21u7|Stp#}uZ(gUB5EOyqma2q$SY=nv7y7~1Wq)2F>i&mA5@^ zVTaGp_uoZ&dMr^DuWKB(LuI<>zqc?uzCXC6)M{$B%Bp&&2(#4iwx>&Xyz%*;MV9{T z&*xv8tk_*ChvmmS+bBx74Ba)Pp~N&j}3kGgDUd!6rn}U(n z4K#_{4Y(MxPd<|@bkIABB9T}y046g&0(4qWi=8KJw=?H**Q0%xp4(jzB$t=O`~?OY21T}U$Wclje*zO3tUAsY$f+{;8vL(sI7mcYT8* z5rt6B{VM$E8^cd#x6$wz`UpT4)~wRLvi`Erp+p0fERG6`T=aE|X%lj2a>{+5ey}4R z69KPK%I3qo4SdCgjX+Y0gF&S#BuB zIHFCZ$sPMBt9riysJBzS1?|sQX-{?Q7ZUe&GUbEJ6b7eO-ugC!tdj^+oXKy^l}#JG zFMY)jl{=k;G$4o1&M|rX(7G+5fFTtp2Xr@?^kw=4&qb4OAHw&&gpo1|?5fr#qN{$4 zzj-vj++Q8bT&I!_$_VNhQ+4TG=NYe>2F;e0DL9^0p5uK;YNc`9LQzC>;`_YW?YmXm z+gkdCQwk?)wu^v(VjP?>@Q`cs?A_eN1=SPzJn;xEdTHMXt>N^mwkUY9?^4Ud{21Tz zZG#wofBhd)3SMrQo50^et;h1 zwD#fCO1JBtvxYFTk}Zy)b$lSB_KZPe>!&MM0-Zf|hLt^5 zBwq$$2y!<6-0wK!0bQoQ*lEefDETKJp>HBT4%%zF;0NR3SF#=Zjlv$Vq%JV8Jfn}* z_ib~1-HFL5x&KUSI6_e#gCwO4s0?XN6AQN2ZuZf8CRje_9>P24zAA?k%VKw@?8zQ| zGWW-7De|=|@gj)iWxm+#TcR~rObkBtKLDX-ti~vBg?aBV5AScBG&CFQ=5ju1^1-1o zHJCY&{GhCRl)jZ}E6?t!tfs|eWCv_Qq~?=>y+Fs<3`YAltv~idksNKdm-r%4wIKr` zg``G{SCi}7=umd^(aI!cb847!Cp>lRw!&oSjZ`vs2+w;G`M$5KR-G8+Nwj6@h2z z3qM*3tdEyfgNx)uz*p)nN`&n?T~0k~4|wZRwj8DR{kW%`{s;@fUmRw#KW^ReDCfVz zheJi8X{6*$@IoM?!K9Cb1Yxjfw5MFPpPoZ|+T*0YK|IQRmuV=u)2gcgaf$y5p zp<$!5xMt>I!e(`zuB2dYjF%IKvM`byCQXm zzRXI1gbNmQhee!!X0eUz4(vQ^0(QzDVb#zQT)K9L4P`e6a?P&@l58vm5f1K)LRhOe zCYOth``-rM)7bTwBt|631oBZI3&ae2e=CgZ`w*#IqVaas)t`2Q)iUFqu)R3%afK5l z)~lHpa>s7>mKpaU3*D~AS=3sO+1;z7xQL?(6W#wSDZAo9fRQpqSevYlr!_o+5egnJ z=7j)Df>T_|a5X{VP2TL95$+UK!^AmlAf&4#_%TZDDAMYqwXbuUJBsE*aikIxK0&HH zx1nmIvy1+WGbBq9qX;_ZV4gMq|)fd{E)zW-vb%X(ix&7!9jLB_e_puq|%vQ zXqQp4H~Dk0kY5j2&H!{Rck=+-!OL55<_dOOOl~E^*6B{Bk`04{o_m6acDtxhag3t9 zhmLp*9puMUD(jBnf{(HogWGK_yY{xnhCD-g&M(-k#Piat?34gqc0l|Sfsi@dGzNjg*kP;xDzkC&!0a>Sr~u_+zi}8R(`}M26wPsE3}*hXPnJ9s0q2XaGi(wHNFZI zKSWAm??W9!%H&j9vSmHLJS!z2vll?84miqG{>6?t-A$*q+HxC)UL;4Hnf zaoA*~+&aFFaH34PmFuvKO(=7B*U9jrpcnI;IaX`UFV=Y~Stw?w`pdN{RJqU}YHX=< zzt#7($)S8w8HW;N7kloSZ{#vh$v)DA^Q3~nnt;L%V?cIJ3ySA;E z?vuy<3?Jo&bzz@X&8A^cIo`{Ko1wj$f870dGO(p+<|wLhcvchQMHvyy1d)*v?$z#O z!R2__#7~su!bCu9Ah=(Kh@W78P0Rk|_x9I~Y=7wUo)fRoqN(cEOfJunIZkj6p~_6? zOO+7`CiyITlOCh>&zOnlKi2rT<^w(6^mqJ<{IO}<8~ghDlGcFg2in@-UwgfujNi^A zoe{Ql-mLx03q9j~42cFb!$9E)G_tuus!T87*S+fg1mav-jjrg#XM z7I15BZAs%H+LauiTI8*Wkzsz^T4UoT0y-2XWyJP>KqWx?rR+OCht z3V9KCes^z>_g6%3;hd?gD}Kinhc~o*mM@{ql2*>8Yg+o*QJyiPWnFiA#lorr5PNTW z{tT=9ed%|oq!r+HRV>k)fvDXvb{M&8u=7b7tY5aEg@;Y?A{1KJ%EAfXGukqH^TP%!)OFrqeGkb1uEP^O5Vc z66mNS@n4p6&KK`_T(+CGZEj^dCne8YH;c1Ej!n<-R{@E_m&RZ(h|9=K#%1^fO`ygT z{!}-s^?tP+Pc5@byvpYTmEi7*E_`yO{pTRq{aS1M1sAF}qb)UnpOmVr1GeYM0upr_ zk@v#tZt&+|En*gP!HWv$#5dpT#pr1X+dLr+&kfjPn4nXzuG$d;EjE#-qPV|ms z2*om(fmYr6{*r5Vlj22!<)2$>I;J&}I^Bhbk-`tpQqKx1fW2Ut*Dz;Q^OrgHLxVwW zRzvOiq;MBKz%*uENQ5?#&Th_v>SM=w!2YSiI}Nub#_IB zL2i$^H$^w2J_c$(kM&HSYV&XnxEFrv^Dce4zgJao^8Swq)40yR`}%VNEqJ(3b@ktl z%B;w~!}@TwAKW1`WP$l<#E50lvg9%@G_&2(Ts^1pu)>I?i0^@j#%Avz_ihCVyJT(D zu?r6d4qo`EoiEuH6BeXMuJ#@(gOPSw%LlZSw?E+`Xk_o?E7^*62hS*Y%zOtYbGFAy z43&-|%8U0_|8O@M&XFGwE%?E`0TAHUgWKFXWrntf;Hrg4j%ChjEequ4AYtP?P)vBd{MvGrt!tTXqwlYwXiR)ku=%>m{j383fz5?|+KpS0EPdE9oJ ztD>mlaZ*zD=fHh%rQF^9a(a|xq{qzve$f`{P;@ah~6NG z)b%P;Y-V`3?n5tt;7b;7kcmo$kQ z{=83!2|#3P5QsfZXFMEMG!;3v#Hq)g`Oz#nUX%Hd1Nu2V8CTp|S50FxA zfuJkb^9f}?wXX&n0ACFA{N?`2Y=5Y!ujf02c77dm$5}3LuI+^sX7bqK-YJ%gJb$in zSlP@o=ZA%#rv4C9RHPDY82k^rA*^TjbwfpbNwOckM}3)V20XH+4ii+rga`S?v1azA zscG|~>ORkSzMDU7Js+=(tb!zl1g4KwH6jlUdt9ebTbQmb)-6#rF201Tgn8J->0VEQHu1(QAq;0~z#9rkMCFRX*Mk8!h>e;O4-AjrderB`YFnO(3*#tge?OS0%q5=<@7*fNowFsdbC=dY` z`AS(k$28Jmnv|llK*M5&!o6caVC!&mI08X!#S4&w-H>JAxH8v2wyoFm5`>{Qf5u(7AiLfDeOno za+cLgT*5(<`Fi2n$#b74()bQzlsu?l>D&_vhaw zjAU?@aao^yA1>xPBx5#8?R@W*%%8xkgsN6us0t=U$b#Zq2}L$G1#%}2Cb^&+J%?+- zwf3#kwP#8_7x{zd)$LorO0Ki{$znD`yge=dUA;h z;Ez2QqFcB$LVf#OmpZDe@%AN|6yV(Ml^=o6vZL$6gD!vJMt#T>qrNZXi_b z9=oetyw0mMEgL}dk0yB*&2!g@`ytckb7X69+c!J&npL6g3NGQ1CEi#*Zk%GgDU&3w1g- zGLchO@b!|V=Oc897X|6fa(%c(yR@^sUm#+?zm6qp+fK#DA@xzkVY! zIm3K!3kb#m&|MuGyz2a_uk8)7{tZy|ETH;5BF&Z}az*swhBN){-t1UQ)G%19Wh&Wc zT)jv{9zmO%o%*x0!6;59(8(GPEX;zYT>#$AWcs5!JXg`hYXEqgtt)Hs_|=)S5nIsr zLC}{;?o?wYbJ(gM|IyL+)Uy>~=DbUy*C}DpWiVnvhvl0&9W$C)4|c+E#U zcZ6EsmRC90N4>-udL?9K1HbGub?tC&&v1oSp-EKo3gpJtqq!{a?^MeA03)TBdS z-B-38t5dz*DcK{+r4YfBL*x!J76$pI-RjpjG>_(wH`Q}i>Rllx9g6Q?K zA%bs6es|29Aob7c-eL>S&IcoUa;?R~D5y@0Q!qULl$9RW~+yERY+$s_>j$ zQ8Umm{oBrr)EI+bX}NbX#&9c1v!(0ZqN>m60;`vnU>+>_N|UFyrNP;iZZSF^ufDO_ za>`w^Z9AkZA_)_DPA>Hn($%J=5bclNoHQ(&dXdYMpp;T(AGEON=2nCY!Ux{Y2e>HK zx_1WSWC|R(cA~&M1neLl6hVrQ#|E#roa*m%4QdVGT8gbkkeHVJPD0ThyFAB(pfIA< zt+#?Dj7SoS6F%L98cytp0a+en&XKwj6B7zYx>8|{&0!1*b>AKYw>?)|1MTg;a=d74 zqHFd3UU!$FZ~4)QS_%~F_4xiwr3K4$kLAXdO<78F7}V6=g0(v>#l$Mryn)+v0a>R? zXfUhX8SunN9I=b!Os)IZ?Qv`6-Qg=jYBZ}t*~0Hb%Jhcr{ng=K57HO>0;b#cBUtB4 z){o~mcIA;l!UE;%kEf;0g3VhTbYax^BeCX76s|HZ>RTBzFZ41cpq0zydHh@#j%gfg z?iILHMHhl7V(XjpI;QqS+ie%0;pD$I05-@o;RDTgDbh!bDvMAjU|XmOTG1MujM!=~ zFs{995R-qS-_RlnBmOf|ie7k9ySsSDju4g<6EEEw z2Xvk>;fx2pxq*}FN2h0FmTt=^d7mOLjo?eXp1CUvYG39J3eocLMa zk$M`!@vR~LnYFf+aM<9@5h0$A0O5z&d)606>?_E94bmX>hDjJW-TKZo5H)SSeA2MM zVsUE!bU{r6(NvbO{ot@|u7PodlBsNsa_hqNbh>>SJ*ESH%zQLlj6dn_%j(5<;yzf< z4A7Pfq+bktc~)6w*1~l3wB)vr6j{!$w+v<~$8&(@IoTGC3af5=*f*UQ=-x^{Vz(UT z@SRV;uT-Mjv$JVwb)^pE42^&N5e$-U?7m`(3rsjs8?18;^sE7OSCg<1!8l76QX@e& zU?Wati)C~;6SCrLqKl%gG^oU8o!1xz^dn04$xz!J5Cki(wZ#u&*A>?nN*KY%o0;IG z67XUvwdSfbFvxE(4mdBX*taJ4D{0uo!P3go^0lnxju#Q%)Ub zIM#eFj6p0M0mY}4{)sax?~<5*k9Z3a%9E)W8b#1q5qOi(L$~W24?`MQI5A2FbR4(Z zxA-zJMr4E?bfS?_$TEG!H`jA@Gx)B8?nZSO5*;4oJzJ+sig>@U>|6yd;xjeepuc4# zG%=A6d8iW!D~KFeHFoM@x|hn^>sp|npv<$?Ih5Q>@2t4lw1)yy;{!Df=y^4zyKQZF zn5bGwygN@oVCj0_!B`4k12M37rTY&B&}zdq(~O*e=>{g4EFsYLw041?RLt`y$+uu3 z0}5ShWc|3=BGhc^;EC7>e5OVbEovM z_;-tlHLs|ITO7t#4l-3~?L<_t^&NShnme)O!XwFT+^|UL_e*9XCGPMRA@ee6FIf6K zHuV$ni8VpjU^b?FJ^s?}Wk<$ma;A*2y0zCNl_}cdP@1yvJX9$(L^l0o9@*hGl*8N` zJ9Fc*1R~2QZh;uMyoXc}X;jF!RL*G)9jN-Id~Bg*KhMr*OdL!&O(}(=TVI|!TDU^S zTR$({SHlBr{1eS8cR*n|LCL1td8NYD288wmzI|FieuM*oZbR_%mh zYP{_%J}f@{(>#qr8(n82eaapvZ=VyBxIAzy0y4)X3%8T)j%ft~F{#aA0vDv&on%og zWVUr=;41?u$=p?5hQg@_rWFA4*r}9P!Lx0%Jx$mqt2e*8s%WifF@VkuIPsXOV*cG; zB2{PhkDGLoW7|6846)^rg?BI(o8xwX;o%9T@h%1vXCul8$tohpO$4h@&NB+M=)c(ex(6^YUujo%;7 ziT?5JY{Ujlp~i5LC0nc1m*}k!BUs<1wSg*K=LO;zk3p-s_pF|N`0#A8k%+Xb%|9R5 zK;8Sofs)n><|W84l=jlx*626XW7#RP!1@%u38oAN4xTB_(7eqPV4{5zCUnV`YYk?x^|rBr zM?uvq-zlf~6mHP=(B4NFBtLUpDRJewrqOz9mp;MPzIbip_RH_gH?qNw)8ZVZVdknJ z{cB|0rjadTq9yFFWx|jmMx8+pu%)aODQU$n z4;Q}bAnHrb>N2mTNcx*%_977z#ML;)m$NQ0WmP$bxH^G10@Q>t{wK35M%VR-R_#RR z$UzL{OIWJNeQ(zfK80j(N~&G3)@mq#FAeqt#%7!cyz!3JEfX#*IZ^-0OWXyJCO;p&9oo;c+eO!RJr9J9 z)e)@568HIfg*OyCWa$!>jjj0Wy7ps^IIy@PATHz5m(B2HHq&Gy=mX#pzUK#LutUb2 z_vg`lFNRlSyv)-&yJBMZ9kSMaAxn7aj_85QEQp>w&@T4u6;<6{__Y!t0-DdZBrx?S&Am@<**&83E@`RnQ3Iqmu{I@zBDumR$@W$5kLdP8=gdSZEx&n8 z59B+qA&)Gj4~}E!PsWfo%bjCG%(WDfflcAsaB1O}8)m_)+hCG8R`h=0J^U_VJ7l!Li@Cr!WjEB>l_zKl2&2pk)^+8p zV+~v#hh)gL+;%jNjnVt|^RMfI8{^x(1VxR?C%$demB2{M=mGC@WtIeN8Ye#BEhC+* zl3v&$q^64I{FvW*8u7}apYSqhriifjFy?F2Gv!b*=RL+-Um6=^5*`c%SVP|}ZRN%2 zZfwEipRL%mz;CHPJ(eM2HX2lT5Q^Dj$K{c>u2N=Bda&i}{=Ne^F$}FJ5-UN@9K_8+ zTC#a&VMsqvJ`|>ex6Oc^tt?2Hkttym@rR5t32((ugD7&cIFX>2lVfQ3Qdu>+qjh1- zf$+@aBsS9qqWOw>u~9iVeOaekd5m6ij(T&@g4ZHp&WD*G?Kssu&V$>Gp^+zb5`0h(^s1ZUy-`)F;%_Z^HTKqJfeaF2f!ba@@ttLwQ<_g}&OL z6IwS)Hw=!6Uc?r5Ti7rJf*^H8+7f0%X@Ld4ELjC2*Z#(9&M0Z3rsFpiRa0d%%cuPr zad#{q-!>xk?igcj4z^Hn~2259bIgOb{^i^ z+!~@?48{O5VbtQAJtoar7fH!cTFU3C=}ERgsydsu$|jgCJ{eVYHep-ilt8F@^!6A|J5490oR_ChY9f`cCq)I z2!*K$D$tl`u2`4KYKnxt@i5>hanttaT){j)DSO)q8fjwrnoyZWzG3^&6QG0tRd}r7 znS=-tmnr~OQXcKr@5MUa`ew8rKRuosI8o|m;GuBq%SrPKY-|@3Hzg`d5@hyiGmOFh zz0ZH9{7;uOL*sL9d6gv)QDxyG>ZJtj62QF|FGTUNbMo;EP>BdvIrc&0=*@Qy48Cyu z^`T(vGdOhP4djMD89dL+(5b|7F+RR@f@;71Y-yAb0@Jd6rwocS~pSYweyC`6A_`7*Vx9{pWtx z2>W?0a6p(_>2)l4ZJEpP!u|UO1r|sdI5AY@$~@Z=C);4)z7TzaDv-u6e)BlJT z<5Xm-VTYJ7-kjS;J_z1b&Z@oUoKx($P6j5Y(t+1=2Y%jp@IOh>O#x}`lBsG(T1+06 zE`-<-y8yVd2Kbt%BW!NctKjJvI)9=kOc3 zCEw$|_Q$^io)SYicx(KRP9(}w&}%EfKUsqvVusD<8-1*^w`AK}a z?%XC$C)3j?g&vIiq}0vI9z_!J=qtAllAz_xFHbvn`(b|dmN4hdQqPWeUG$0BL$Q** zu!P30`%V{$K5v~o|~Ed411QR-3}`@7mRkg&h1Z+Z4fJ>7M#@MX0+`EalG z8_T{9BhwU+2TPEp6N?dXY`7!vg1c9xYL@>;o5)?2x>x&vLh{Q@J)C#@$IMu>Enbs6 zUQxDyH!G;VRow4=?pX+KH zon8oTM2Y9U^o3g@zP@NbET6|xU!!Jd@^ttb$d5fsN~!z z*d?&;yWH_PaqZf>er&Jma%P&S4IJeXUF{muJQv{XnVinzVd{t<+oNCB%hatnH-&e zbJYbkz-i42!9X_g$BU@_SZIR%(E-0uQ|2)LqG?jov0wcmr~{Qb%p^@EF3#MRzi z0eHW8#t*kb#ma<~Y zQKHk`w;y_Tv*k1`5s@hL)vN#ctk%h~KZ8wM_BTE7W{wF7`x}+x|N1u`=6@?!FzwLG zCcAi)wH*0cH}qbOVqJoGd|3xnUyuZkSatNux^Jrt{P=U;qWq1q_uJp6 z%ND&o`pddmqdAgl3m4lD*~oxwVlI8o`jh7`qP%X^O|EnL^Cdk!63a@ax1$=GJSKH| z2U^ux9B++RF*Y>~(%faHIH zC&$uIBx|t(>+)uj*I8e*JICRCd+rUX>;VX1cf`v@al}z6agijUDL(h?)Of+DJWE zSQ8#Hs3l+VM60}C%g_a=xjBwJGzT(?`eY+56)!7ZAz_gqx#--$A1o!ku4V1}ObOUP zG|?zjDc0w;TzA_wmkBMY12=w6YVF7R=5Gn9Z>naD88={2X~4#aEgRqN^MHJt&*%y+ zz*jFfpRL`ujLU93Tqb*8s=^qq7?D3cnSGjlO&P zdxy`m$tk?|h&_?oqCO{qIe1+(HKJis%A(IS7+lcb@FSljEbp?JY2uvD4o;Ox9{ymQ zavpH8rs3yt&Af?*uQf^k_8ee9=H$SL12!^$FqlWgv^BGC&HQl>{UNO!doP)!2|B=w zyYNO(OwkOXlI+9Ts9A8S;F~P=yHc&^mhi#SlfQcFUzGt=Hq!pNn_DteS)TQjx(jB< zq;>cOa))&iY@iW!+2=tq^SI^v=2cA?K6@0@*HgFP7~Y5E))~J8&HTMHcp3u5ra(*m zjNYXqu{eykA$z)D)vlf&)4H=mJE13D2szIf-q8eXWu|RJbZ%?Mms1&ZtnH%u+}-eB zZh^mi{@jZuI1)Skv5@bfYsCa)?rAjU7GcaIOc`wnxN5ejPh4M9W_#sI%QSeuUOp8= zjX&yfo#Eq(#EZ^-@ZlZ?ESC!<{%4M;+WohXdk!Y%Z*;S(>v|TOQ(Bk+9%F~8{ayP; z5(pv;`y$U7D1hwe1Cikue!ux_ihqWfq|oz>^)R76R}+61QDO@^twZ+cZBmbyTs`Xg zclno}mh%5Us$OXJe!&UP{VOz8+!i~0KCiqh9UO)dpo}0^Xmkl zzw-OHhur5x5&*ZN%KHu1#B`vPhXyS*-r|Qysb;@~rpuY=U*#l$fQczLP}1ks^(wVS zuvv=XG)dC9F*fY!nAJZClZq6;SLnR-{?K$y{%KRQ4E^?}gY<9V%ztsYz&Au4Id`w7 zW`%F^FwTPEZuVS0hxJAGk@eUU^V-$%==xlJfYqWgSWsw$fe~Na-RzZkRIu+?Tb;yT zG@ZogT=aB_(n~LdDoh4hr-pT#WX0C@#`5xH)86eJD5Xf5T-UnnXHzynzxeLA9aCga ztA);9Z0C+Oj{hK9o@hd1xraYoHUk}=b{s2Cp{5Q#{8;LiWWdV{sEYo2;7!iEZ%>ZN znai)*L%HOYHbnb3Oqaq2q!+R*H@XIkvvskeqVvFB8UyVeFwV?!)KX(dW5=k{;6-Bq@a9v}+0D71vSFu1!MQhTFU&Ldti}iZ z)Sj{s-Bi9N>WuNSxMhvYm+y-H^}TE|=Ks|v`Bzi%e{!jVGXCR9e)cY@w-gd9EM_Q%QQ(?_mzXa>@h8YTBj`d>V8^SYgI zn|}}I#aHk3v)(>*6gGPink28z$r0snR_Dy?)7R?Ny;Y7&{`tep=f>4zf?}h!@M_wq z7G>5$ZF)W1FGA1SB|b9swbU!K=&J|C>#-wKZ%JAwdWiELM6I` zKEMCF0g~aN)_2FPP6Ue$mGrEJtG>~=dMP{)4L299ovSjc6UK3~CsQ}CD_l9~QiJYW zUCr)JJg!^pPSeU=?0$8DUpdM$nfHmI?p^Ek3Iy0tPdwkW?}(*^0kSYR$;GdHZgkqT z&QfD?QWzX20I|S}$1KaZHcu2)oT_Fj`Ct8f=I_(%|JB}i$2FOC>*`>cQ30_8kfx%d z^oTTRI*8yPVoQL8A|N${kU=^D$3ibUN)Zso1_%i~2`xk=2}+9ygc3+J5fB1INZUTZziUTf{kp3wWXvsp9!&u_C{9RO@9TUkhm z@akn1r6oHyg`c|~lB_|Da6#uFk%Xr}X=atdv#@zatf#18_Sw}!(hwD8HmY=aQ|LJF z;F(FKg=fHLrfa0+t>mIsu?ipmGTZ3L3BVBPWv2Lag`T4(p z*c%bz7Gqv2)!va*t#k4y*ri~YDPtS2@YZbYSJOVXw~w#~FpOtU9*_S8X=!`YDXDYD zb`xY!gP(VGTI|MO<-Y3Qoaod$9M{55d~zq+DIvSu&9P>))?flZhc{zBc=v+wG3_>P z$4_LLnqQ_gKBH-lXa>9H0QitMqy@U*VQS&$F$q%s@oxii;6t5B(q1qnSLS74ZQ!|~ zq1w=EM@n}F{5(v>U7bV!OS@K!RioiCU9qdd3CVwxPH}B3D@~ta(F13( zI80hx66u&4IbJH_1fZ|8uk;`X(qf_(Q!z$HI&l^@eV>S%hA)){>2x>l=>H&K|I6$Rkbjyb(MNJqiLgT#Pn8ko(1WY! zTK*rb%jIgGGcC&}i6J9gL8XZ&JYqd!VfV^yO_U~KvoNWf@y@%d+w|aYIFdVsFwKJ^ zJJ3dgPPMjYU6-Sns?;R%NSmD*4~pb%G$hMf3ysD4`E~So;c3>O2_iYle$lr*7m{B* zZhY;6W&&I-FBe5h>Qw!Fj6)(BI`<2wjnzLh%_TI;a z)z^hGf9V2j4}9suG1X6US8Hj4o6WRWFRjN|DYl-CXIVY{YQHRPyJ9bFX(W%Y`4{g& zqfxaQkrx)Dqj68Nk$mQ31^9yb9*tJ^lknMr64b;cpot3SkMJ)Hoa5Ipf`kv7auZ`K zoq&?^Ra_@vDFr~OU0Z)Y)ovmr)h<-Q{tOCg)-&tEaX-%%p9m=!RHIRHv5!tT7vjS0tpA* zb$qb-!QE%91k>8dX9fPmq|jninW%d8`-e@E+mg7IM92?YJf*3ft99Wojb0iq~u9B>j8!v=>zgbYwsvEz?Q~{ z06X(P*UiZPU@h50qP3=P?Xt@v^6Q@m%HWHm$9X*na{5VoNtgAIOpZ%2|53lnnEz3h zcIww3?8Bjd?JJ6r&5#_PG0zF7gL?VrhnBBKB)T6RozaudinkO!liloKreL8dZB1>P zc{Io!m^YWUfUZ)oVa*_7 z&fYvLm*-WrlT*l~l(#m&UhyB$d-KwrZr0=|Fe4gOo3_Vryke6S?5QzhDAsMgg=4Ew zSEWbuh>y36dMFlN3$x-Gzu9#n^fc>AY>G8o3;C;AK*<1C33-+cWLvI6xpD%ogR+>B zujm+fLLdlvot>Rurl+;-;m4e;STLCueQ=q6TggTr)0LvxFIq@9S28$y8a6V(nA56i zZT5;iDjk}lV9zu(@9#EpCCTV5q;OU6u(sfXojS~8u#AY6oZ0JkG3Nek^QtT8lM70f zu@UAC+*Z7-Cx}@ZNt}>>naQmbX!C$`3lTgx(yb938^bZO;~K!TYG+17;MgZNc)(O; zB<#^5eevs5Y)V_{60ELh{1K{sOkTiSQ1I%#Wrg)Kca!v_)C{x2;)Rto|ZFOo4v*)&$Ai(!Zb^#$Hx$fQ>~+R3Z8G2cdt*% z{_d_WU?#>cEL|tR$=0+U?QB?X3VkP05`sttdC|K;dTV=H#;~qtcippi(9hq9k z-2#1IIMFY}LY0-LVuzY$8rY1>n|{O2S=r!#F^m4};LwzEv&%K+9S|??mWV}A0}Wx* z_c1<<2uSZ7stymFGSgX0p8d5n-f--IKav@UTy4u`aZ)jmzDB^ps#gSo-zjaj@*7I{ z*7Qa)>v0vlmmbU9iQ^rR-l#gQ!CiBKGm5gZ_6fiCNiKY*uB^2(UvQV&Z`IqIHhMPu zgm!WR|HJ|@X50kR=cU8l)|{@-g7%@8wO@O<9=wN)x<=%J1u3J=fTq3U6XLHOGSV38 zj2i{jfJlimqVdavCV|MJG&)rZ7lSTWkt%WX8sHeuCRZ zaADup6O^1qKdQ60)UAuk)74^itv$GV{e@ox&$VF5jZGOY<<9*+)ZpDxJ5#|p6}ZMe z^7#pbX+XiGuN>&KC_50qDY`qk)!whxXS5R;1DA>g#bpVpKFwx&u(7t`15p!r4zBNf#)7@A2%!&9}cZap!{+frRO1T2(( zam5o%c4)E(GBaXE^|s%#kA)2(qmZk5se3ald2dwMPlm&i-i^4Iq9K(z&nW!r+fHi} z1*`--5o@YGg}0Hw3iRLxVP=kfXWMYF_P=hnps^ zHj^~Zw9`z{`S4~^JWr5e^V(plvy+T;o9VGN`JNgL2EFilZ#1ckWL*$~Z+ai_!11r^TSw#$9LQPWua?Nh?|vh; z~0?ANwHki(f|>KtV2bFpMiHRlT4d7Vk;Kll`<{yI1`O5HM~% zFa~52^2O~c#x9wd{-hP!Qx<_a*56JmUm2`<9M6mqH+H=V+_7tcevI`=mIK#dhV~{S zTOOLR1tU4(0u?-B2rnqizC?7TPq<&H%y;Qpt~s#3v?c`=JqcDZbVKMSA*)O3J*LQ2 zd;Q=7QmKgn=#YUc)$*l~A;Zj;N4gGl&cTU{I?*6SqEIv;;xt)J!BKr~lh~-dZX*gP zS2YfDKO40WoNQ1*_JMH~5enB*Ngmn`9V=HVrMz&%tAYd?xJYvDPv#uw3&v&=VXij4 zC!I#80*G$xoI92eVhZFr2agyEDFgi9&q}{KL2Ymqq0N^_;`MJrR1q##!D_$4ITS6u~ThEPtN= zD9y3H%v6kLHsFdYB}I5iwG$cyCHc9fE68Tjt#*6zcKx!xHX9#JzGpC2BYk{)ZiIzp z72zJDOTG#!$E+MkL&rv50yvpBNLg9%qv=wq5!)?fs%ct@rR7AOd<`n)JF+(~#XU$3 zgPLX*XFeHM(EDC5I4-T1zf zsQynf7DDRcMPcMpnodk@^ww)od_*@TyP}1(9yYwaapT4}mZH^-;`u--NkZ_8j4F-1 zTSs|Mfx5=te?WW@tn=D#v2W{`yZaPG`6DLzg@gW81J@fD(e+IM_j5Ljg8$Fkib#Lx9U;%@WXkqol0d+V za_fi7u$x78ol5M#xYQRPElCbe!uZ<_7Dz6Tvr406on_k$0}^BlbhM|iW2eqB8I{)E zBgZORTnPnmeJ{#snNsiwmk`*?meKQ`|3PT#UPyJhXY`GAh@-R;0Zs|wYoxf$XA)Nr zc~@a~l}5E;AQF|Xr?a85I{J6-SdDm;PcA?24=$gr=zaKrWf|qgb*a&R475xU2XwC% z4deDERxAxj-Ch}$hph$7za5ee_+kOj#u25PL5(x(q+Bk#9G^{?VXV@P#0p$n&5Dg z$7W0QdB}a!9X;#Hxd7HITNyR3TpT0Eu*duzSfiVn>1I0hPY>(1cQOG;2v_cv==jqA zK_LU~?nkzJZ5&aOnS(UH{`B@1$&E69x8P^vgDE=eJfw}+X_g$$VE80WtIqR1?Zs^; z{Aa<;3NrXkf_PW~h7`AZ+1Lv%K^IVh*(!pkDMk;xEYq1ENLFb}JUyzq}X zgFGkXl*Gu)DH=oGNBRUn{A#)$o+7G;hBF8x&b^y0?s`zU$d778i7#G*4XR`8qNdmU z&{_)|<;4q{DZANsaIFN<=x(xn{sLqY~3Hw9wBqc>bw~8_bDvJ)KtzI( z#WW&1UQI`7a9`T`<0a{$fwPNMS$E?8LXg7{Nsd9kw`)s9*_r8!4(r`G@_OTpgEiiY zs>f+#Z&?Z#;q{ekDAV0zlv}$aS&w|G*_w_iMv>mY&Pm& zcmf#RYvGLPQUF5#uy}YWme6B1?Madr`_zU67d4yaaJ36}(kYGVUtpr%hIlR%yVpgY z33(58^#fhi@P7R%DV_#+avcnJREV_#Y*DVTXV6Ya%TS|_T+nF|blomU-#trR@GL+* z!%Ph=f`zNUb4;;vqK1m!K9rXjz#(r?qIF)7y{5BV&Qstoh%UCinx=i_}*OLhKa8c6~wWc2511Tit+D$u)$h{1SCu z^LzU5hMVWDty^fAAF&D}?_UG`fB#CX@*Dm|lH_lB{VlKWmgGN7ul=n#e{0U)n)6Kp zf1BF>AT$5B>G<1p{6|cOM?9a;?=vwmdDhU-V2bq;?L1WuNyybd4jaG@(T`Wf=KlBl zPzr~Z3wW=B8fQOjUq_t%+p6|oT8D@m{vTw){2L?nk5rt>f8K68Zh#n++s)5*R8DP(5p_Jkkx|q0Pi^Ajhr1f3){r@VZcb!zW6RemXz9Q%_qGS(#E54s|`8TOx>vEfn9O9OtDzLxN?W|9%6 zpz`~)ZIF{ceNeU9-D7BWNCRldP_}sYrtyf?1|u%hHI>}AdQe#lPv#ESg>qv_EB4^A z{1Q~m73ZMS5i9RxpJEiBd{sd%Mj4VnsLac3Gp~ed4v+O3MPH6kEGLCXQh#d^bI{j} zHYKLmPzUkWjSFO>5rT}{5)y3IU&?8K&twn^etXl18=#U_BEK4*fM0P-9j6w$dpRuJ z$zElwX=sXt)c>pKFJ2Y2*sp4_vR|%U+Js7<1h|Z3phv#6S{slztAt}sV{RW2GL5_o zTv$=CwMNtX$MWx+iHi?zYFXZU`xU;ZGebB^PZ~YVyyNJE@vQx%Re8jq<+D3jnP2XU zs9$ET+7bwU)TBf$xSif^mWZ#}We@F=Ti+Gcb-r~b4#R1AaBu={)fTd&A(x(;RyfKp zbkhH<4P3Cq!1f!I-w$sI=uHxf7IA0)efQSEq_gOza*V6cklW;PQ2CKua@Ajm4=Nsz zNktBnb|TvH2w|sB6EOgh1F|$1{MLT5qEVdr`3i8r=6ZO3zgFgS^#Oq4)ip1A2sDUUx#9N{Gy2MJ+f}eOAnIh@j9h9+E?jr(C%N5$mVJ(;bc=6$aQ@e zdNI@&fruqkSL@X`G_+lTQhsduJ(GbnS=LDe>`p@whU6bPxJDibWq9??`nJhs#O8jN z-nBeY_Q}N`hf6>IpZFOZMt|2IQ%UP>ldo|qzV}oX-TYqdM?U-i0fy*5O)dSWZ%mvr zv~iy4H40vJ@U)8P$L~e5SGw7hKM?zx4wxy3RSTC7H?VOQJhqLKrFeZBezCR(*4CUY zd{^t$rREtbx@iE(cuHqC&K9mbQa!iVdOkpWUwz91K3 zq8!q5X)4`}@0b_6x-{}qi=Do<6u&s81PHU_hi`tz;vFEl<@7Z3^uc+2BRNi>; zt@>7-`oK$?F0(|>an;zAVb?m`g9hMg;}fA z@M}ebb^h7dwLMv=rL37wV;wSnEY>XF{A=^f2fTfH`RYe(f={fg!h+9C!5S~4wp6&< zFKY0qIib>)FL+g;Pq2?EWBL%)LaF(@mjd>Pg?1umF03roC5i!^E^o3#uH+B5ZJY}& zEl9pQ5N2EUdT~}IH%8V(H~?*Zrsa8c4gTFM-9&njllIcRtyoEF%4rKKMkXHoD7H{~ z4HjL*(5v}*y6J23ZMKT+urj^}r^k?;>3mS0C~7b$4_rcsx*wN*cvBP36dY+$m3)y3 zi=A=oxj^ZeHPRC_(%CBZd5XZf$-&w_(mQLSj#SQ&qfFhAn3?1RqA{+{eY|I5flGvu za=PB!g0N+`>gvcux927H3fVi? zgLNKKT?NVErc!AOlA>NM9Vwm{wDYrwww#$|CM9n28o6pQYmr{;lX0b5H`ucA{m$oN z>;1~NfAkg!4f#6oh?}Zzn~R!cp3Pj@>ogcV^Je)R5LxT)3V2KQoJkJ2r-{y;XR<#Z zNV$JEy0=Iq(*n^~Oonpxag zD#yGRZTB{peKz@^c$^h?;a5(3fVFDvRi-TGLN=+a_APb}CJc-XEBlxSYt@SnBOYy)m~xEi?=Tgvy0x=@y2>i}c%OQEx@L z2U$Y6=>nz%>j!VR;d^?$Y;Q-4)YQ~ed01%Z*|4y%2>-VJMnBK<{hl5XC-Tt=3S(t`lq;IQHcNLy8zFYiPB%8P}P|ZpQ*4_{d|)dqkm-PB<)8&r>$ObHdvcq ze4`_kwxnjSVZT0|i~DU9U%rf0anPwZ3tU=Zs=*A_ui!5H-;Mq~6t?f`BR#z$on|TR zH*kTVAGxp0WdOuz!iI#LXk=#o+4;^dnf9>nxC_#&8S9ZNn;f_Ns~Mi+cRL#A)77}K z+$WMdUQD=DU6wXcjdJ7K&jsh=o7T2$$xVJeT4iSD8|s(RC-n5It;8TVd}83Jb!)kgp>5tb*Ui6@(8 z?=ylla;qZ@PcXWo3EST1aK|(5`pD{NN&jxkV!7W*Y(Dg3AFY{=JA(t(8$XsNY zv#yy5WEZ~XPG#^|{?%#yFLnBX?<`5;-fr-;Eo zQe6O0_@+UD(r^%>GTe*2bi(V!?c#I?RKap|R-wI4rw*#(z%}RH7EZ1LtrD1cog&^F zmDmKp;e$bq#Q{tG_g#G9h)39)n$s9{c9nX~r<#7nD)T`ocuF%_{Vj$2zQN*RZYyrd zVP1aQ1t$0Li0czxxNjkOMWgB-u6I7X@AF{n#NHS+GTPKE7Z9%kB{`NBEZeOzvxBXa zlU!o1Bm1AbcJ%=s%*D^oh}z0_IJlY_n`tk`A8+LpJ@$>(hov_R&Ai%s*aJal$hP#VQniRZg z`ARuDHzq(ae{&#cr;*U*{zy`@!IFztEp0bv?s+-7L?N-PA!#W`P`O&F6|X0Y>hMa= zXT8W>1>_F?9lJ$3O-4=SB@aaQMb}YCK%>0nts$TV}Mi(Ancyfp;We@s;2A*F@aTMM_ z>+m6axF>YnO20m@Ei+KD<4AzrA$5`=!^C=YN!hl=*{|62n^w$5Y25Er>z%R}_j%R7*^!cJ`Va`fS!MmI_J>e<1{OJ?UwenKBcBAY^4UpSE!#s0~D+yJTY ziPumEwC0CG8IDtrdC=Rw>vmUdrzEwCp;yXG9Jk;dYEoQ5v;Ix{Oc0jKb=eCV!=qr1vk~Q=2Fu8>%tBTOlAasISym>G|=B z(+<|nwV+TLjX)C~wxZDEKqFd81_;<&;W z%{Td3uK`~9GtCz!-lb2enkqk7**nDHU@ncVSjzKLo}&LOXDC-sr7SvQN8LN-x6|3} zhF8zfpqmYEIJI>$Le@%j(Nz82eHJd8q9oqZB+-yNfT|g5<%c7^;XL)mvfAU)<6HbU zLpol6GYTst-4mT;o6#z=Z`>Wr4+@|Ce>@rY&%5H8l|Qzr6Aa_gzv`8?M|pl?0v>?E zyg^A$rCl2#(Z^#5{|2<<)&a%--mb1E2aye6thN$u@Rny0L=g0aqa}8Ix{ytY^lF?Q zD=k3SWax)=!**UH=xd4%py%2DeYYqIb&z(NCwU)@=I`BRx0cQJBcqGQ_ob%AmOs`LUWILVr(S)4t z(I|DNps?SfU(9TFVD6lYlQ|+~OGWtGPr6Z`@<+p7I-#163FCUrIPr^_B99F+Oqq8m z?(ivi@^NC3VV^^^>${C1iu1W%DX7_?oz{BZs^T$Y&ugd0(#g-3Lcja7tT<6EUSmU} z8oeyRcx35x2cc;pILt+k{I!j(<`hQ@h7J9>^-eeYRzp=(S$f?PPk}XE_!$=2{x~GFo8Qzz8wD6$@W^8Gv=6R0Eo;-sH zNS%YPnR1RXa%nFrl>vBAU4t$O&HLs~ihP1S!17HPC$~+H;B&Ip0NUd!x0r8!&`{_C zG-jT&u($!@eLjaAU12rw`!3vAj^S!9WRw@{$-AjmAUG!P4=J+_E4SG zTVqYQN`hzW)rtu7K@Z6NLx4X53puYFkB3ZGwg6hhiv8@m;^suy!H&O5LUWyrvT#44 z^dQUQl+1!swgyw#lr{ftGxY zE7Y=Ag@G-UICGDyN&+`U0zyWKocZk*AABluG;UK59-Y?M6Y#$G(w4Svc6PHs$~}1- zZ4fbc-#-xg6LU~*t}3%IxIDcrU6U$lO-*MYYp0ixtSXSE5 z^%kvXC8uml`H;QbhYnP)C!p?}SV?zC6OS0@L99RN&&2+`I2)wrBvIjg?_PCmFl%=C ziw~Cl?JiC2uI&LoP!Da@kBchjo0*0tB4uC~ImlNlJ$)VV4Hk0)l<$0y*%gVyb zZG$&>x-ShE>uS9u30;*(VyYSwbRXz1m3+iJ2^p~o3E8o0R)0z4>&y|pr(Lkq*T5s$ zU=}t5gydnDBLh>RNoUHLp?@WQGqCC@CbO@r9{VC-v?oUgBWd}OlUw7uJh1r9fjmJE zw0X3*q#129wPXh;wZDQLk+KpZ4C%`l?>sB;Co>FkFsI#S2Ab6Oj*&({uO7fro5Mt&)F1{+aYq!>pe~N!m#FIzp-Ylq zT&`3ghlv5Avy)j z@%9@&!-#=j#od&GB$BbpF?yKyg(S{Cs1M(3n#cRC!FWygEulFRG^<~;?{Tmd;jy>( zbk-m{`}f#06QH2xdw2^>$&|>ca`ksd(WGfN^`Ouy|13x=C063}z>tpqRda974(|iQ zr!c2D!S4Z}3nn+51Ro|A#xXR-%1b+biGQyA+1vQ(`W*Kk|6j3ls<^TM6gk;rTw%u= zE*o7x*KIosF2KM+15N*q!2b7s6_}>JOTNA;Wc(`)plCuKjBj>CtY;HmQnMLS?x;KH zM&x!trX0|E{qOgQbE<9v)qbRe{C}IiYEpy86Bz>o^25W!B1-IAf!v7ltM^llZDk{j s%=<$6iGMDaJ9>-sBkSw0BdoQp@dwlIV(8bt*C?H{x^SlK*K4=_8=I{)EC2ui literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png new file mode 100644 index 0000000000000000000000000000000000000000..88d8fb23d2e120b26056d2c6678a05e091b0b0e2 GIT binary patch literal 105001 zcmd432UJsA*Dj2raufvx0V}99rHF!nfPe)=x=2C^(wo%KLg-OZ5fD(2-ZTh=Bou)V z2u&13N~j4)2_Q&IAdwP!k{izX&g*%<`;YP6|GR&=dkjX#hP_wjnrp5(pE>8Vh`w*6 zbL7yeLmV6&M|AILJ>cNrI?chs$@j-z_HWeP)d}p6J^l}LZgZ4$otbCf>~pY%{eJfSL7#h;{u~@UUv_`?w1N>%92~5CU9DSyAe#loHcWu{zLfISI zr`XqpuRn`+hZf`9eTpsft2R?z_R#kZ>^{Z8@$y7cVIq6z*N6Wr0kqDUcn#xZJU)wy z_FX;+9V{<4ba9!@XqVUdke`ugIb5H-JKnide+#^N(Zov%AK;*8A~={n#6UWK;iL*` zr&s(yna(5|{WYBvpZ|WEJ$iO%5ys>%sa$XTEmfq3iGWqyD3G=2#Rc`e9PZaelem2P zoyM**d?fy!{Lv>`7@@>;1hc~DZS8zz*k7ZBcl~Sb?zSlWx{~3aI(jGaTZfAte@%NU z{Xf+5LPHPWv7!_2WBcIhEmzDL74vqp(e9xmO~~Ygaf-JI zTG4fW%UX7E1|q6)dNH7oELh9kn%dd-#pPps%9bo@c6?nLN=bcHyYzK?ruh5hWnMsLtkUG=!LmnTj6_zvJRvq7l~f3_odqMq*>niItbCmKD^veZxkBvrRkG+ zT459ABbGPA(!MT}c4Sg*ACJ4uzFs1ObA-1f*Pn=}BuKjye}{bTq@;YA6w(HN#>EHv z6iJ_W4@=!Hd|ppgU5$sfi{C&|1T!1Q-fZ{xibT7UUq-KB!wMX}&bZq?4R(8v?V>sd z3agTr&Qift-m@b7Bk&EwLadRGe|a!);$vDearY8HJM zDYLWJx4C!M&iYEQJ9}HQpr}vxPZv9fSJfM&HX&@+`GFMf84gXqJeFdzbGkL9;~KJ7 z{VqHNhs#BP8t?B{Y*G^qe4&LIw2m4(ZvqKWFsUzi6qPPp3B-#m*8gPcReD+5S%>6W zW^9P`@QER7Q>|x9asoS$jF6InD(9S1zZIRv-Hq4jk+N8Yebji(H8L6yPTOkAF28NX zqSb(9VQ}|x5@7s>Jr9rAh;^|fx?>j#@Vu9Qn+6Ov;xy`4?sCY$co@j*s5i|obT2m#_oTyytw?C zkElTf@)7&b#kYLZxFHy6p8Ka&al5k z8!q(*A#pa^9r_0GRj7~=o`X2FXlRv-KO?jphSV=_-^=Osr~l7tGZlprVKxy@HkGc8 z#{jbRnF=f1Szwsa6>_*pK;z+Ig?g@2+x)~|vjc6h@|Pn9s~lY5H=iaf31} zb_?l2Pa`UY3Tb(%g*gUYGinnbX8M7SMCH6kR zlAEkb?(2`Kf~{SRSC_F>ZWMXqFk5U)=b7;WGCWk0j4aP#=$L-@_J(FIb{(!ko1N9L zU6>F|*8JY|C=c12<6oUOohwbv4651iB|Nhdma9-5ZA{b2o}KBTC{$Ivy*nQuFs{-c z;nU%8Hu7bXyLL9K&SL~y@@c-(YS!!eci~jT7F6j+iQA$qorVswOF`a$yAeK*qnK%& z182V{+tNN<8s#ooX_VXz2=m6K_x=f+;qimCheG1jrURu(EIAWNkD6w=VBq`%hWUtWYS;L1 z8=iO9NI%&x6TXQfW0h--2|=TA0K7P>2wPIJrfr=lx8wKuBG`o`fy_;INiU_Cnb=<8 zC&)=37HRi)D}d^J-iQ^F%Qjv03_CMqhW#G;tlUb1<$LGzm8(bFHfP^9%)?$((1OLh zYIAE_SV)7s+>5LQ)V_%3hXNdJl`OChL2Ld#A2EA5kr` zvBVN0(gHzbL~tg5gdFVyhCg-DyJ$r{)oNkJzjo66%wsJGG4uJF<0tL(y6UclxApMQ z+b?ovQ^%Gksm%wq%~2M!2J>5=iu^j-LnI?TP8RUs z+(wz#*B3WDE7h!_(KVXU*jLt0+*8n7f@+s5ETgLDRA$ZZ$eoEWToK1=fV)PzaI1Zt zecgoHPqzeq)w}CGwSD56s&2=VKbpM{Hnd6&pi@SBeamD#DrrRh@|;d6?(!`S38*ao z(ZMuw z>3Wy>w3V5n#rTS`oC)xAsWs+lbQeF6=G#6v?UgcBHawEC2EGic>l(Tl#4x0+aJQ3r zsu0;8V3b@N;n){QcShLa1lcM8^P^=GPFi(Ip(5J2l{$Lk7iFysvwYj8k`D?O@xS~T z=3f^|z)h=4F7uCnGgXz*b$ET&q`opA@t5^>6q=-FRX6*U7C{BocZO5= z8GUP|PU6TW%^~wnP!;Bu2xxPsQntH0cqw;Fa{O++vdL`jRme$*)sKO00@;fzGPo`k z7&?oSS*GUCco{wN(5Mb&#BeRFjHwN3&j-SBBW>TDYs65^+x&#e2qtHD=?JOEL0DUS zECGrxBkS%&v9l)*4jFcIvxB=^7Z&Ai&>k+!Rh*!WjGwy)s4q4M?K{OaJ5TnGT=bH~ z%W`>e!wMUZWlBoXq;OvWYUGmS+J?jmP#}8s?oPVgaBWNpG1Mte#E!Iud? z(O^uHka@?4g8bprdcmniQN_~k;7;2{+i*EAu$l$1S}$BWK_5V>YP0SU;*X*|9qR9~ zMxwIJVmBPfOSKX6DCjbv2WzA=;pluJ5w3|PIGUy};ke2y{x7PR8EoXk<&1^ik0{JL7^+QFf|g}uZa@Pnz0wO))92&D zDg#^vXj!_M7G=Py0%w$RiUP%Ov(_^%DRW~(4ap10nL2zmFr@T!twilRHuULoND}hY zK&-s)R?^gH%R1k~u>tu`Wj(d2q|jv*l!0KBr-6m0Rg`ET?B_p!axs5WjsfDZ>>hfAZsm zcBqj8da92Vjg&h8felXb#JFW9_dkEzQ!>{jH70M<<69O`kX{5!B{_#dzj}`B1byB{ zbP#`BsqIx`VPA;ER%>DM9pY^aQluqZI+o_M#ni^m z2SyD@jqQ}dm1ZGD3|^@xoTs2+al<>kGf*>H{JON=-N#$c7|tv1JksUha2N^?dJ6qm zJ(#q|8%|c^pIpzkpDqsRDm9Cc;UO`T`{_pFat8ViaO7Tko!gRQ2xMvORB;>#3|}5U z@>yX>x*~N(1@=_imv!Tkmzvp5*XWh&=nZIl$R&2PZTmTXX$cCK@nH#77)VBw1y~j3 zOpglH-Q@~kXQI6ZfcngF{K!LagZMlcxHR4t?w=(WIc7lfaMTn-p0%Zg_?k^f&rYw` z``#=Tdq$+$9F@KE{d6HiYI{j?HtqOLSkY>O{#JwIfyjymV?aGVc;t|a0kgE82i3aQ zi{c=Ji?PFb+kp9jtaytR&S)gfbN&{bOcYr-bBWqqX12i6B4TMaH_qO;Sm0%|{YCGQ zd4OwjnfF2F<=PGlom+E1+W=;?O{ig4Jk414N@GPyMZ_EaGrMZfo2oeC4_;-hwB;*b zE;c;6^c*N1yz(VxIBU?_1Km`%NNh-wZE`y|vkh}CcC;UK$=cPg7vC9;%uF_*dG@J9 zw`>0qH{}wfCd7wcN(51h4=0{0ibnR8!&Z>NL;amooy~2~7>gj!*wnsc_nc{OKj zyLG{01s=6LvqLo>+mV(S3mUHz$j3At__KT>$=)};S{PEz+1WN34JXXne=7Q_S z>~-4%_0m?^rPORm5uUoL z&Lb8f^L|Brm_>Nq)iSGSe=z>6Wqa3h#!nID**^*#4-U`RBvCF4;tDma73IWCNXXe| zx|Q0{SLFQXk!;6M5)2iM?F#*JmQy+?bl6R1&ia)|AifsV>D3512ou6p=viR*!BW3a z+-#IbvaGw}n`!8uBZ?}6i|Ulm!A+<0kTl<3e2Kn~i~-zTg!|T*8m4l>MtZN_>cmo+ zd;Y#SYz;}Vo%v-tjss}k5W3B`BXGqLfHyphcI>r;yECQ@02QsMeyF+W`gk|)4I-lg zz`c+$Id<^82Y#*3fX+=3NxbnX<(e89YX+_@7|F9^2l9}eCHhgTV?ceY2Y*0tXsR#Hol zPlblwc;}E>0G$cN7WP{cY|MSqhw|EBG9=Q66c4b68zN#!m)16XYbn_9sol3uf@RM4 z6t(YjRkv3jCmB)m$kwTgq_Xn-_K?Y%T5coELFjwbOp7FPaJp!u_=R6mNKFfb?jCs- z&#p44xY6tI6MDsy@g+)&|kHyF>N?lB- zOTAmBIV&G4Q>^+(cxxHbPo-~e&9zdxr0hwPl)&CcG^JyyE+xb7*YKfdk}fVqBfn#y z{M3wfbT%8y8Zp+Qx7JEC)!JlSsK0tF2O(-En1tu}(6wq{vMd_Z=JAD%DlNUf3bpId z(9#xOf~&Y|tC#Z|L6@L%y``TPyTSqZ{mTO%=VVMUOusEyHuU+9YR9XQ)$Zm^tJTQ( zg_XL~(eAFb1vS{A&Q5~*00VY#j`w!~FU}J_{4sQh?jn|P(R=GCA0+r=ta(XIiIpRO zV$NunafulY!SWLe=&>vM9)@;5)$yaXLk?k#k$UMjq)GL9kn2S+E1~N2H|BMc-fGsB z+cmmWRKw)-E8oeLjIKMXk{u}6w4m!%Tisu1*hg-on~uq4*7trbBze2M9LoveNQzyr$Bfv<{&w~_(AD*$okfkr_zf#r4Rz14UyqaC?$`Sq zG51x9qzkAYaTspd4)+Cp$6F^!>V5;KTuSXK>JgPzqo}U)ntXP&x6YD{v1p*Ss7O~W zfcs$LXqfpgY9)o=thn#NRmodZ**t88qAg%oLN}z3CL&(2rWck6Yl__){IO;z3m8W& zJEH2ndp>3nWLY=Ml-&QjG@6%*2uX0O;>+(rP=2Y>e97ex6M<%nmj~S7!@fQk&4>4` zXc2I-cgy7@Auu#Av3d*JiV2+TQzqGa7`<3dr#}v|mbi?%= zgNe;MIB3?e>SA2At1U`ZEq1@FhKAhhB10J;Fy&;5uyEM+F>u&NAm7>@WwUuRxD?LW zcf!s(k?!JFwvMauxD8*yH+*z+wVtKxes=uv>I^hx{e?eBdneA%SgEnc9n-DUNoW6} zW&UQVKI^*Xuj{KO&}3nP==0|}%tOz_kUwB5wM>Y&rbP&JVjL9qm*N5!Kj~Ja*>f!o z$|xN3P5fP#R{R|8uEUV-Up1f)Ww&2x9!nTM{V?k+V!_s$NC9t#{c1oq?A(DC6&z4`DHR5>A3%UgST*<4sL5 z{@{TQa5lRPD^9g!WrXd!#|&3ShNlYby7*)(Qjerfm<@l*1Y7V2BTdk{)+gV*WNiv_ zbI+v2Z$f`GB}3Mx3~-Iy){5QnhP(|)xr(M~|uQ?fIoX_>*1a4fSbBVXSEn zbLJx2Bff8Wt~muGAIeipoG0skxl?YK2%J(98qHVz)rTt285du#Te0|6k%F65Xhq#o z*c{uTZ=)Ly8S=J#1b^R|j8p)w5I_|(GS-dKKS%;^yUgcp;8K;u((XoMbu*na15csN zrLRNJP4W{v`yy?lt@~ZAeFiJnQb_RI+hJA@L9VR!fH6pRPWppi7H80Dsp|NlEY+by zgA~fZ9dV@D_SOWu!no5F{Oxtv{hlPsXnPo}`qY4WL@c$^N;s$iG0Qq8P#+aR=x;MFd=Y*?qJ79*J4_?tRzkypRs0aZ;GZ?>CaQAdkL-o%h)rk8t5` z!c_@x5PEAB9n8WVlv6IxZzsjBgu!8#J3<2e8TOE-@~|vuQ7EgqEjGJwfkXW^`@QTR z(MYJmQBw)QMLp)f^*4wY*~!zKbP}t&DYWizkEj^(&e>?>P`KsgHjuyFm8?Vm{w-fJ zQ#G#pXM_aB%8=cZ@-d?t0)(^3e{WLM|I_`Fe`@6acEd)GG)Z{l zRwSxr`OwuxyvM9|VL;kc=V8dy=x&9aB&u|tlA8J5+hq?&m)$=n3&dq3l#*Rkn;yB$ ze>8RRhVDw?`EO6$<|kGaY!y383pYX?Op1lFLmUChO6iuQJM8XA*_(f~nSclN0rfu+ z`xVtszRKWWJIPOX|Jh`E&eqtKPrv(Ar{1tVy(mR>II~J4Q-#_`IF@RYO!tJC);@ga zMk(Kxu(>RFLh*bBVk-@#>n_!CP1+>|XFeaQkiB#5H6n!jyEf4dt2K*eR-JvQNfR8Z zs_c*)ul1zZW1c0ldr3&p(kCzTxI{T?dFt1Nr}SD7L0CMXdaH%Y)u`dYVBqFYTYQ)u z+|gb{H_|m>gF#Lqj;`*tt=8;PYX9{1A^N6U}T{wY@&5p3y$ll z=X>ft-|OCW;3XVMc1ED6-g$j%XWN@lDr;$t{75eG(;CjY7xHMERsVT!$%w7~X-2F$4g(mAVc+|(keE}P0l ztMq)oPP_Dtd(Zn{2}>e_J7Od<=AVK#AB@C1W50r1yzV^W*5(YTW)~T+^=OwnrGR=B zII_2k4u=lsae$eQT35{FUWph#zeA} z8TkoX-3U;eofz%D@`CI39V-$zYB2pCbaF>lO3bTBeh-QoRfXIvsM>9MbnG8y*Zyy0 zHs)vvd`kbvetM%1=$E$z489hTX*=UJ^C2FGs%$WfhdrEjdguM{`nzcN;pWzHlhbbC z;qsfVdGMcLpb*JQnoRIBe{=9=#URSlWVq2U!$zWXxO1sUx~H@te+)ZDI-NJYsInza zd=)7H4tH%(a9BO1?u~6_k0x#@u3GQqwuzf!SF$>H^uaO~wx!_vJ!_WqK4STJpe8gf zg5E%mwOvXq3l z3C6MKOTJ}Dfxm7o2CgStzyEU#5u~r*at3@dc)hP27ujWJhK+!Rl}s*bo28@6TceQ* z)j&58EHxcQk*2%kw2qirm@vvhhal7}{ZbsgNx*8&pBu>GdhvHx_U=*};BIy*0=XTk zhuL)b=p=?zEx$I5%3k^qo`whv2&=NE#yzpZj8#{f6(E1$UuKR^X(`^)pwMdy+2~Mb zggWbL^8+>?!?J|lkAv)gtZ?Wz&guT9MXbMGUmNWXVI%eNiTmqYj7k*&_u~Z^hjS*F zk}VofFpbdnG*mLA=4bv2wknuzyS{L_;=|8H?SagL{6N$lTqc4YEl%OwgGxc>j3~E~ z@#UQ?E6Jc<9}6#zE6u+h2?QaD93W|fFKrdR+8ka>4dHF3*}y}r$23=u+}U3%-h^Vx z;UDHxmxg=mJcuNgn+wxDzv0Fh$Rs~y5whP%L4w_UgC^lZ8taSm-*2@@@@r7W3+?m6 z9iODohYFbb;7dp#{t*~u%X;ZALOgB0n7V=^zh)ObuZ~CGlB;)iOU7BD5bv8tb%>#m zNzr_@j82p+7godeQ4SsK0UpW_dR4V&qVv}8g@2!e06A*cvq3BAWZp2lk%o{rO2PVJ)ZB$>!^mS?mSO{LmNviutl~(`r~%wP9>0XwGy4cv8_d z@}%Ohc2vL{L<|v3T;bG~s|ro;|8VmvR^t&USB}O&=IRp7Y(r9Y?FyfdCJS)9xc=J+ zcs8|w8U}69sa`fR^Ol`wX9jA+$eDyb1qiz-%b41^S#YUpdh9#_)cYZYT|$t;;RlsW z`6Q9l3TCmNu337GQ-fD)xz(53L=)v<-T_+O9h@FOO_ir1{cQCyB*ubmCEiPrj7vsv z@|gdp%ls?BRL#cZOKY zY3x_qbKt*#jb%{tZad2EM@V??9`lY8dTd2uy472oKV5yfYVFAfu4nroZ1kk)8L`xq zo>U6pei%Zm3|$$dnL=gnXD}^6KD0Pw1cST-1kOCFB$Nc%4aB)<6YE;dw?htcbe;Jf z1LN+&Rns8CYzo2An12TS!Z`L_5BKi}#ZAilZg&v~8%OI;r$8Z_+cVIrx@|0; z<{7dMK0Q7J_*mrdn3$PuZBa_=x5&uk(&LS*eKA5gw#Doh3F}A|kPRiz7cw7i%(krCIJ)oS z;2`}5o`jOpEoctCk@+!~N!wyyio9_lKJ<7T4#-kq7=!(Ynj9SUw}1O`swDErw&rL) zH4n#NWWcBh6bdy8u+(NhakKRIvSBD%knVO%Zlx=C*=Sv3_s{H$O{XGwzcOJgOm&~g zW4|zd;a{{X_rYkgBqbFcM*H^WPO_Xv^$v|rr=QMkU=`8T$mD@PwYbaWdT0I*ZEtH~ zsEqY-*H>(P)bAqh|M-#;e&QE3WdK#(?`KaG4L!PQ&t{8lgNuV4xp!4pxC^$~*Djqa zTLL-D{29Z-EjM0f(K_U6C(ApSl=55~W`A#LoG@e_!P=RJ*~o7t=I+cIUvBt0c}$a; z^PiW2UlJ*qp`qq8@kuf_YbAL5Meu0B34zNLzQm*wydo| z2xTDsKbu367QHz-B_(BMW~QJ(ViV1}6Lsnop@PXC=;Ie0nMHyc{wI6;uUwMgfTkcz0O+3ZC>OcLTB0UkYlZ%xzF@@wpKx+s#q^y;Ro0=&feGC>UD1*;ZAnu{h6(pNaB*O-cjZ_lO`X1&6GL$#UE~^;_1v;wHdL zR%Vt-n;-Lvt|>sYT#B|=CI%>4inmQX9jT0MsYV6OjWFoNS!RM1p4S>>m1S0T9o9Ul zy0XHN7L@fV}hU5pPX@N835yCu6c@`|K5 z+A3?tprg7+cL*>#6x4pO&HyQ%*Y~=;-V-2!^cMHKV`N~Ksrewj0Kk))vc(5fi5NJt z4|vLhIOAz_*AthGWJvS?ZXrwYW>T{~wG(w>=1ZXIVztjFzerQoGo&Ix{1PwLjOCtd zrjvipYO4p!C(ogtf`|v!Ck_REu(6VqoSaQ_GBu2jhYTi1wHGr8k{lyqRA zfsUQcTNhV9+sl2BnVyWoVEWzqFc6gp_P@L>{ZPV*#o}}N>4^Gt$!6y7Wsd5 zIbcIyyI2PcS#)BI)JADmvBRf%@i-(PY`t`*KG#We?Z+xsQ@Iq{mg)l9zC63VeLlkI zSI=B};s~!VVn#|r<5Pf>k9mV1E%pR~$}o`m9i+aOCIv^)X>>#kTmvmKHRV zr%aV2vW6|juoJc8(zEJ}wyu;it3A&SdL;C(EMI9;VRE{5FNvH&^@rpl4s=V0Kid1g zqBOLa)4nuk;@>r_o<)9=oMtK-~vteL|h=?HT4zG!#5SIE(4C5C8$ zKa~<-}Yivyw)^9Sx9fe2V)Kh!9WUmsS_H=92;@un3Uf-M1NtrUg>3A;FJckFrWS<;jZSEiSwKfAw@J;F5AiO-N zb%`rv9*XOieQ(S}@xm?LOJ`516x#|& z-kGpuc^kiwL?XpSr(ncGy9%?5hYY0%dlR!-&F!x4G#H{Q|(h|XW*1NNHN z3&)T!12lMH)aCx5$}=h;Zml6^+bP~;GXag zSD{@x?6P7PR8k7d6OiRj+Pe96LoIjjr+2@3=Y;pWJN>BQZ?XRmWwQT{E&o*nC$QO~ znk3fMKa-!g!UDg;ocu0I{QsVW|GzH!|4XL;ehZ*@D4IOThV-w4PwPMajZSx0f0cJd zDP^}{%)b6Ua4;t_<0Z3)4|wj0mp;|9|53pnjys({`p}hxW60x#j9^Z9$vN4I)w0b! za~_8I=`+nK;uV!`owSsK^3G$iluq6g3mG=p1jtv4&MusuGi49=-;?$?In)!S6OZa>rd^hn)ZT4#i|QHIEG3LrGHF z`RWv7c@n;>5o@5qvoSv*^9T} zpiE8q5S9{}dHs4c@(O|fr$V}%i9q~Y7pJ<2G`7YcH#m%aCS8! z?ZENL{HMdFX0tCtR@>4+_w(Gj)vO_2jGbAY=zaXewQfE62o@+$4}jJ1wI^$r?@*H& zc)UpI27Xh>#)r9ombI~?!@R&xELYJ~rA5s$esO7LWvmPC8qUEq?8kjC{NPB9Q!%`; zTX{Jv_-2;xm4!%07q|3vYkdIRMb$Q!P}rxs@?3J~bm|wc=s~eBTaVN%hDaA1$kn8| zFb8U&GBVvvxx_?h{W)YRTeMT2=?xgakqs{F(l-jdoe;Y)f_r+*&2M=7B~7Vw)1gP4 zy}#=vSq3Vw6YADqPc~?pk>zr>IIW~ubJ3cQW){C#xin8E-V|Rtt^GKno4kpIi@f2=?C?@*QbX-^+><*kR0mN0w0 z7wtZDb(d)=GS5`uZfA!U)~PgUN_d-d&%90tzP@pgpSZpv2eK$`MJUzn)TYZVE+v?R zE6ld4fak6v1@@a3%7jr!P*yi!2;3=T%1$L)>f*$&H1h*ztqiT7Y}j3Pjp2pO0P)O; zxiBq3#cys)$F4H-3Yp(Z9B*w7fl3`na$)4^>+wa=GfgLD@ ziO0ZBAYp;em{*UqfD!$v& zA>E+$S8CQ=MP*u;cQYg4)3(`=H^T3v+O>tOH@??4XhB9Qusa(%v*}lnni~lsqm0Sg zZs#IlHxX&NGCnvUVIAAGE$wB_w=wm~2i}@>uj>Nu>)=NJ z+G~|x&aSl{UO%gMM$V(a=B{U3C~LWZ-x*dOTy%$tgt4NoDJ+I%m07rAYSa2rlkd`U zDkD556*MU3#`QlvTQW*x(4%UTG0<0p&rKOzl8_QmG;;2;D{M-WHJ3i7U*Nx&aZYS& z#ldK>EVYOBG}_&(Nt>*Jj4SQRz-;wDTQ?!CEyyZsVu%e1_9QkqeP+QU6w)hK~b44zy1f9ixUBF^ORb(0|&esu8OTJ4~FE~x_ z?D4*q-J`AiB8;18^+sVd#ezcqdfm&1_m=U41;;qs%Ft-CP?Y9i#h!Py?kl9mtjUB# zMr&FBb>r!_G0y-8kW)AMla}ulsVu(?V#v%Q^4to5SHT9$X=ET; z(zJ$dk*f8qE>%}P0^8xwgVm}P4-}- z|8(2_+%waP8Op)H5k+W=O%xVCySt3=>N`XP?T zKD+2ZLB>R&E+KL`&*?jt&UPEXS45qtvuFn=%gnHD&Q~>;h*2xH&pAUKAHt;qYEKh8 ze|Zz61Bh{K`o*2b3S5b-LgP(rKk~lvSCudqIrIxi_M_bII5Eej8M&%^UO%zB6=gL{l2@kXXNG^>6hGm!wtWic0K47ae1>uB zbJlnAj=2bS75pqr89TWA^_WNC_rlyK^FGo6k$w!7TaDj`X8CnB=N@>Hwp)G*9f^!O zlY^W?F^ky^WsIT^5!U}kREOv612&*wT%6>zNnXxa(7oKH!OlkHbjft9et& z@vv?6j=-!dD;#z`$kVG+GcT%fEpA5lxHveQ|2iG{H&{DLZLSjMJyy8)9S`nez@ye=2d5HcuEz=qf1RBC8{h3>zP}HZ_GosF zSnU1xeBd2y*E9aEi2hj*{MWGmIN{2){}bH&T@#UFqs=2Im;Cs96&+~cc4JAz1&DpJ z`1GJjHnwwL^%`2~4OH#MWyIaPSn*27lCJm@t-Fd}Z z(Uq@=xfvp7kSB9STJE!F>!$0=QTTkygkr+ zvV;ndZeUSVkiya}KGInjcg)~nlgzQ0nj2;y0~-9a2a{sEhOFUFpj+>f7Ii2 zy+()cUf+D_eiJiP$s?g9Ip-X}SWBS$oyFpxKuCx1%TK=ULkgg^h{J}Y)AF`f;;0M^ zIUL&xXeH}!w?j{?z#6z?-`XY zPWrmOVXYqhX;}&C>a?(y6bv+00{$or(FxFemLLPYRE_U66 zI$(zcdhv%(o)IckB6h)K&b;TzRp?*H{>jjNBM?IJ;PEKiBaE?zekRF<%m2Y-EK7Fa zj5e)kV#ua(o>?f~J@Dbk;q? zl8zyZst02HC%GF1f{G?S9sHwNIcU>sH2Uz4{xAUaUb0ykrflnDz8;Q(njWr^HGSWH zj8JKn+^%7DHocyvEBP)HQTyg=71=r|4v^s_5Kba_>PN#his z=J{Ns>SVQOBv=_A|B}aeW%-n{$W?}&wxlpkoOq@1q`dh9-Sl&z#&{^sr0V+5D>Y8J z)%c@}*ZPstgt{K1GTx~9*PJMrrhJ1dz&uE8YO!EF(K82Dkl`0NV5zP2MZ?J#IIoLW ze|q=Ws`6;cF3PEDOv7yy_k{&)*G6gLA_uSr|Euq*7Ge9*Qi)N zWRuHHCT=K(X^PTRrz=l&;bU-wq2%(CSJ_JyDk|}nDaqC! zD{X*rDEU6VVe8{75nEv*;=7Ixta4_>Se~6@OhrAa%lczP(KVPA5l0}2Zx3bN$mr)S zx9{?97XZSMneS&*h%tik$G0y)2S$WwKHo>v{qk_1t4mJb{3|*B+j-tqG4W!Kuula; zBQ=eIwvCW;cGtjZp_bHfRekFt(j7<9AG-0!vc7!^Gl9Mk1C3(Pb4}^G`q6`Bapanj%6zgD&okhA_Zl0EO0mo5%hy}1 zJJ`ib)gRAp=q{)yLR1-3l2QSa!n$YVL$&#pLtWo^CirhTlOsJcjt?$ZBkSsq5>Vcl zAJ$H}n(m;T@nK6fX#eds5MWw+u#{=LzNr-QZv4_8R$pXIx0pTU&P;6Gt=xt{%dedCxBAXB-MVazh$+J_W;b?88;{m%TW(>D=r zFgWrhm@XQb{`9OBJN?}-XiA?#4Y=J6`!vhDzi$4uI0SFxegW~e)qtDCrb&RhcvMZ^ z*2ciBrLP`8q91Ggv@T?{?29g7DzM)z=h&;;TF{o+sz@mlOf6`co{$^VmZfd~A z6g4h_4GN{Dct7)9=Iq%&T!Z^>D0aWcTGZbUG^c+aFIAlw7sacEH5i%pOPR#kwjA?& zw|(B^$QjFuSHrK=1Fq%NTC*aG#+{**%l*7-y;t!)(MXtaed?$iQJ+aX0xcL^-lxy= z$G_KoM6(bB8W4P*@2#SP5@8w2KMOQ#NIS37G^5HzIV6n_>Rwv_?vt+axo`qnu%TDl z8m2P(@TSZ}^F{eE0wgB=NqhMF$I52~^~he3DJ0Cb)&*2DA^ySvW{CGo_Le|Cc$XJO z-)Kd=SS+w;VAD}vj!*w$r*ispK$g*Sv&RBvuF54_ya7+^?1n)4u@n)_aKZUIGn(;h zmSWM)ITq*qZJ-H+_IrD)u@O?5u6p5zfVX_xqG%0dIT*M{v?&93!vFUyRD z*;bJJ?`9o#DS$3lPp$z(BrLPH6VrSK$=6Jhxi0+TzWfpxkgKMdF-`njFn$L9oV(@o zjNB)h!X)hK^iCK1?4Z*1NwzE~X7(wx=6z%?{@L|Fmuz;sz5nSfa@d*VMr}L#l~e+2 zT&4MqMyN2(b)T6P6OxWuL)cyzdi6=}&7&VDvk(yx3xE8@#Q2ktao~=dYKTRuqs}R9 zm5_~|H($GXL{z_T3^m>1I<2AhYyOGxIt<5}+DcfXj#Pwpmz-78+?mzH4i0#R((1{` zcG=AFaM%7_%7!xor#ya9!FF>ij%jmB(&ESq8JzdY`NW+n#_m352$!|LLCGw=dwWJJVR4zplITVUr zV&e_{xvr3b@;MgoDh@&gSUAPq8{?>sworJqHUoNf^S5&+PqG@h#KQ;nudy11Iz9nnaAKjY!6k zO;n=)8R|!${b&oepvhD{v% zMKx6@-I`v2A5lA!K$qqpbHUKqiVXAmIF zuaY8umKsD0M1J`<$QID>VHZQ6{DsK>@zTrW^C|39<;wT}S?uRp#J)0jGxAGGrhSAT zK=ZtdSw|5YkoO59iXz~rUZ>#7$=ae}m0wVWR6h6kBtDwo3on4*F`M-Qusti@m6@;wo zJEFY!G1s90Vi`{7FOm;Z93;htWW`dmL;v{p=7URom+EOVh6Y}_wfKrxlcp4D{uhS{ z!NtM$WKM~n(yYt^P@o(~;!`XqdK902!IpZ4bobL3g{?rm*FL9ibRsa?Fb%*y8`zAV z?r;spM9an>eg(%UBf)G<7V5^Z6OX{HTfk`wu*PUd$|mV&H^-HGyQ{Qy$%L`ftjtm! ziXam%RfI&Pd9tb&GgIUu^?#f3p?p{N`oZ~#3`wUO$o@~r{qhgcG5Ua(XD}y3-5|1! z?(}Om-mf^~f}tVT-9)mp22t}R1iwsuvA171=?jid0rYwm_aBG~gFMj_vG$eStk2ZU zNPW8J(Pu59*9-GP<-0_W#(AKkS5Ph5QjPMgg`FyWNWU>WB4?ePb;wp*Y2I`^g~RUX zZZfvy814s7CE3krO_;(j^4ZG0u6rVqA3=d`%yM5)rHgdVc37^?Id zz|cbIUAju|C4>^10-=NwA%qf0co%!0UpenNckbN#&Y8J0mp_={pOr=O&9k28Q;*gR zcq*nUkg}E+5g{H4JY!07bE1I(Bk=RxyR=jGQr|i%d zReYCTco7T4p3uu^(U#r!OaR>KB->DLy5;6lNT|AWE}uY)5bufn7GgBRV#ymVWDUJv zc(^j>R1OR(`Q+Kkf^uL3ViWhU`}p%$f4y}MXn*t?xIIsAN9rQ;Z+VSnJEckgFNde75iCk3b78`ud>(`#qY49PPb`MI>B2 zLzPf!AT@oi?aI@vcYLH_5;t9Oql&{=O>}{WhcvX8Ss(uJX7ZIajyyN8<43-!8=fN_ zt^(Myx_Ko_I9K*=?bDDIJrny}q~orTRfKt~>4jsbj{~dNLmqyt=uFV)1~n>2cMfc^ zUG!knqTRB}nIsS{oOW=7A(sD(WI zT+D5XC)DC_xah~hK!a!ZnSOJg&?zXlY!h==k$utSwQ)ZwxhC9@pHn7yYkmKs`kR^9 zMzOOI%inek#Y`-zNJNeiZ9_Z5SgpRYH_*Z8c@D(8;Z<5VDtf*MS@G!J^#-|SLu@tQKNlbv57uDx0`QU2TuQTGL3 z!9vQg2r8hK&F(?z!>xw`NbEUc2gw-s(2IaQ;oOsKeo;b0f^IS z_M^`%oe$ePle#KLb$PMW%Ge+x`zJBEQ6K&I5lPYry zJGD~vaqvEQpDUwh76tB}=_YdpdAD^nFvQ0io`R_nftO?ve}*JrTrHI6>~T0+sQwt1pf{wGMlCSLlruAfee?~rpyk2sx8X7v5 z$4!6h4&`Y~ySn#6WNpxIGh?3>QvE`RnkFmWxpw26Ej?A2aXoa$p9Q~kH3_pG$cSiP zP>z?`LG`iXvDrx|bqgG*Oc>}ikZ1-Or-sRm`uo43zKEKV zUS-J6Edi+v*BW<|p!B&0U64*WyY{^+V z0@neto!q!#**32d<#5N+sXec%_~<{}5Ws%pQB2ZUPC!e3o2^+)hq*btO)a@I=tQNviPVTs61_+BOiMbT*V_ z3o0WfX;;SmwD#28p|y=Q?sbUwv5Kd{*ACR}zWhuuW!xCV{Ir%#L+JH^_8WgCskbq) zGkp=6}}{9&TyS3Y9EkK_Nzn!0a#K8?ZJBjGOgZkvFh`nuXUC z7qKSdn2`_UH|6D4eUr`tAp8{dATZZWb}8VGFR-o%_>-xdkE*> zF9po2L}@G9g5r92!xmMbjC+8(^q{w@=9_&M-aUW=~U+LE*){ztRT~+B< zzt3O$H6}t~zIH}S;>6D6@A9l|Y59ugX=lAZ7UvL~wB_1|m08n(WB~|~@tx2+#&6)Z zqWw|jXT#>SCcTbTaV2LF@BLVp{Kc@-!Q}8BF2+N6)<=g+c_W1p>-_NGiOP7%D?)4S zLJb1OIRMR$8O*U0a?Qf->mSs*R=T%pfguva$*m`R&r%lUNAHjxYS!;8^Wf|nD-3Ln zh292eFtJUF6q9_tC{G%~c0t1hSG}jjh)vIu@pu&tniFfW!f3RjaL8;{{D#Z+vLWOSU^q#Y!K#8aLQWNFYVzk=hf{u7WM~pZDW^nr!4xiC0!4f9A>N}p<^ri zqrAC0t9IQ8?h#3zsa2hBos{NVjuhoJ%-l-Vh-1H`p4s8H$jbd->*pbkkthtq#qtMh z@`QY>CHuxAp~F^>3qVtcE}6M%=zu#_L4oz zf(vjG+UdHJ@BX-NuN2xLyku+T`@(Lc=&kxiJez&0+oN=yNXvtm{cc-@ZBS=}E5j*7 z1=O&+9tUFz_7+KZk1r@$9-EGwaUe$ z6#3#+_Sv-{Ee7RFgt0Ld7yN$Ei1;~~z`$4J9QF3LzT`|6CB>&6-DkwL*-{KNaA`~k z7MxE)V2*44Bd)vBwpMse#yk*z`-7PYy)ZND`7onvOuPVwffb&epN=j?44 z4eADdjnLU!iqe}LA}7b+qwT~&;TCnT9>eFNXgZYQ@Vu^-_`_L|(nzz5ok^iB70G#~ zEBsi7wLq0?H~^DIrJ{GF>QsZjr*P9Xeu3Qy6nBBOJ=v*~SdPV+h6P@Wnu9@(%BT>A-=YKhLu~7X0_qsq6R;Wo{Fd~y#UU4c`rmz79nuB&l72Ro zFeG2(R~n9;6<)nHmk3E|l6T9aBGvczNY3r*##hk9y z1s4{a(34^54j*m%;|BG=hC^yolNx=DOJQ7x@2h%6UEf1r9DLN@?WJ<@_% zX?Y18%RQigMW-so_A7%8G}fmX6lw)Y34tbY^|lb*C|jkWWDOtB#^#?Qb2miXWE+|n z*K&Mboxx(ZeUXk&Pu6?u`CxPornIFjo*w_`BQ4LfBgQgF1B@F9f*|zOF=uj`JZGPorxE~d&t3>d-Lig5|G6CY zpsZb;a$H3BpcFRvWo(OmJMdRe|DjIMs|1rChdWpg4I)jzhijs4Q`Wxy12l%By(i{r zef;Qa!3617k(i@(izU201JME|U80AxQeY((Dru8!=Q+!1aR9uK>Fr$cK(EI*^;XG( z7k}1~>Q!ODCuF@?m&s+DKd-xH%s5|uxq10g9gizi(DODh-XZ2w6O*5f?2!x;#4zbb zgF*EkndXQWuiH9Mm%*BMj>8Xws5e33WQ}TUUoCjyrSj&beV-SJgi~=IjW+ta;~wH5 zyv3c6Ni-%f7lT`I@$)=8eqqWK7=#@Vmm(zB*CPG-hCsAI0jvJ{Xp{V$DO(Nn#ah(< zl9S$npv_eoq~igybiH_^jwc0FM0*r$ua{zEi1q%EKJ8u@jWZnWOx!;~PA%Sl zZZ!5}#b`Q6cXic?jMywx*q_m&^8B0Kj!YihZEJ)r^+p zlo38K?wTn_DiZHC>uhUmSZQ^fK253*Hw~5lBN6fEX9L8`iCN(ac23Ogi40kiTb3>u zZ-3e;a#%w5fPGR?JmG@KrO`b{KYYOJ``B4N@c=422)QiGmDRQwHZthtsp0dzA$EGA z_fzI1>S=XkD4`++6LPv`E$ARk-`}()eWfmRMTNj=YB;@iSgwr(`|Xqt0}Hx69oYCd zx~loG;B`WCruIX8@Q3B)3~RfeoJTzEyT8t5ILKjuKtpC*wxhc{_AVWUZ))mrySaYG zeZ#i-diW!bPqS@20no&&DN&O4sk*Ohu4Y;l=tP=d;~q%t-}#AjERk9@Jsh5NU~m60 z)2OeEpVE0_^TA_e&!;#_(w1@COn+w>)-2|!-q{dWn0XuO!EVIDkF~1Ru#>fXUnaMf z;4p=#!Uk@{8yuv>MBz+4W!ivzo`^Eij)#W0ddy%-HB{*-crIXQ z?KUo(U;Gz4N`?d;6=hgl%gM22Uiul29u}ztG)~{Qt;t9(mWDg5km71vw7+5BX&j+M z6{5FK&b%%cm1>3hqyS<{6Z(6yBDrBsvX8IqWyWDn>xO-r+Tk*UHuv26#3gok+AdqUU9S`!ZpDIRZR}4Oe5&I9^X?j-n{ZDsaRw@hgp9{yWB(TID*8(5PxV?+1 ztSJV@rPBh)i7l;p{(jr)q|x`PbxW#vDDBsC(U_YcDlEtC^_M=Q?))_%&lv(9SZyNB z(C%4Be8K$$0xM6}8&S1a_}paI!b48AR4|IuB%ig8W;X`C(p=KkWbO(OMtF{YQG64* zyVJ#GEq)l@=*GLoMWXiai>8tiWM>ZzId?9_+lXH{4;Q8y^qvL=NASjyd=K zxA)$80h-`AUbo2I>2!vo_ufITRZdSBBOnMe7xmbT9jO4(suDTqEJ>fVs9$;B{JASP z$UQzHs)Tk|GD*&cNrUJlEyrH1AST^-~C z=oQzv%ZX#5i}SBQhhj^rFml(7oDX=+AlkFk{3}4)XRplG3!!)wOsaIM+8arSv#CvO z7F4o|w-rJ8oA!q89k+;a+r7-OV#N70A>DwM*H6dN5C&@-(vR`+9Gu%J3By0Sc3F9C zcHqGfo)a*M6;7^?k26kO-($WuYKaK1Z~o9we-~KdeEK>J;lI8QkC{}9Ca`sJA+>-r z;MHt+B4anQex?xlITp#m%0LF*y7{l>Ra(DS4D3`6b_Np$g zC#<#}FWXe)C53S2ks7Z621FP0Wmf>t5!}&vR)4G3h#qk3c`krFg(O>BR$leI{a~+Z zg&%IE0Z4M5PZY@7RzC_TWr(J5!(`__#2Gs7Rr~Q4s6zTdg>0fX@?67ih9r&zkfbK6 z$z@-rIF|yI3I)KybxJ?3z>TM(Ql_hhUq4efFIra}s{N8u&I+kn@9{&+_-e#82?(rTKm zBr^80%$2|JdvAYHQLcOz2~zT&e?~;7470v#v%RWf{lw6;zf^u@rhTgFWekTKMr#pC zit1PKNb_Y4lz=?OM=#Tm5DsxA+cr!HaVNGPbtgUY&O{&rIms)$SeDxw(cx%2lw~>8 zIyGr>$Ozrn+WNwRxWO?Ba+fy+5dV5z6~m`noxFhE($17xzw=#c!*P{e?VEr>@9x}z z6A@Q2FPRKpG_x2sNx<5B)1PjClV{iK7mRCfZ91<2VuM4XGt+#wcw!csN(LNi2&e!a z6s%_1jABvBC|(%UpY`hUgY*s;>ZD>!1&lk8HX-mwAuLVMDTjVXC7kOAk>HX3yIfDtwwvIAZvG3imHlJ_XzbC|+$L zmz13p+2de_IaVXJPnv)OywKNow1q65g7xy9 zJLC_O!@gz=f09@sP^e6kf*_&UQFZ7hAo&O<&s$1S-g5;rb4~6pspYX--0k9xeBc$u zomsocqc^>(oaFd;THH?pFpOFpF+f`;Xxd(Byj#=CF72to)1d1j0Y=<=MRRpktlzHF zvfc&hu%yeUs&gy0?mhWKJ|?uD06+F5pQ)FngX2t@ap{kYyKf7X6hPGVSwcS_(*DGI ziIUck!w;q#?@K!GqK^mOTS?f|_|=y8GyCumg&g8hYtM5B;PlwD^3C=17O@T!l}nL%9B%+BK=f^aQn0tPu`k`E$yYa=iRaHp zXia(Rt^pnJ;lk8N{G-pRxksY4f#Sa~@MH|P;?QPqbuJLo@PJ12njs$Q`ptedQ=d>& z&_x~O$d}xHFY!FvZn-!}!rYQBT-<6o-rC!G_bh;io1KOP*jV>*`yh~hzv#!Vut2&v z3_jSPvE-*;cb}c(3pq0C{uyL@bnKl|g~Tq*6|MoVqYL+0T^bc{q>T3#b6+B+`7~k_ z{Wr5x5oK$>httacM)7>`zIEgoh9(`cA<7^Kk-|E2uwt{HXOP=N;<75EPgJ>?HeL|Z z_$NYsH#Y4rV+t(}pnNjYSs?!+p+0XJ{p)H^!T(O&{p&ve6VdkZUzhq*_1|vmhAiYw*2Mo)KEqLCzA4Lr+ViyQt00a(xcD!ljhuSGn-gwLE>2EPE-rL{9M(;h8yp%M znw*>*9`>3CEZ)HvrKO~XM@Nr*((MskFc^&7bQlDI;OoeZPXC)p{eRqi^M7Yt`Y$&C z6f^wO$P^{~pVdbHlU}B;mtfBJt!*K?U47Pef2c^-g6(o_5f^2eh;(hO5-Ma)Tb&roi^<-GBeY=A{^&w zU0S1|#5fZoko0!K_yON|`0|->alH^7L02gin1Ls86Rp|!RNc(L!O(8`1?BNaAhl;R zygx{Gm0ia+iT7&y`jZw;_dg1g)_p4Xc-5EmPUTL>qsM_BkK7);tK)n0Y075>`5U#B z3&HcOJb3-{jwet8$|ZjGl?T4wgxry&A|Y9C*pun+^#jrFuwOCEw^g(A+AaIFd(A!H z9jyb$Wu#akdlt8UN$1JT(9^DNE}J73?|{|>D*YVh?0T*x4B^$c7rNeXWU_C=hAWHj z%++%6o$1j-ozno48nv$n+5U|9MDA)BHII|E2B%HySsdz0Pw8yr??5Qpy;FsSjW&j~ zF#OcHji=y!GdC9eNLMPEx!-a$b?MJg%1_zM-lPv{gqVlLP|b``)k=h97vZ2Wyp~p7 zDT9KM3=Us8EdSa1g-&|4j8dXq!;J<+d8Z8|-r z0s~#HRD~Fvnew?yy1K8o{B5xBB`=7pcK&y~bkd%5t|NOk(e21({rn-*R6avd1KgVH zxo;NCxPOlop2IH=(;jS$h=8jt3(E8BR~qO_P8mOd8TUN9)wh9aEyo3S^91Mii%t8P ziwVE25maLnw)?o(oO{Jp(KN}YGEtkuQ?I5gdLGkB(QgqFT-4e33^!IYbX{64_Vb)B z7Q3YN@zgn|WTJvq-xj4c^=C}{ylvt@Z)TNo;L{4z%JN^t`Ym!dlU;G4QQcK7D5KQ0 zq|!=Pvnw^ku=o-FbPbZWIi3TNv~&aKW#6jGUNH)Ho2q#*ms`8}CRHN`@h0F(ZLM=! z^^|ef9*!cD4?pivu16=VdNp*p@WB|#ipjzhSI)I9M2$J+;l})nW{HI^f=9khsv~B* zdR?e5zWuh$0ckawj@`D7^TXLpv_^Gxhn&Bk?-9(D0^ai8xG-2n))OjlDKfvy?9&xD zP9(KFJ86gCZc2AGE%ILMZ*80!6f7wsq-@JFtOr%xk&Y{Esj|6B za?NP?#jKWzRK|VL@(K{@(QLRxc?Fn>tpHcul{eV^kq2c)lp}}f*qZc_NDX+XnSn`; zr)Uiw(L zKG2ktveDR7_S~cU?K&`gMbaxF6+25@>U4REsLJ9}(jIKOVzNU123m&vHe8|6)v0j1 z{>%4TwTA-fC|a;%WJ5me)N5vI*Tsy{mK1g*=~A}XUjGE3e(;&td?JFCMv?-~<2Gl2 z1{UJM@Ts`o08851zX15)(QZ|0cq%2xYnr)#|0i>hoHSYV$ffE}yr2yxvU9KSTg@td zp!v`3&%SQt72gxr?=*l9;sxb7o1$Wbk~RgfR$bf=#*95YHM@F+ViXJw?&Ls>1wFH4 zms|Hu&34%J^pM$M{uQ&vPL#G(Db`@=QL^>Z#@JDo4tb$S(RmyA`%( z_Op~p?uEFavQe3;G-ns{6x3CAZojDP0s&iExpZ$~uk@+q(%8xCrCQy%V2i@-qRQI> zYL$Pup!H81_OdZYUP{@up>B=Y`bi5wU?E&5NHp8qCUGfOQ^3X)wf4@1WP#QbwY|3j zt~AxYv|I_O$+XV&l$Gh`GD(nBh!-291 zjy5`Z``LTVx!;_C97^BRxIZqi`7)hOT7v@I=!HZnq+ zO=&H?f!eQnX{V;^D55h3E~Y+&H=N_)H0oaKj$fJbvrB1E^mg;by>4?;Vv~3R;Vv`Y zhR&ZIua|jTInGO?8(H)_l=>zozCaO+eqJTs}(QLzTB@ z8MN`<&F2JMLMZp(VLtxpczPIUO&ay?Lxc=0SK7z4{)z(h8RP??-qn>_t}jmdqN$7d zt=CWQfw}+U@6v@)>8$xFh?B~~jYwi1l1N&;K z9PAWrtaT?#`Uzg)MxR9Aw@q)HV&Jr^{~4c*f1>2*>c8h5hUIr_L9gY`$K*K@-yb4@ znxt!Z7&Cq8pUy?ZtDVrJE#KDnqJ1#l%hgNj-SuA$L)N#PtsipWfnH3IN?5_ z!$*kXSWv>WVF!0>u~>4hkx!ZK-rajOuU@7oNxwJB$ugJEd^Oc)$F@sKM&&b7gcI!h zugThN?GS@HTtP@IUd0kkxLZ3YP(6hB%@(LUg5YFoEEexB@!7IQK(6+t-M35ScEoNQ zt@UX!Vc~u2V+}8K_OBmeFycTT+J4hLm&6CRQo8M1?dsRb$$o;(b`2ba^w+0-uWJQK zi!idJQw&y?Vyd2?rj@r%*oTrv{BD1Az*i+t#u~So;!f0%fq3?`vwg^U#k$F_Z?{BH3Q2juqG>t>?edxG>eB*BeustgKORp&M%`lA$iG;FdXJ zrF&_C=lPON;AfZ6;sHzNj1HNla2jVGD}&BtW_I;Tt|ps8mQ zyQ6KPs~3_`zlzt}Dp?lZNq>#%lYPVjaYMVh8~%E5R=#Tr>9wCosK8~H9e1zeY06y^ z-1s03m|b6Q%74>S{`hGvRG;EB-wSR6s`ChHd43bMF_;l0xK&lFH-5;5ouA zm3;X5upSWjfH1+zZX7B zn(MFnt)cY@N|sHS6q5l%)rZ#Gwk_D0Sg4h&}uw-1oHy&*_aV$-NHF%0*~yOcV0Q`R~131P5n$l)3Y>HWHVXjvlw*N(5PW=7|V%^W-q6`U0xy{QY1EIOc%FEWC9 zK@{t1)Y$goOn+d(rZ6Sbb|Sq`c_)?6-&aj#d^^{Z_MFv@z41y6+~C%+3`GL)(`%z5 zZ_R@L8X0{(VD|9l?9`77@IR)p60N#6j+;XtIzccAkY=ax)EI$ae&44eM!V9mC!)2? ztAfv(YySjkkm6_xuZcFl`3ckY(8c^`Ukq2_eh5FaCkq~~W^HACPUTY!X(VZrU@s5P zsDEi;-G1i%(IaaF8DFt(eqX8eH*Id&vMs)sBVLr1CS-3{$J6^N$vV!liZ5h-Vp0Pv zR~J||%C9%Py#2r@(#AJg0&ddF?w$T_9dtlK`;l^vk3dL*I4#uxmI`@{&`$lB*Pw(2 zB}K?1UOL};@W4BwhU3vaP~5l4L_S60d?R`*vGyHQJ9MtHHs`S#I&(3Whn7pHzA%%HbS{R)w6IHQ-+k&>T}m zM3fZMs%eryPKaZgg2?(`i_VvnBJo<&wCS=YU767bX0zRTsJ_@8-g~HJlz_h}pvEGa z2nx!w<8L^*C>cg6c8T0%g~04DjKgMCuS4!ee3Dn1%x6&7z2Yz-low+q&qu;shx}gF zA1z8gz~Zh|g}SE+Z*rW}h3353#*I zf5XovM)$sJg83vF;EGpSwfEnovelDjs>#t44U9fn#iGBl=V#Vx)CN~JA2ZTJ46m5c z4#MiJ4wzV*bn0KobB{Q+ef{KP0C+YVv%d#b95g75^K92f)P&YoFo?_63x=ns&s;t} zTm9H#v$!1-v}567>DcCUMlUGfN99be*d&$(j}WQ92m3bDbnS`}eMbhQRKchURiECr z>+sKw!pIbKCdqFv7a6T79HTozd6g?{?V@&d$z<@e_$CvC8mLO$A> zJ(Fo=H95~z%NFqsLvYa|0d$9lfUEV~yFk5=zO`D}s>G8iL@*KazUgg-EKl)Z-RxBB&_W+k_ms*u zk3I0+8nwkiJ;PqEeJ#6>1pU60Qo?flb2I_eWV)6df}C2EW8#tK^~rR$Un#n6^44Dl z>>k;U>FUCBNMzc)pKLTYS$kxjF>YLx)+cq~NcG}xu*ui}q7foSs>z{z*ThT@Y4FeV zBsmb1l0)ypu);_Vs@=P_QN_P)lF5I@Vgu!X67T@#6dfI6PPM6`~5NNc1|E$a_i)|wN_dZRS(<9Jpgq3X=~NP z-6urM^6lGTpjUqR0dN%g-3P1IDE}9@la~3a_M{@odG+g5eY>F7a3`=5E|73p;BAd$ z0Sbd{-Kc4%2 z^1wTrVlY8QX0JePE5Sz{wnwJ)hNVX!Zm8TL`cxcH{7Kk9IPzCdq}4n8NY}gTC&AglBcC;yW#mZ;1*sI2{9TIZJ#z{hLbSXT2MvI~Jr6|0{QHx6kM4 z9>K_mYt=3;E(_R0RsmB})0WGwj*bc*^BuROpHwzB1{DMR^*%)7DHxVf<32+gPcRSM zt}!~G{cMuK*k)zM^-sGuXD^1FD%z!t7{iIKdBXzKT1f#DE;_L1L?f;gy4cg9P~5%(CQ{p9P(Zeqti z{kC>Si_Fkt&Dy3s#eYu0oEY@TsQ*PwUKoimgng6yJa+7*OMzf2O^I&4f9tI(+mgy- zSx_Ox)#?0Ag}=&csI#1h&$fRKo}6F=_O~vkQGWQtGKVwW?C3vIqhjKV4u5A*tS5hrR6BNSgT*5~Re)2@`FjF} zu|j5s25u86BWp@Dyph25+H0AP2l+2>taE)z0YgH5P{U&n-6~xy0{z$%wyV22PnehP z^0+K4D*v0Q_;U=#JJ8sxxn|K^fxi4}A9#2%s5OgW^)7qy@H5+V`XTp?fJ)Xx#!7QN zXCLER7#|xC7o8+rI(yzPWquRM3X#4_-RXDTUm{O<=W|>vM;`76pmm(L+#W^dHv~@8 z;EGi)6WO`K%53NB`N)|B6SV2hcWbv!#Uk#hjqfgtX-DCyxmxvmFu&a4brBp8GT5hZacW=8?oW%84)5qZ* zjIcA%vBAA-_=pcp%KqX0j)&>hbv~B|=K1GO(p&jQR;OMv3o^N)A-(j`;6qu1zIv-| zTBen$G!}5bXFd^uMLH4j%C**Bp<2|9`61 z`(J@xe{%{;u4tO{(L4G4mE2FcqKb-&Kq}q{8nkEY=}B2kM@$2B$kq~wD~nt1)sGlG z<-Ogx$eq>k%<^HEi7JSZk=uBgEiOmLt%+Xs|HE+S|H8ZcMOFPB`Fc;4Yr>?o6dhAW zNi?|>^^c`Y$@^=flP*<4tEjdsqkS@T~UlQj$R~#nE#!= zjyQ6Fh$^e3N~oCFEbavK2b1PsEsZ4eMC%2DwL~#zz0!7{FQD+~Z@CCZ)H2q?+Q@!h zwCB7ihtV08y_=7~$^NUC0wM^m-@U;CFHh6wtfkZHhcApB1KDm&q`~D7=D$LK+RQ5`}!-qKSRMeGn zUr3LfTZG6>UeDRZ?_>RP7S=}$p%TLIHj?XmUx0Ne1Ta%4+rFJ(`(h_uudl6pzfuMl z0LU0Ao*!^yyTZ3qdv7t+VJCYR28sI&oPJsZ%vBnT@e4aH!}zAc%H;xsbXu^MR&bly zAy7*VKYTtJ*Qgw*#HaFSHj%yK?fN0_yo`4C^r_I8$-d7SLe()oN*kwj(AO;_p1A}n zIe{#LOf6jka*?DWwx*& z$7Yvph5m60XWqbCyU^q#3yPbPUbbby|MA%fNC&z}x*_BIi&>N>%ZvMZ@u)Zu5J3>e z5~t_}>}(({urzD{9*lM^J&fhPu@)x7g8!@)@ysG73F?XU2AMLdw*Nq3s>sGN@YQ$e zGo`EIc(Z)0Y*8n)LKp75SLQvwn!@d$Nr}9d-bnq$g-heUet01LkObt$k)c_E(BR|8 zlq9^0Y2-T~w)8$~^+lgYD>iIfmO7TCL^Pa>Yd>Vjz(YIBF*nt&w$ztYlKA;i>YQSz zeJ*o?%0<0&i+TgPWYvX*oGXxm#9Ir@>H1&RUfNFMtt4!Fl!&Cai8rMEEJKX>i1iML zqRaUmT}&vtv|Hak{*=|((uXf}%FWe#l7bo&B?E_|>o2g@`VC(VWkwq2dtYr#O<=%l zzO7bL9Y?K}yHyO&R~hzb03_8Q34$Tqlm$VRCn_AFlUrCO@I=-7=y#RU5Uu#x2_ z$<8gkSCNm55_&0BoLce-|7p8Qw_7gTdC(M8kx@-yRv*+;-P3m3B@@LEPjKSCoA$uj zxXs+e%r!2|fCm@H@LZ-#iZV|TW z8t*H6efiqnWL^bek~v{c5ph~`1OODv1&zyQzMW79HR{(LK6@JxlAR-uyjvn z=yi;QtQwo99lrJdAK+a6v-A}!5eu}G*l1ch-x42uHj~j(EeO}+q`cRxCoc1}`s6-= zokRLG^bF}sgG+R0gmRyV^9FgjBIoM0Wa4b)^Ydjj5iS7I*jG6}qU4=AEYaxl##0)3 zcLC+|15l?yG)Jz_D2cBYc8jAO|HB92{VyK`W?ee{{_6S=)V%eEEFOZh`<{1@=%?f9 z-|t#=Fo3pS81=(>;1*teB-As@lXhzhD+!d@b1UgFXAa(e`kQ^(J|p>U?Z#HJFXc9f z3k~SS{3i5JG*`3f4z)^t5ZvvBDPx}>RG6Axo3R~V${;n~72A$nS& z3^Cl$y2#06zx$l#$8MgF+?!q8FN=C7&SL+YUne3;GmR8lq}w^Z8=ea8j8y@#8EpUf z))t*&pzms!G+df|`+nhf%_QM$ZSm<*LT!_;zov-oa3)*3X^QMZR+3ynO^{Lfg-^O8 z^EpfaH1o8&8j>RG4_=>Xx?}(lF4>(5wwT!XhN@Dkjnf=qwc^XKj!+R>B|%(zp@XYS zk>JzF?D>(87N%*+tB#dEg>3SISSCl-IEfO+B46KkV=V&tx$R=z`SN*KgVjsVM#Wh> zv6B^JS>Kbz6^;NP!K(u<7soSq@oE&)nQksFPE=i~$$Cd^>R_o?l2vf!IL=r?Nrn({ z8P;nT=ICTi4`OSRj_$G`9lX$7)7_Qli{T4he|lbl$c zDh+5(xhNI1lK1I8cJotf+2L)yj)h7NY%ljKh>zlQ@{C(?J*9w8OotK4VgV)A(S(55&sN(VU8;`w;8DT%kffS9$)HEcE zj$X+0%BE8xBf5b9gc1O6R9*}&5A!UkpW3>ZUY#=ijq5H}$r62i=vXmoNpxdD4XvPx z!gg|&zT6kwvk}_Jk2XrV3!+AXEOrI}Cj;dJ;A8;Zqn`0;lDmW?C9pAv^90Zvie)NN zIEJeDj3SL>kAEWeRR${(wv9xRm8kxE*0lM6gzkQ@PzWrZqYfN+Lf@(LtnEI_eFQRa z$5Ew`{(gVU;#AS0EhAo>x?-P2IEd<-Irz#0Aw$htp+VI9Uk@-0KD~p>-qVrwJF0uu zhLb8%IYhS|hVRL*93*WmFmdAT&LDsV0LYeooF}nFu78zDVkx>44Cq!b?APCaTj*xL zlGW48L;db>iq;$(P#Lt+H%gJn3FFB8a5cH4pJ3Sg0AZbTWwbDjTdUX8qZEkhnCg%y z>g6Ezdi+?EZXWKzPF{iN9q?awI^Uj^6}IQ{Vo!`!txX+`{_N3eLWC|w@=K70CeHmm z|63&85ka0){OlK9%5!smb;ZUC+g~Y~7%w;hwJ7(*BLK0=D#u(~7^88Ld0Z4oeWA5$ zfjQM=Y4e7($P8!ur@-pRU%hhUR6~~Y_tGx(xMW)x?y(M@ft~Wp`=hddoU2Z@zyUhP z!$xfdNZmvB9Htln8_&Ihv9M9Pg`~LcSb^;0eaV4ide)uAA6nBZ>^vR0;6o!A+(f(b z$|D7wg5GcU3kilXDJ#d!Dr>ynDGuILm)$g=*c9aGu?RPpVcE{h&D3q>|6h_tO$yll z3nSclwmss}69Ii8mSPTa=cVFo$MtELql#w! zoK&xLZ|1GGRP_E{DXX;g2$tCgnV8UB73@109}6?uM(u9;ngyuO)gIV#?nnpu)xVgl zU!H5XY|1hequ92-*{~K6!3=cY(FE%``~Dzp$cl{p>O_jGOw~#u*1j^NIl;qqi8P!L z;~j0fb?6Bep}>~hrHP+0+*lyei3wzBl3tPGE&M{Hl$$+i+TSrPkz0OiJ^kb{C9i)F zSd^yrFVLU?A0bbJArILUy|rF4o29gfS%h?9uNH+5?oSAT+019Hvt@L=(hNUS;lWq) zD=UFHZ&ZhcP%p;IC!PB!;$!sArGXde5X4QRXq$_+9|q3F$upd_2FxyKfvH}eooiN) zsd2#d6S^G_I&Idpf=hfnQEuBEJaL2+rUMR(9dMQPCcI83em8_(OzxaOMB z(sD%rYETlT#i&+}{>RSu-gBg*#cSWD;h8U!Mun}abR}(YVeu2g^!9{uK({TtLM7l?B>ei-X@ESf1ns0ZT(xRsz!9#qK1IUcXeIE z=K*G{P7`cP5*mB^qW|vf+Vgjm53WrUw1qk#8-6e1M_}AlGLjS$^YtqP)~i|~b4;#0 z^*++^hkCCHj@I_3@s=AT$x1*%+RveR9;1+SH`}Jb)!D_RC{dB1kz*=s*KTE^K!`4l zfFGwW`AHWxnrnz%dJ4A9kSTh#*cmYbSBnXjN0J)R_e<};=jqUZt!VqLm8U8{v#cm8 zoqPLzuyjyI8ozrwNTk%BgmbI@4ljYm=48)5|Z@g}RsW3f!k8?(K=( zH3_$rx|~+0F7ZGosj*<;e4XB-ox4G>!3Qwhu@xa|>@pu(=`7&}I4;1_xfU3nJsmdr z?qq!F%OJ(}$qTmvrdjo;uvV8GrMtJ9S?u_^gGRhz{_T+|O%$5?LGg?J`%!qDA zPr3(Ulh)(9>NAwwn+KcJ8D+N+)pHw%3ZyutiEa>cb?v+MFDLeG^|2}yvfvjs3u0qa zLLDP2tGM$!xNNU}LSkzrKddUa-wqeLqTZ3py$(6__W?@QTKDcb8{cz!BD?&*ZpCt36twopT==_rOyhJYsZ7H3uDQ!{4W#w zXC866*VOKC8MBB3PX>>vo)e(d;UR}Y@~=G6g#?=Q&g;*FxvJhK^^ zi$zTQ3^`@crrVJxcPp2UB>f~AT~+$zzM?~$rE~LPxz^I%;IzI@k87(;JN3^3X0>&| zDP3hxXqny=BQTRRbtcQ~DbNH;W_R@vir+F4HmsP&9{X{@E9VZDG&52_mcO{-6c!kB zZI{gQI62VR;Q3cOVlypzek56d7~`qmmu~sxUb9Y)X}(8$R!h&CV2aZ@YV&)5MN+PQ zgy1ak;7i*7jRhYu2Sm>_$(Gf(V{18q)8*63KgM!jZZAkrg==mIMg;jD*;En z{%8Gwxz^Hbl5!u5MiH&fSXIZ#)d|YpN;jW(M!OdVM#R(Z*O{x7E&JN8$2qFZl<#0_ ztXye_!V4kFehmZWRGwOO_x$b!Bt3BIft}+n-hY&(+QdmDLGOLEnHM+R20vNaWb*+d zO04I|N4cKm$8u5g@kM!wWAF&vFOZ~%Y?pV{x=^$<#{Mzej&B&Yz#Mf;Qq!B+V*0IJ2!75+tNWSu zJyRJwQ*1LwqL5q&T1Y6b1EOcA=w|w&GiKx(9x3m)(=l^rP+%d}Ah%um_0+NuC~mPi zk(@+1u4IEAkOM3euYtf6nv?zy;ZK}<8bBSD$M;FUUVrZrh6kIkL>x7|o8xT~#^v>2 zyw*Sb5)15!@xJ@BRVG!2{b4KUADcj)m%_~6tdQX_)F1ViU&6o#bxUOklORDkziO6A zN?O20$Z_`ow4Zo%p#E>N4GAa{7 zVI0@e$$`s#EA6@BV=OyY3MAhIivMb3oL^6vyGyy?8 z$E(!C$jaCdUyVc7%serZ!|l_@-j4h)_TD=h&i?QBmFiA)hagdtD3hqsqbF+g3^PU> z5~7VD$`ExTk_e*r&Ira}MDHY`GfEhuM`swKj56A}+^oU0l|fzjpP&4U1u#9JJr1Er^!!VP?d@gUe`WM^~D{A16{&fX#n)1 z)Pv7_xCqdjJK*t#)r_vBS*|@`OC>+I9bk$%YBY&Kc`sZlnN5MBj=mVTHkDSrIL;u@ z_e{=lV^{SG91OA@W(k$gCLHJNPkl$#*lZei-yqOIHLSGNhRA{jB{~zjKf5?4a#RGa z%DtUbSHKf47oWwUf5|RS{#mxPCm^X>D4;&}9Aj1DJa+(enno;z-E9`L+&qPJ_ zp5^58-)6_*m;WXZ|Gy7D`LEZpPx2rOPxu9u|F;XRPFY!5b9sgJl#Ncoq@*PIYhb<+`VYIxUy4tfdmOn|{-gBQ+frrUaQT5t?{I|?2 z4#@vK-c3w55HT9-F%-rwJ%uY)5y`C4e&Hp>A%f~;oNx8*t=z^wy*n8#t6J5Kh6?+SGwEkS3}b2rphXDBi4e9b8>$UYDd_4-lhU!swd5WZ{bkOqUD z0ARO2y0^qz5n4yi(!qCqy#q!Y)wlw+U5&?(C?FN(%Pmy^Qvn|*L4u2%ShIt<`U`rg z6T^K)F2h$m8+VJh_lEW6#;ICzbUH`9@4V2SNt6bCbZ^0wqw2{^(jc?n$C9zl#_EL> z&Qd2l92VBFSw>1?#6M=_)vkBn>z+Y)Oc{`c;Zr?1M^o=uo#_)!`NR=sU+IPw4tF|#1;E|P{s_27)j+n2ZEi6iPOtEiGrx!k|6~fUzNiR3 z>kxU)>ZW1F*n4d61-m455q#b`vC&ISQpBfAkbwdoJG@Yi)5M0p#`6>_D9katqxY8Vm|@mdiTRHy_W^Cx`xy`uHf}yfEJ%_jbhBrj z3pg$uIydg-hT(Ab4{9A}zDtiWmjDp}hm~~EFB4pxcPZ^Rus6OA|*1RC*!TQ{K`F1GXXzT}qNGxvjo_LXyT1%Nl zVZ%^^dL%Li6Z$fnCitA*rLEr4Z&~N8{>;;q9DkQ`t1L6OTwBw?0-i)f;Dvz(go3+q zn#>7ST-eq3&(8>JFe`7a%*~b7yk=a&G5~olH@f~NdQ34&WmAO7P@SP~GSVaNd`ZIF z6fUVf7dnDCIWp0L7U~|Ff*BO3a~LCE63-ht3-l85f|33sEkjlbduFvx3xt_9uVoij zd@g?6c>5h@VWenC@YRkP0tXLE^C28B*sZZjKby}>le(S8f|NeWh5^=t)PA^DOyWR) zT)5{}xUQsSKvEEkHG+nle(a(p#a7US@kS=r>Z11M>CRyL+}To~HGZ5EN1?vo_IE6s z*quPY5fD}Dey)yhsC)FF%#&n5F7}#3ZVl;FZSIkXJd{dFAh9`rWg;!4&N?K?+jB>r z06Ub{DcqQMG!xz?e#ve=u-FJX@)~4uK3%gqrV4%k*?gpPx19f4Swj4)Cx7Tb>TaWf zBb^vlbd|~5(w_c<8-{1_HRTh{pVBnujsp zvfQQCG2C$xr!ey1vesmyytg1M0L#2Dv|!MvUT2G-`45Oe5;*~uJFi*q*(x4V0&W*6Om^?C%>JWsOXA8&Cl#* zWm#Yg#R`nrI)|0gV;|^Hm5z*?Q@;+KE)XduDcC4B5r5%8v`w^?0_WMXQRu* zZii)U@j*SZ{qix3G?>0{4PaSrK02>0jqS{8G$t9voPeZgCv%z{l=A*kGja*-`zLqCt*=_4NW%)1EHA0=?yvVOaXl zVF=PAN6pZOg#u+r-R0G!$5I}IhQo9osvC)a|CZ-G7dB*hBknM3I}?~l+;GNHygrS) zqtyNV+qbFFp$2@8`BYSj{|E-`sZ}B?5h5@9j34f9*(S`FQ$6NEp3&doIcgrQg0O!{ z_(uws^)B=n&?x?g7&buX3YatiYr)eGQspJ)7Rn&Y1)-8#Cyh?ODe<>IwIRzFzbmBP z|8bIzIQZN*yvcn2z2G^SJH-tHj3L3zy3V}#Fn@hZ2fkQiOW$6jofyWt`Vzvyz>apw z(UF6xS#C0OFkXweF8@TPon@?L`d+((ro4@}hwck?r_8Mhs2O`h>a(e5n1sP<`ab zWvghG`|?O0PH=&lknL{FJ88<+JP{A|5K)<1IvgOcLHft9H+Y(f^$d)Sj}SGivU&{0 z3;qmKDr+EfgY65t_Ktq7An}1$D<81?ii{-NF6PQ!*rH^e1#s`aL}or-{_r|M{AD1v zTZ){Esw{Q2Iq)I^uvbLGD?DbKJhhxrt-J8eV0>ECtZi8|AJ;X^DwLyI^Zqqva&FnH|k9;UOu+o zlDlc{|4Qtftwm}w>0w1ITt}q`cc2eI8G?lldFEHKR7 z&_)#xR-+lx76ElRHDH9trHa9|cNI!PYwq%+jHORzvop4frsTArh#Ei%@H1?YSs_KYMIXcX8!)7Q|KCBYKol6(E}MDxApEBXTzIaK&{U}NU@7u zF6-rJUq@|T^Ye~)uMTJ|r>a(J+#P*2Nym{iyC$AuXGLoiK55ez>1Uw8_r#!|Z|Is! zcADV)<+M^x!EbLJ*vgux710E2$~(b@ER>nUeJ}gEkun3yMi}8u0lkZ^?mVQ_lO8MH zrZo`PBVLfW?wP61f2D{Y-hl94?w-3TPl#ch)f7IY8_Vn^SZ>ymT7bGhYK0-m_;HdC zamXrX8S22ByE!!0XOiGPYLj!^IhP0sNNJd3gnhV)+sTDnQbMV|0y@ zn+4++w%Qe&x%4^CSTlKc{N;ss+7ykQe!L(j?)hPIS`=CJeh*yV3Ruzs8yLd9Pj9fg z9_wYVYOXKO4-pnEo5Fx$jCi(SUzE$&X$Y^YpxD`MtYT*J?*>H~wNz-m#BpD1t~I1F zL1T|1#Oy-WQW>`gm4}vW3nQ{MnuSO4p$}v&3KmH<$rcN*-Q1TdpL99t!Nu&klRLr^ zhD3k6()CDsTKT3(@JrZV4Zz^{A(^3tqegkMg1FB|l9FGobA0Ev%XMLY9;Nzp=h5y~LDpGi4K(jdnf;0;`E;3B{OJ67i8A~xiiN=Y0y-%#G{zuTxlch4e-#d$(seG8XJvzybI1&9dqLn zhUE9WGY!4vRbv@~Zor7akvfNzE^k_LeIEud#qYwhRNcmQS&suq4e|2A1<@#cR? zS9w$ZTXgmDiN;zmc?$4plgkaTjgA#kDO-bf$9$WXDUoPP*WlIzmLK7j&6dmM^(h5W z!V;)~OF8r}^a^WW%N48MvVs;J@j?ijj0^ku_JpoY2`hD{apF?ZfDDN7QWbGBgl}df z89c#9Jz*-MiO=uQ0+X8@(M9DiHPt)fCmCYbgu&0fIeD0PV9C&SKJG6u~1X3%2{QqIt9=3iy$Tqzzvu{PpXhZ*Wy~|VfZ+j7Mh2u zRVo9!X6iU(9skkc_MQ`)ZSP#u4er(G;AY7KAhAW)1K9xxsc93iN+ov3=Y)n#B&DwK=vV0bv`R4 z0-r<*HkJPD$J&ck-7ET7mVM57a$JcZOP5U7?(SAqLpKOA<$wYy19jPdS;F{z0do6# z65T*RXWTgKT-1%~h_pnIg_uv|E5jssfx*KDxRJkUN^|n9F8MFL?Yj!23}zX1KORQd z_cD_ubOB>n6av~AZ^l`%lS~h#CdP^WHwAF4f<`HhZ#l6OO5@Y{KRsxjqig7vwz;Yr z>PH1XoZodf6BT|GkWSsiJea&Of3{=c>`7-`xu80}FhWA_aJ6RbMAU8%=&X!(w)iC- zU%?I=oQF_jd#IBw<<{8EG>p;gP|TMdx@26(Saj(aeqPUO)9W4VN@uKvmfhxeZ?&}4 za&y+3lDS^z?g}UC&YUU$c#zD}oFWk!^;W#F^RXH}H=F}KD|^=Uhc$t{Erv5eG2wQp zf@P@uDD4)*H(IFdxQTPkk0(BJW6@i4#Z0K;r3d9D-X3nAz+=P3jrlH=@N+dHIi56T z?bdLi@i+U4!gR;N^V-@puZmoDESY=0*^N{l9?JS;VtCgm+iozB*v*w`p%+B74AJf# z^FR~N^#^G#*K!!_g){$<1kNb*jMxJw>nY5SPjiU<;yDD0AYkB^O+=U7ba1ScrF-H1 zMhSXudYGQNL*$KNi8=&H5!|By>^lr7y6PB}NS1|`*rLW*{`{U$ZM>p{?9d273>8m` z+vl4-0}lELKa(F*wqCB9udHZK1G>K8BfzrZzm(Q80m+cKr~fsVw!bK1TNs_&yq#~v z*n|i#MM}?U-c=s_Zx(Id=Ao6$F`kWp@bi40{e;5^GySCxwuh5`=I)hK%hY=_ZKq!J z^g_*2#kdbse{vkvIqOj3`H+t6N;>fRy#NNiCNqJPv&8w!fmn^J$`^bqTbCj#u$o15 z35m6(&zvDCn$fz#`V!^k;;=4O5~p4PeThX8AFF-4L2LbM&#l@-eKQ;EASYHG4T2 z7n@VDQW%97>xtdn(902-JN!e_+H)Z=RX-5n;-L=+|n2XQ>trrE)w>ZE}>#fTN=MJ*(;4$)!1jk5uUv}lTHMNkbt z^47q$xIF2IQieoK2U6sclGB@~Ic4?Va?0b)h+*UVaW)N(aa_kDxzD3k*7Fu){_CjE zIRC$k`b@|)R1ZRSE4?g6-UTbL*@ ztLxzO{vgIPd#{v3`@D;_fi#%lvFesnT{)N-^(Lmq$S-5K(?N#A|a{vKnNscXjFFu`OL;9>?i zBk$c@jmj;T^`O(qK27!0H3je#U3BNUH9QNyHk%IKl1RX`z|Glhg~7;T7?qDkb3{GH zrR^8sM|O+pr&8UbUMoH%t~#CVTwt4!2Q~@=xSpc+?Tw9-s))x;fw8d+PH&SE69IbW z{5S+$P*^y*3|Nu*(g*T*YWw5>E+=#y-a~A^b{O{@or!7{KFZ_!ZPjjPsY?Gx-VL3%>yM9Zx6I)Yu@^!_s&eK%a5dr!)P;vo2y4@X1f`V@d%eQ@3vZ zUDN_9(Bw`ZyM;+1(t-u(BS20T^cd^< zd)b-`OXLYKTJW7bGWNV&j1GVpxn-HvNFqPT%(Uv$3n91)L% zyu}JQwCVIaln9p$kcqiw--~iRavhvT+L}k_qMszK$(lPUC03bX9Y11YFdg=WWa|#@ zc1B1SA~A>U*oFv1u0Jgswv`7!#mkeO(O*KL5GAx{v;gTmm|L2cbVUw31u_E)3utQP7%0R@gNbi(a*n5+8`j%+o#5f? z6%VvT6}7n@Lkb`;r=%S2F~%)(zor4i2{`(XFG;a%Rs>)tYAx>y$?E-baDmS8RNN9> zQ(i;u+8#})yDQ6Nyog(4bdG!cf%@TtO~QG}Do4`6=)YLdft#;#CKl_2PoZm>+&eIf zwLb7(c?CZ809ZzYugIsJJmYAv?PpqQu~5v+ZBp~RMh)U47 zqC)?W@gH}uN~tWnQL{TYyY}W(ui35s~y4UOog*p~sCn_lsC#28V zh*veW-f5_(RmaB_Y5xs)71044-V0e{IMokxV0Q0;yKBd9Y-#)W4>%&?w1HB8J{Pk* zLT24^MwK~EaP)5G_ikE(g|p|z0g|1RKY^nbUiJ3e*v;+FHVy;40@Ex0@umWmkjK>l z!j6$)OYHL7lzSEOTMA^x`6)=NyphOSh2Ct*5$M31$j)HzMjb7lpL*Ns$c>ycZw-Lg zVgTRT8?@%=r0#vOldb^_%bbAT1^2eOlhy@QGS_HYy|`XJZY}#F)fd|nGsb`YZ_gG| zbP~69%o1!Jx=wy{=ih(C6NuO;Wu2&ST4LR>%9qBo05^>K@A0PwshN2>TzAr^5iK2O zKX(;N^}7DVehv5lDD(dYHnqe6@WMsn484h8sU~9 z^Q{ije=n9s<$^Z>u~sB$K1Z(DzWwdGMVy03KP-$fsh7*gX#Px(FCJl-1- z;&=F=(Qk}I@-j1XMfJKPxJpXfyUtQ2GyKLrzu(GLk`nplu z?BcHQUt2G2^^N2rc&L)){=P;Pz>(k2s#!IUJ>HuH$kZBqzMdEScXY=%a(u82+r|iC zXIdvpR0LlhWQuM2?z?zgIdWWp)y4w*iPoKh6jV(FCbHAx;5PHK+*a%)zR_F;W3aZlOpKp ze#|&$7HPxaZcd8=2PZ5%s&W~u8l*Zy5?ueF+GWA@{6%N?g^0HSZTW8(r^O=nfBM;8 zU>)1u_+j)>af~zA;E!h#GoNjM^=6#OA}^^vuvzglGc!KJlC%GYkn4T3t(6|@HS7o! zUf}o`peNPgVc<^erWM=W#eqL`QM#2h2$192;KW-m8=ozixY z??j?WgJ~H;J;EuSh}nu`yjv)y`~m9Mt`oeflLs`+T3k-ln(LE{-|L*b<4YPl&3A6c`KYOvm!{D7^}Gw3vSsWnGBh!{ zCovdvR06oZ&;;`M?7x7Rz2x^f#7$wQOHZM4Pg8XzG$&xbJ6;G&Q{#~#_-ZU3tF-2j zFKrvImPZD@*B2Kn5Y3jd6#P`3h;Z*h4j{1=dtb9Bo{=4N*#Z#`Iz9xSqOkd`(%k!h z+8eROkfP^k*0)4saB?t$9+yr=m;Lp&?_NEIER4ROC75G<)S#mo3RSEEp#dNS zA>zCUGBPkN-&rBNeMP*N4v|9c9AznYp-uw0Qjan=V|i#FgJG7ud(pUit5V5EHNsat3hI% zj-QC5)IEkcUMOM8lsX5ty8mjKhQC2M_ikxZzC6#FKw|z&JmaXNdIJ}hcFnaF*XAZo zvt*o^dh}iixsJYur8bi4mk^d#Oz|J`PQy4`QF^!Cacz5%DVTY)$@DOq!|8&w1iyPB zfMls-eO-ewpD{)VuuxC%VTKiY9t`CWMvd97u<4rRQ{=f$Q+;7Etc4xMRgHAhCk0i^ zCscF5-&IA0>JO2V6XPEc=)^~$pRhT}2q|_m#>;nErauD1Hz04(9{S3~+a@_S>nSb+ zRF$LFRfza-B~?Rt=!06OgWj8-9-Dz#UB!HJKA+jWQiFFFVb8Z=uRxT#nr2#aKZELr z%O4~|+yf<{hWa{fOmD<27R$89!h(d zazNaRa?k}_x91;n-T*qWSsZDR#=7jC*L9_B+?jXExOTt%JXKPA$n^~B;?TY6r0Vkg zB42QMPD;$N(w2@I+DK-^;p|9g+nM6{7nk0myElo>hfCPk{;iKXlSY|PhiU|RR|BF( z&>*=(u}yy@p*GXPsU&!!%c%^n(3HHWAA`x3dSl)`0S_saB^n@g{@83AN}M4^6|9>U zMB+HESRo?&vJu$lpRi=`Qnkq^kTiJixjH=PcEix3vn`3AOK+oKx43ijHfQ}^V+!RJ z=4ovGS?Lnns*kTaCCuphtsYAZP9kvKlLg)1TUMlr@w`EC2}ZGlTK5aNuL+VZ@xki@ zwV55IY%j+)6(*|}r6lcPy2xCE`AWoxVUdv_w^7@x?uAlQy)_!CwlAOD-EX~mrJ#9h zA?VMNoh?MaM`-eJLRpS&Kf?XP_mz(^JB3i=0=b5fnHyhAzqs@Kq%3OT-Kw0Q<+(f^ zY>H!~B`608?uD^6IL%O=x(;`LRENm_xJEp9!iCLUz*gjRr+JgwYu2h4R%=%4mq&XJ zn7OcyrGkfp-=*Uw_5dx8@?`ZpT0&q3Y_PzT-odwhUk+=%Eh`{5Ub;UiFXux1v5NBk z^!2i)ptY%u$$Ia5xT<`&S@kXbvBM6qk#DgQ`4l)IE);ce|o0Q)^an)Y%X%O=arc@Ewn zsS5UUg7mtTpqfkm)SGq7S1e?$bu*XPgz(R}=G0Xz4j@IZq$X_6ew^#!RtNY!OI6{kipQhs`U1^TH;>u6O>=Dc7!z9f9^_&fYZqf7!zT5p0@qXotD&x> z%1q~yLQ(kYMe2`_jYMtTA5^|KhG~{Fn@~?E1)a`Q*hpY13e?#VJAcHJSl`hsBzrb` zE;xvR`cB3}A3h)7X~gYAw86u{;Y{VMykH`|{D*<_2oBXt1L2CKGQay-KTMJ3b6(76 z$~-^b)zG(q1n-U6UY*&f(=x}?K+sGhiL;{Gy)Bqf?!-9J7Rmii5{~9cTJOYVd+p>p z88C}>Db$M_t1^>nQWPIt$hcoD?rZ=N88&4Nujm)Ny5P(rHxHCpa_5UBkA*Q3s%uxg zMxc8Z5;85A?*f-f4@0lEHGZ|im1u1(xWBQa^c$Yis^6h@k7g;Yt(qe_rdFAB?T9m< znh1Q?^q!~B&1lKBXXF;6!}_8oa(3srO=q9jDT|~B{esz23V!bmJfp=K>5PkLp-#6f zFA^ULk0^5uOhw47*@Wil#8!ab2ODwa$_uF=2cNSUAqLrFfa5dXM%eD~Oh$Zeqnvtg z*P2rGYFLisdy)Q!-7D2g0if0o#b@nb1*>Ht-!LE(L~K2lHDViH-aFdNPip4r#gP<# zdbQiS@Ap*zx$QjfNXL3S`eoKq{g)dBZ!tc64Uy*1~N0i=K3kYaK^=KUo?mk1)uyOnYbuJ=O z30j*qI!bx+;y?v+T`4M^7B!4bnD3-?oS}McSc9j79#)`d+;4ToK&Y<- zm)OfGJYwY1i{i#!-yXI&9~?0HT-RzY%z5fboXlhqZcy+lDNI~qfUw@HK)-D}s_y8b zpM5)ZeCP%yG_fka6?&}y+)#I6UdiwL#02|n!kKISo%hC-D~8s_Qf_I_#)hs-i$Z>WfyKTsC7V4a zIoKH)!fM`*JQ{Bd#16{4p%WR$7ynd~+_^>Q=Kw>InWRLoM*?cl8(QQS4p`%R0g29D zRg#4%QVtrM%Gpm?NwfWOG-VN@%bnB>z*z> z$`fy0Zu1w%2UPg`4tTg`yCwf&p12$vdc$wtAA5eljTc-NdUo@nGYeebrIyl!%>k$jye!*L_Oqm^|ScarH|BjK+5%)Ky?>E=#mJ=seEsliPvyc4`$mMT2Mlw8de8 zXU)LIm=~6>1k|kRwoT;pG$6-Z)-CIX$3&xc!tzj|wcC5Nf4>@}MDQ^E@X9{+*i4?hz_p7uI- z|6am4$LHMuvei*1=$)mI!YF{_LV&_mkeH9s3E(Iw&cyHfQZ#ajof!(f3# zE25D~#LX)rTey;W#IwaGI-~yYoy;@`G-LVb2pRA)zxSyuF*fJ%Q6Q|_ef-^mlAWiB zJo+CACV^N6M(3jk*NxdQllak`L>I5B3r6YfaM#bn#4CB$V=;iSyYsDySQc&3ni4B* zh$Tgb<>a{tp(T9x*S8NH5|SW&OoGcu>A3}`0uE}i3)y9?`p7O)A1!qG@qHRjk5}>T zLgGn!a^M)iku(C+ofxE`(M8D=X5a(k-2&G%63PtI5W#pEFny8>BSx_NWo3q}% zZFRv89~FD*6c~73eAb=di|%+}<7P_Mal#rsBsuZ&lzDJru~&`8SFDJ?aqQmYySYVO zRrz=s>&DBov<1j1tyR^7(L$}MYW?~Onq8f8y+g%d&%lPN-yO7kH#o5)YwRQtb=QSz zXjTSDc**AO<4odRuyEqeTyV2Oaps_Ac2GOs?_u7@^1Fk5g6X*NSOF<#E~76o7~S-8 zVR2U^`W4pNzE=~XLmoIsG;hdJt4DIf_ci;!1*R(Q1x~gi&Xkb?l(d2ry_l}h-yhCz z`yP>Q+yCxR=d8G>1T(Qw{KUSQab@k<>!IJ zAz_Y8>F_KE(d{5gbZ*J$!{@f?VBlYSz^&R15nc;!oN_~ooOMU5e>EA$-AUj1($A}+@*i&ay>v}a zUuFBEQO#=x9A5lhDc05Iyw%>a4)G;445nGqLBSiX*}=6$N46Ddj!OUsDTX2+nM8b1tLe!g^a@CQ3Qo;tvay{dAQE;HtyP zxxiv3bJl+~|7N!Bf7}Y@EOBGEe5`#yp*FC?(MeBW+8yMPQT4&{TdBMX&69149E2XP zR@+YY>HAU4H+lPQ?b|N$mJJAxLNmFrN+I&}VkRvTD(QyvOK%NHk-YHyRis-zqB8mC z)e6rqO@QlMokKzy|HQT0R$HVd z^8lR{HlB#F8aQAp?O2|L7vsSy@4gu^U#yq2%zdHlS9NVnH{$Fpe2yl zuvVGlx$jlca?({y6^ys{CCG=I6++2JA27U0Ql_zUzVbs;mP1fYAlvK{XyJytSc{ve zF%WrlOV|4B0O{VPrFiek@S@Tpj(eypHdVB9ayTWVxrrPG%Tvq2W_O>C5NNVy0l7TM zRQ#Z{g5+CGJ7z$6>Ov!1n)9HvCNOP^&O!P{+TIN)xaY0S!=FW_B?+Y$Je?z|0uLT} zhB7qRYy83sDa&%~I7!R*8bcnty*<|KqW3A5&&E-9UVz()5ZS)&L!yu#)b4qI$BZj#rYBZOiv;AFGN=;6lda9GF_023?Y|u@cI=wp7h@vXImA%sg^4 zLRiQH_S;%@UN-xs!V(#ry5iE>W%YPIBg^U#e6wF0B55hoDkPbzY3WPSO2mABTPp6MidtjG%bWBC{Fvd*2ynE9*FH;5b8GH^f-7I%gyU_&S@0CD4%GIX(#*sTu;)m zK&>Ysh>+J9R@$U99v^>WX|fd2oPEZltZU_?wW;l1U$=YfY>ftJze1uMP8P{UtasYHXJ6VyI;u3qmLm3J$TxpI%gWbssP-*|Ih?aDy0dM4W7PFK-R&0hGlTJ#N)5g_NLc0|UcMZ4HX5oksga zW?(qD;HVvKTJL@8f~<%r42!$`Wf@!rDp& z5)DuqS{3!*KU&r(ZtG*1d@kLXK262<=Rf~{K*!t6njE9);g^=79?VX;q#A@(STNtH z$P=bgmlQKoqn~eB#>+tmHM_a&2p>#=(l6XCDXcLHQ{@fEXg{yHuSrkE!12$&XvT?U zNs_Bt6Cvy8aA9HEAa@7Toj)h(o|1IjXhJqm54D6HZ!D?S^IG9vEv`vT-m6@w_4>*) zyK*JJjnRuU|Q7zLa)QTC$9X zu2rtTzdsOnbp&Kx?Qf4dvdeiJ9L^@m``73f8m%{`doHBU#q24j6tc+1G~D-{Uo3Bd z^0G}kWyggcc$2XK73_N}-{19w*7bV4RO+&I#{-rfb}#|>V+XS`bMjwRZJcc&ajxr9 z2(P}x(aiFhoDFN?!iMc`4=`nYw`5<~THxbCz;qIuK@la_7aYbrGoxA&TvpD?|Iw^^ z1v8cP6&{vP0pGkm|KrcP^GW(>&p9TPGhQ1~AnAryUtId_eT!YXrV*i*3MFcL*`f1k(^kr(bH50m;cgk{WUrHL|{@w<*O0R zI;aJ5rME1Y)#G?b8Z~jSxHCt8DE#lo+;@94GPO%_3F~&Nl5yF9M=om0m-l`d`~i7z z)n49bYd=iBnCt~*z>r4vH7!sE&<*7YPk*@-VlO-_t_ast{>WEGYnMHD5hYf)RwXO$U zyIJeJtyYpMF;V@-fEQIYF|AKAZ}$-t2*4cS(9EfQY{qvhh^g*TyKQ@&exNE^%GQsH z%J(Fc>*V8Pb|;1@A*VZfSFMsXdt%s3?w$~%??uQ%aocngdyhNQNwV)h@IZH-Gr~> zuIx}=u+QyUD?$rQP6qknS9B~!J6V2XGXSWuU+v|gDFZF}=2xhriGZnAFq1CADn+C& zjA&q1VQ7@C$Biw$uq=mVf}s(U2tYG-?O%xZ_XPF(h<}RV=}PSPbZ5$C9W}{umXEIah}~V57+Y&bLktIi_?xALw(Ot8EF28 z=QJAAsPNKs7sY$`irXnFhI9X%bUCpB$LP2uOpl0vzR^zi^_6K|0zFtEeN!**10>l?IyEOS ziAR!scq5>VeSn#&lKkJIjKFR}+?vyUwSV{1x(Uxw0A=uVtFFz$)9zSd|9#n@=Sb%0r`yrw!kt7qm+{F$oM7{Axos^%Ja zbR!<#5>B6Z+^iRvdZ?&Oc32&MzPAaltBNH4aaM|_`Z!>Qj98eTxe|lxl4)Bjpb_ob z8vFbY0%*U)40e?HxK;KZYgb!;Wg&LgpOQV==Fd5GduPFO}K!Si@Lt~ZB z(9z0FbgO%$1SeKv%}N9K=1=Qj5wMs}KfK|2G2Gj9b=_FuXkG~|r6b(e+mW3e(*ns^ zc?W^%kwUAE6eJ0w2T%3ZK6^^s3sVxS$f+mR|4{9h6HEwgd{}Dh0V&sum2c|rhg4Hc zpgJ)!aeBvyrF$l#um!ZZLoLNF1b$l_z?1YWmeHv_7lteLYZTJXzIJ6R1Zx zsw6BWk0#qq(LxiD9g3(=g^pj%$2`QoR}^JAx>C%jUF!C&uq&(OJh4kAg9Y2PW6^$X zoRgl@mzV;vC~$h>Vd3@e083jgE`m`oEF;CUAU_!_N>n%Ql#0D&VnEbT4duv9|)MI`Ld zbotXW;S)%j--6M86n*pZ1Vypa5j@?BRaewW9mr``MRZ7-X&SS~;5wB(70^<=CY#L+ zggrqpSW_Ms9gYz&6;&WV)Uc+gSXpCSegPiyw?s9|IBhatbZcHtnaUoz z0hJx<%$a@ba@Uf_LEEJrF;b+NpaiW^kvk5k-5(>56oq~Hgpl(*aES;;J)t?+{bxVUs=>u^OilewKS877nn&rx&%FK zv6QgFOXsg&b!q{2Jl~*Oc}8NS9v4LJ2mAJos*UE1ar|V& zJNL4oyd$TIHWwr|wQl^i6U<_Z)gehWh1HpQw9z@H)w85K5_BI zM%HcoSsdfWy|!pDwt|*$F|jZCQwUTI1&CT`xd>&zq7v^Qz-Z5{RL6Yws@DXXX~o2r@^{Si+-gH6M6j=XdQa5j&% z+ISw$iuV}Ji!loJ)SJzD%?Dr0pQycht{Mvo?b~&(e!};urtuUs8#;Abk|+ z{E(kS1o{g$+&f$4#dN<MACe10!Jv6%6@A2Iy>>6oll}3*n?lOcUw{5^n zM6_o!&7Cs8k+#0mVzW=Y>~Cq_D~F}n?@hEkEMVj4h$Jj22&GBmpPAHGsO9hZsY4Wv zqmo-LjNBmfDQ!l!Jg`PpjgwCi=|++=@PQ?9prCJo<%k|7g3VYIFN4cE+1zYULfiKfAr%z*lVVQRASr=(@E~G4;ikCyQJ8o z!9D zx{9CVbRD0N#o)61ayo!5*1lOCM!45YNls1ZHFQG&?^_pl?F&~`Y|A232Y^|-=9|g; z!gR*tiX_`LIr{R8+uiU7r5v+P3XZirx2&cwld?Yu3UXqD2SQv+trpgqw*UuRRjI^# zfU2|=!!|-GaI9#!-HPF^8T8p?_dOY2#c#lD?HB=CnBdxvZY!L52+DOX2Em!{jpqcI z1;t1kt!`CBF@S`jS1v;~)FGq~dYRVgIDGDRb-TwISaDUmP-`>~Xr=mID65by8le@x zB0URKtSaA)tp;Kb^^*gBdi$__lCm*Kw%@#VvHEU8q9{1)a}S${fy@|plrS$U`ceRp z>FBbIIGpZ1vT;#_v(oTGo~4x+Y>8W2GEENyk1i3D5bR+>c2th#LON()xA{pre3UBr zr%+|`cdc2GBB^f}FX7k+8R)j}k0Fp~{ju-|f(@_k5hF)8{(7pNks`~VRQ>uIQ<3Fa z7CSdve6)%b70+Guwrro5|H7bKGn%MBND#_ zEnQ=kbZzWcwly%vKkeM{6*Tbd#p2hcHqx~=r%37SNVb$*R?wUH`RXhVmGr%I?5VPG zbw~lnSDA1Y)i?r6pyB_ z{=+cIlus46!6i>%5b?k7_4@YI$FO-%LP6<6pQ3jP$Z%$)zV24o;w3iK+_DdGU{rYi zgb1wEMXlN7X?_F2w9_cnO9wCJrRxoGkm1e>!q&X{P&Bv~q>4u9Jg+g{S6LLPNeHdu zqnlk)s^0vf=~Z<)6~ExGr}eGtf0iWD2NLgCp7YMF6iF3{(Sgtxy;kQZ|J2dWTl;)7 z6kOKZIC5IEFbwL!g8-Bi_s%0hShmr*NXzrYkz|fEdUZP+d|yzRdQ?BQyY{unqU+mF z+u5usR)RAVVheI`pw2;6kvb{`&YA=b3UaOYE9?`_x^VtaV9L3n0Cj~+0f`~R?f;9t z_l|1n-M48OF?rU?TF?54Lh2~;)j`3KItF7t% zSM+aTR@y7hR>>8~Le*%!nP}--vqZz!96;X?c8T&q6g4BC1HqNb=b(J7l=(D0UoAEz z%W|MsW`{C*G0==^M0Fh4O#aK|y2bn|{cEEAecSJz{Gg>2jA3b$gWpMQ= zm&J%uw4YIAWSlh$@0fk74w)&RR|kq7g@C-4Ae2uNvxjsu;_mHx&Vm}^UT3h5bcX

|xwWn-IKMB{i=Azppj^eH=F zxT9J{d3hisyaM|;K0A9^bkp5De$ySd-RlQ|7PQ_$MMloxEv&soI{i)&U0QKhgLo~4 zY|4JE|8%|m+jR{mFbPfyHCKNyvG8t0;j zqO~@{trjM2GuR)CS`BdMuHnF%rvp{A#~jQj(c~r&6PWB+VTcFR;cn< zaJ5*NnvO*sAtf$GR5V-En>R!>fs@4 zp3aIMbhz*t0+cO^rQ1<^6F<8xGys2ZIR4`2nMrkC*alA%(zqctL|eGwh)Jh`&i}9p zBNpkLv9~I=k~?<92#8N98j!jA!esE8WoKotbmZpO8-ry>=AyZA<-OH!Yo${=g++i{ z@i4^;re@(d1Jst!V=9nf++zQ5rQS3^*{i7|}mLRqW|HSuk@y!2>l>Fdarpi9@4>BXWq z2A{@pfLErJAZ*`eUZ7B)#U@M6^Mg~Gagy?lYX!H$WPCwW(vDq zUk!WM_D!*8GVkqouffEXf@6`&GCtdN(t!lbgeix<;`RVkt(Y8d_=6=bh0Smh00%0!X%5JrgDGEFZYT5M9GA zWKIKn#5tD2w-|B@9bHM4aGq$4PR+_?GRd1q;myiN9kMv@?8UL!LuR0E4-=HKqdo2u z<$2f_IkysP3TZmpwTZ!*p+3J69w#19&cD;=&V-2au29-cQsb^5}U~pD~@gSPw{^{9tI;9s!%jp;L&=JK`~_ z_FT{S{sqv0(gKd~dW@NgZ8Jw!FdSim=tShy)2ju-j18CBOnmxYP0GIExu(EgK@^I2 zvm0gDsM-z#=w?sxWuBCnd_MyNqBZj0W!B2ThkP41Vdoiuega&0Uic-8-1)#5{Z=?aKhmUTQ z7{b{TJ>;pu7nZ*JHJ9!onjWQp7ye&gXvl@&ynB7ueE#T{fl_ z5m{tpWc7rjeLxIc8F6gz+g*Eti*YoLur$_XGOh#tI50dYc(xOD$X#D1;a}@p2w&J$ zmNFu2zHp_wFea4jJn;wylUL<-VfHIX@67k+_Zup#x|DM2r_f7avw8AIGE*M8XBv*( zt?7EDBUQYP^ZARA^14C4C2h;AREjwS?(4c@!ARc%1(^sC6h{d(i)BjuE#1F%&~CelYFYav*37 zH#wL(Gm?71Jt`yJ?kfReb!UiA3$G_&`D+hQYr{+qVxBIBos#v+?F+t#%~FzkA464% zJ8NqWk1(V>q`AGUfyUmt0gEzY@#TF`{HS&}px9}SvNRQHUb(wU{*F5)Ub#15#@Dt$ zCCA?=prXbbq5sBJr6~tOjIK^`5iL`;_wq4F@9gDmo78fZu}HZn_@IEL^=cNPEtn*U zw00s=4`Wcx@f@F<`P!VzFH`#*vRzNMoXE-N4+0Ue3Lk87C~BU|C=WFROu^shSTlPQ z<$oAcOc(F%bua~U)UCrRG)Rj0TOYK3MISs^2TxUGT7KJWiNRHZitq=>txsPzCq8fDqF@ zj#Y>K6;u!mFQKY#*jBqHUG;rX$|}JI%|Xf;gS6?v$_lkn@{QXq>saULzC)*(%5$CR za34`z)D2*=Z$5gv@?_Xsnk5F3C^60f#>jN3RNVP=V{x(K`Ji?gyB>!KV8n!JM%u(9 zpN~nSgo?~rQR3=(&hMpPtBp$JnojHNDJA%HU;NN}F1 ziB$J>USs3XCahJ?Mw~4KX1_|njxxY>3JZ-I@wj$BVBRvIY_exik~$_Cd2}#;4*%)v zS9FxIUZu;j^4qS^0;zKBLS^TsZ$r!%A?uHI!I4XSjmO8cqVQ+v8-3?&2iGssX;yp3i<||Iay+HLO!2&2ZX+np zzG~2`^48H;an3*m2sm57VrqK{yM=4mGzR?}&p>5o`uIXniL*;kBd1k0h{B#wH3hUw zx-WU*$Lq)Tc`6wojcZEqHUA_3Y}f0gRk1v+Dx-pLfvtS45q}WWHdYmqTe87jzWteq zDCQ4mT~kahAkhW^622Q_+4-PE_HIM;dhDkzZlh}rE_Ttps6}HDN$xman9kSRMUMAY zOO@(9ZQIODA;JvzIark`q3a9kIuZx1KgC9vE;t70P}O+qPMG3lp)Kw~ad54o51Xw? z44I$`7Us5%5Y!}`ShucR4}h+hj`r)~VcL>lL8;!qJN8n5?VAJGAT3mBj*stY5_*1J znhx1`7#et;4_@u-6bENwBa^eufo3@@-Tpidr$Hv=$tA%!;`t#M%R^K70SKT-f z5$m6_uD=xgOj)?Gkr)nZ%ArGeA3!7gux?ALQsVtM%TFQJpjRm2N@oAb21y%gqIcrI zNzDBtB47!|0C$+ne7on-)DDc$SPfXFMhHb=*i7qcK7Wg~$}XWoPozXuaH^u9Po-Ce z&8RvJ(PPoyMQq18S)3a|eNZaj;au_2g3kH&Ac*S7x)H} z0+CBKKu%YM__r$(2w*T15&btf(25^Lkg-IuvU!n4pw4~r_=}6}Bo#^mx4@L!=Qm`b z161n3U!yUC2iR7m-n|?b363+suv^p7Q7`w=%`4Y69N$mo%61*4XLt+mIFugX3&#u< z;b%`XP>&M6tb3zfH`fD|bSxOBcLs>*CcSVDi6ptB5_b<&s%$hpNvhnz*O$hkbPi2ZhA-}0(xP)p}UKbPxY3bwQ8mzhXquf#d79#})FO(#UPOyP#V%(7$4nbj46CwKW z_n%Z!%qH3LlCMmcA0XZ8Z%S??^Ekap%?89w;mmfoPWyf|0GVwUok^GK9jv_Hc}jjy zsA4NZjj;H*&|_RBWR$D3ui7d{jKdxpuC-dYLNe&edo5UHqkygc-5cZ{?Ku?wus|#` zCEaRv_Jro5``0wpw5%V6)@4^tV>8?xUdM5k!z^Goh${ZW4{5&k#z zSA5;V(aoF{)OeUIF793)fNr>Ae*Q(}QTK+y+dp~hUn4t727UL2GNpF8z_Fe=VxW{| zcgEgId5J^P5bUHJGlaa{E!)w|Jy4Xm=)}pO`zUM&Mc~sJ5n+a`ikbv5Gdajd3J&sD z2-6uqq_-1Gn94r)xkhT@Tv!WNUIY#H?9Q$?}iOvzY&*>uQ5(4KC=5aFV}>-~D6 zYj!K|dT*bh$^jV?CPO^wm&2qni4|jghI>|^y$cwlrCcjp#bA*u7tb&HkToUAjso5? zzE}NZ!=vB)>@P~*^Zdx^7@(+&Nlx1I{n2v+ak?#I+1heO>gu6ZG?FH&g8o?r^Ttz7 z){)ccNdDHlgK32%_dSpEUj^%fX%M3aL0R?ht&EDqU)p7*w1|n)2-nPa+|U`}lx+_I zYIUt?9R4uzb z>ATZuxp-w;$GeDVM;XADDf#j%t+_IciJZEPEL%6a)yE|GY-TBi^Yf!TKPl)?e>Snv$Tw<{axb5pn7SVc`l z3i`+!^f-uhOsqiJZg_jNe0crhA@mf7Ksn8c=DC2$-n=1F#&4_MmyIEfl(p7ACwoz_ zzYA5N@8^$JsF9OKxaQ!$;GCC&xNADwu{RO~|5;imVESusT~0x66s6?jd|KcX#SVa&ntSA#DCh>$-BgbotA~AHTJHggu9Cvm2=%#W)8~fJfnICfo z2#M%(-moXny`TSD4E&C0!A6vVM5y&rFV5aP1Kq~FnnJ7fYI@*GtYW$*a`|z+Cptmu zI}PY!)KYVFD=!^PjW+a^o6h~mvb`CKHD5jn{-`!79sMb~#;QrBOC8d{Wr=X^JaVa7 zJk!rsE-aHoY00Bb6+~%|New~ud|=bzoSj^3tj~|QL4#4L&>?>4t5rAY#N9Mu>d$1K zX2YGd$@9V+kavo6jAEtSznF%DmP@5aR_C8`-mse$9gz+2XVcA=N}=wa_6cxOXaT~( z24hFFh_*&w$Fi$GQ*ferD%n&9eyaYn& z032e`3bYIHqJk>?7e|&In|VFTfmJCk1F*ktOYfL}vnGLKKWzk)xK^b_5&ANU86y#j+&n9Mb-OUM@tu^o|rl zXS3Mq`%a6%e%_X-IuQ;NV;=mybZB)wPTNj9qT~I~*kkdK5;{jD!#}l|Pw)6fng0*@ z!&Xx@G|f66mOL8cGaKs8ottnexU)w_1}(mmnrOTIez%#dKIJPT#E*LN);Ik*4!}4h z@n+d!nLfR1$wG9yR9r2aa-ow~Azt&GQX*_vGvV&~D>Mt3ow=m(n5E(3YYDeZbjbET z+{3kZYPdOxhS+RpF_kww0fu^uIY+)z4JSc}1Q8&)#%HemEa`RVwe)5&Y<}I^gQcPu z_5uR}l%yijk|G6-qEsU5b*Hbr(h_IXXp6O)*sHU|yT-nxArqv>EGv4uivZ)2KtFwa zp<##ySr$+)nd@#@!P3m-&4O~N?%x0KU4t9*L$GfGB{ipb-kMHUc4|c@dA% z!K^|_I|zw_=l6g)bYUR{rlTJnew&}pV&2HI1M|5%J+*?EbgDi9P+s&{Q8G0)XGkSP zKs}ce*#Mf><3zB&;M}$gWw~@r&HUps483;O z2M!o3ct*OGOC;IK-LfMY*}9c>f3FXE3JB0=on(bf9fq$9*LVV>T^b3ny(d?fs;yW) zHem#af(^WR%=l0JNHK|(#<$?0AUjQkr2x?)X^^tqPfzy z(Qv7)Co9tbo>%9~>&-0si=UHzMD13>l0L%=d>xtA((H2ff@p9Q0j|GxUH3jjfhaIu zvXv--Em>9u(sR}j1{Njx&3fMw-AC^Ii7gP`Dv>Kzu{|`6qI>81(IdTb3Wc(lJ^-_b ze(i68g=$plxO~#Y5NvL0wY1UFjzCLg=X={UYw!C#uIy6l`?~h;Dh^*G6`ifrGt*DA zCQ<8&QV7^r7ZXB02F_Z@)IpQ(D@AA|-OCbKv|=Kc3AJUuC`$Nk-K_dd5=`&~;f*d{-Qi@jGw3Lyq!$iuMNg%Iq>gO2)LDB377L zPX^mQz-r{?sTE+v^&YkYpU$zc>^-~yu^es+NuHHOzqS$#$4M;om^ceu*DIuXCmXvO z{=kTh?EMUHNl^d96C)f?59R2A*z zj9jo{yQaV6ZH(h#Gc-c2>4Fh3ep`bdjt5r@R&Jx4`H(zX5vbS?4net?5xIvfJZ zv75cm%3n}+TZ#|JV}g_<5vaV8y|)TlF4h(qHXVOTA98AN|4JXSC{pu4NyXjRYv!r?70P?2r}{-4jQsS1?|G=e^UMsm>L2@e}{oz_>eu-=UVO`^=SE9C|1ST?0J0PwzYENFE4}^)15Gi?v zZA`wi`%pl215U;A;COrs+vsNHDz+wK z%6{$=Kdvc{PO6I6$v$ge?{CYnpT?HQ5TEmbFysP?49KdmCQL6Wx+OyEx4Y_Q+t7vE zie7uhbfC7j8ad7$k({tGy5Gf#(Hs$ z5zoL>r%u=qq}k}u4am{sYmC$~duz-x-$y0t!8F%WQt!Zj9=($H zrBD03s!0Ck>}*!Qx$ufCH0$GxjqSHgbMFyT1uHZr=^MSKbFucOrW>6p%=&#WqJS%l zfI>|IUA;sxfN$T)mi-Ph`G)z=XQ;KnQ~?KLk@5M`Lm-J5$yu5zpFwgjfW{o~g7$EI zQD-Fz(DXt@QD8QM{Hw7OI)Re=xJ(X4zh!>GvhagvIod^uMx_X^CqVwOCY!J`tPXwnk#08b+u8?zWZgf}kg6*q3VpJfbMoJwEOCSR(BKF_Yokxn0F2c&fvHqi~ za=C7!IJwwRbg1Dlh`f*V6r-o-KH-K`z3mJgFBi-$jEH0FU_KVkp;O7mlZ%t|&U(@) zGcsPqcOqH=O48WRi|9!}xT(dBu;~=+F09sTI8(}1Z)w*vGapLf>Fx2KLVzfib~Fd7 z#2ZtX*)U$0d#lzP`T-x$WJE`p$E0aUFxd>dZv{AC%;-1eIow+Pdin%*0y_-gMpaQy z#v+Gr(M5zUtxQb>i3d?g(1kwAyxJ%1Ii2Y(wn;xZWbg+56Y*RS7UK9M43Fc*WgJ~tRM7hgEDau#o=va;rK zjwBHeS5{+SjUA2aB~DQMKJE|w&zw>6dBZE zClm&x4zWKiEzi44RE5SER$U_W;|_}Z9}Dlv56XvGY$|8qy@g){l8C_52KN(_~n?q&pekmwgedsfR5`& z<_A{$p_r(Zqg}cHGZ$lAkx@dxY^Bse67>jyZB!E)0jK8B4?)>J5xM7%>2n0PB7j)w z^##%UaXgBUG=F8uEUeo>4|Je|r2hW*ifH04e?an>v3v;0T zJ#TM`;^hn>Vk7!HJngBO8e1t6|jlGCpQ3DNEZ;rBGySy zEj=qq1QLoy8`tG$S^GP%3(Sk|XFKDOfri<)&2G$w6PAkG5lE7^iQw&FE``WAa#8F0 z>;2v^H^;fB!tqF#SS8_GGU{+~6}7m>6~W&nK7O13bTB)T?^B*Hra0Y`(#gmr7!-nH zZ>cAJmomj;5%oC-ah>OW65QJh_fUq0bW); z@ZdFfe3v;S>`_MS{EB`SEKU$+fKRyDFrq@cN?u<+KqoB+lRUf;)WB#Hu*NS6IHbbAavCXa5HMu{j#VhV-axQ>< zZ>5BHA`A%|>e-sJ++gZF6}F~i0KL}BHvA>O{99<8`?hmoYuei(TB3J*d~6%};jbRDCPHuksNN3CV& z_?y8TR+S)fE$Ve{2U9yyY18UK#(RW=j%o$El&<%sB5`R?GDP11nyO6RfJ6+I*< zEPlj`o^jL+hZ$>#O+{OBw(a!HmK`P3^<`%AEb-8$TSd+A4FeFRXqina{YEFtjND$Q z(8Wm0A4#ouk_2Fvd~<@Mtm`qRZelvv?iL>lQ6PGgKM7_fzY6F1;wryaou2{psGIbY z#~9;QOQ>sCc4h6Z1){OE++WP6Vq?!!S~ z6YScxoTw%#Z}h9VawZox6y&Ca?|7sYLkL#(=$Gt|A=e$;4cOib=vxWae+cu>4nZO3 zn}{nUhNPiJhof+*QGBF+#zTu}q^4PR;VBPERB#aq4?SZwlB1QuD+BlLJ+?3$javZ9 z9VG|Cz9|o9A$Yj&^(|aWy6Y8tQwofGFS5r)mVC+J@NujuTDcwZUj1v1Ycw))%ib;4 zv?z8NRkHWVsPh{g=B$q^D>$e((IB@n71>*{#0-!I{^o+RVTK~9-X1C&BYxXmcjR^~wJ2A(_&BU8oLJ#vK|i_8Fi17-_1sE}n?5glR>UaifQrGY z;+4zyyL><1)JG(5SJPyYO+X+~a6u3w*Wd`F*yqB6F_Bsz)l}7B&f)2Pv1cu=vyjGe zwWmE!+r!OP{yVVi$^ILPh1Ee4Qq)XTg0k*<|GmB{l{o3UCHHyZt`lKyJ`zfxb4Uc6c)1>295NsZ76ot6Snt?W1Y^#NY`hw?L9~2(=3Sa8DwcR>+m~#= z^pFd?x20&JG~0PZWz$UcLSFUQTK3_r2ROOBni*Qi*ir7HYmIV>aXzc3&p}sj<8cmG zQ6>jCGW`4(^i7Q8>tD>fp8_HqDmq?;Ve`VqjhGwwf!HshHerSAOu#ON?2jZ5D{%_U zn|f~Q@)p|(Fa5CgZ+v^LA8@%_tkN5stf5R_{P{=?5 zBn!-KH4h=-h7eR-w`%pRP%R0`EE09sHO_b^Y4~RVU^5f4eR?wv8MmPV!8=1Ywu@%& z?@Bzg=ZuilCtYmup~_m=xfPyyuM_6yOri#IMCBqG)7MnzO0a^Tq)WvowF(=#qN zF%Ypca4$>Xs5qC+xwSMSmpFz2pxV=g-|s{~);Y0P78=E~%!{H4#Xv%Z7rJ{|zH_v` z?)-7kP65?PwBBeBuJf9G%9u3UyCe>ts+}K8`R1KeBMZ&f^o|)dBn2H z2K)On!ijh{YToG-s%c&}onFbbKq(X-mtov4mW$Rw&F}~*S-i{e&Gps+1uO_^FO&+ z(&1QAM2cL=EZ=NLZ)rX#){Y$F23IO_e@iQqg>p`{zAZqr+o4fd?wsL+W=5kt4F)A! zhwL%$3{*v7HsFs`q5R_#eHaCnpq=br<(3G1KN*syYm9_&Wy zU-4D=GbHE9p91U)%tTFp3b5bm)1yQQ!MOaGZG_r$4ZB*UKL)=CST))piVL#m`{{E% zK|N&wNaR>YT@q(NeV(w6Cc`sn1-Tu9Q?2px58vAK-dF@Nz7F>+5QyO?Wk0m>P$!Xk ze`udygwEoD9j%uEPQ(H-l|X3T)?qKVW@rVtIsYlfzL7_;5L18{B zt$L|XLUMkryhcMELF&mUs7IDjiZB4?NQ(jhHNpW_qbuicKNIZeVE}jOY|`x@$agQ~ zcblRX0- zQqw!SqOPvBfOUmRKsVf!+i(sSgqM@FgMd{Zk&IRgD&x&dm*Hf_Cr>8D zuW44H1oOfQR~A%Z&}iq2p&pW^2s%Ko{rbL-(JZnPBxP@p3a2Ybb+}mrx67CaJ#JGvslmS zC|BH-OJ94>=_|Bb*DAN?qQ2l3w8wJB@;s> zAHr#UK*RbJCSZCA__ZYRp`gf43Ygelx74LYf^L?$V0O$vaKPNX+HvV0(aLgX(lY$>q7L zKgdCT%fQ-lBQmnFgWH?G2_tmrs%wS;G$RpvA(X|(L$G%nX^N4!)y@pF1pu`b-+a(Y z)sX@TcM(Bxi9m+$dkBb43#)kIUF)9vtzj8XT*FQa*#_qJA|oo^ApLY>yOvf`TUlXFB?D5`o9_9q%Ex#?5s<4nQ{;2%2 zGKWy!Hw(?R*5mML2+H+oI%3^xAfgg^B&QXZ$y1?$By-8^RB8p{p2;>`lji+Qck*`H zsh15kd1I4WNK{Sj{2<^ z+rmIeXTV{9n&W}aiFcPjNERb6rQEeEX| zbepYShbYr2wCRjZ6$O`J!wzRaVRZNBbc@Vt3B@k%oPULn{~A6nq(k4@*Rn4`u%Qg! ziTG+BANAi^$w@_Qs2{pb3ytlR&~FdQHcs(RU38TX(ik5n9|)0ajq1bz#~Q&+54svY6TR{j&~aqp03) zN`#vL)q61fE&KJ3{f$PGTSH)5R;|YAS?PCBc>}7&d0LG@2W46Y;DG*Ag51?GxK3X! z3Kqwd30bkCa=fvp;U(jJcg96y3jMMdCS<$P55BIN0>q7NnGDv(bcu*Sk_0<#vxP_9 z$mb{@iShfJoce*qnd3rn;TKk9WZ*J?W#`1iA=KL()UF*G(5vkUmB}|?VT)a*zzEvQsCfD$A(^i_=RMFpp?U~MzxJ;h1WKt> z6nB_4QmmQSToNfU4>K_L26o;ngf;e$U&l3lWz-A`f@2!&0H!VK zKI8KT9s`&A?re5zmK`C(0X{O7vfg+I^Dva)e&IeqoGAG0+MhFQq6JJ(3zImzlbPFk zXp>+FHCq{N-Q27=0lN5ANt21r2|Dg6dggA<9Vo$#{#29ROH5s=&SBd{op_MAHe`0N zeVAs4K0r24-3uet;$G<%0#s@wqTx%DV=5#>{5Gmj0~?DzngemCDQ7 z!O_%6p%o`_0Z2r;t+5bX!m+qTgcW>qk>HHWn-~l*ted*Vh9cBYrDB&?Cr|+ZL>=#x z#D+5UJDk0pC8hS$qUTGZ;Ta*Vu4d)vum#$M77?KRq=cbEn-6*;xc~YoxKHatQC22y zGfw-ZN3F0k`h~JpQ5@iuYw_eL6v=9E6J5J3{Py7fHR>;wft+N^_BCmRXNBV=zyFXS zU%pGW>@aD$`*MWro28^Yw4eVL-4)OLK|5Ca=c$Hf4z~kdr)D-fj!tOD*GPatr+c%uM1$D-R72u6jMkRgYEy3N$LCvVX$%J%GhA@JjrIAvntpoaha@6bWF^TeH?zRSn z)hy+KTQ*AYz>T%)ecr~gjxsrsbH+R{Y<62}c_?j$654gbSnmL|N zRnCu|dYLT(rhavY`M|6qE9$E^3_znC+55Or9x77!Wsr$Tim!MGTB2lQBZI2N`qzp0 z@5E?y^<)o}o2iCHiO*d!e4k^@hDt6)OeM6JtNE_0@`GnGrekues|(b<1X$uN0O+=g zKR``x)apDvV{$^;4v&UG6&1*v5h+FxO0Y)_mqkidg^PtEZB_hWwa!+QzOq=~6%Nsw z{=(RKl_5AuO2(Q3SBjDLcaVEba&D(PdoQ(PV>Scfp~`Pj+b154pC|U3TVuszlpbby zYxTat?g`9Avd?BsatUy%MfT)a8{88PZJ zy?5^iuNmLWw(Y#n4fji%z3G6TALzY3=IJi-ZC0Eo`pNS@k1PJaD~|iWqc{M<#D5np z`v0!w|C1v1kEfa@Dh1PR@Ia~wac}USooYHD#TE7+$C^IW%W?G?@#Gy9KB3Q>rdYX6q*keY;|!?nN;IRu5@rN0AEt3He}E2=NC3Lt_9fW zPeM-QOMjjpdihdFO*?C)4D)tp;{-MI~}V`;Yu$5P26KKtB+n8~!WV5h=7x22O;Y0zV|h zm7xl>(_qUzodK=MVjWC{QKnLELvRc2xsUlFCwMw4*ank?|I|0!r}@&9>#<1xV&;B) zINP)GF?Dg1DZ$2hzTm>~KMR;J+rTjjVFY_A~8gS&1s$)hl={?$o{Qrlr)7ISb_ z)8Z%Shd}joLr_ePVHaKI;kyxv(FQUQ)>lgD z6)*6U7?Y#N2FN?&rOe8pCM#bNBX*izqlu?i6~kDU$%qG?7DHRyUo3u1dIWw9eI%*H zEVRB*|Lr48u1}}xes<8)QeUMz|H%e7ihovv+l6&iTt?7hkZhDY)>$d{tx(Q^zP&Mc@u;1@w8T)c}>tw0mKg#ZH0T~*wK)I5eR0$!5* z3EMF|eYeUPk+MZeZVOkS-tJv+x1luHI^~_5kwu15o56U_!7Jr;pgxOJ`wa`Px>;>l-VQ6gi?AbDW%PMrG z6l~oY8y=`xbcwPY;=GLSW@vp z0%gCU5&=NREX4LIkLl5ydp=!;J)JDnuBUoLyseONb7NYr9jR1Iv0~H{WmH2(wM~C5 zTN@UBm^Remwq)*=tisltVj9VvMe0E^34`i~_-_Fxs`WkBM-clM-?L@0|3=cuUcuy+J zYxS5>dg;P0_)_~3I`3%XeC06(s2Dm}=ww7}dUc4HFN8@At6ox$l&| znLWqcPW)~+X1QHX^7#ZWrvwq!8srOYw@OI&ND`{fgV8Un<*ifdh_wuIlpyF2uQ!|0zi&t%I*dtTl1JK9yHBgGWW4CmcGQ)a zD)dFj#-3TPn0Cq-N)ZH_j`{*7=a0_|01w4jZsS@TS!HecV`;JnQEIRyi=IH22_yf? zFGN*&-E8^tr8cZ&C>g+PB-0$8bnpGDf-HFqIQH`70Y(duSpi}ov{qzkZ)fJixNZ~` zB!z%7`z}fVMv27`knn&r87~lna_(NL#imU{&`*b_v>`T|N)RZ+Zo>w14PsBe@wAEl zk;fB}>i!;b)-J@oGgY#-MxHVIR|(s;S|18ySC`Km#VkVz-5JJ{j@-YtT<1ej_R&#~ z-GNTnK&2X8Q96=dq^Q!{@L4~+Ny+Oaq+m?0iHqyaZcrvyD17S@(zY@yEYdK9#)$<* zg)9gsHA-Pm#p=-uP-3(s;LobR14Meq6vaWwzAdMWISv2GoswZ``~6$sn91%`d6{!6 zLL8-TcdUlpo)9RXk#=+hdglo_zoknTdZGm9B+Xx?UiI3_2wlsk0ejjA)JIDe?Svdx z=+R=PlFnP{v?% zJmY(@A%SM!7Uun&xo4OQfc=IwQo4nm=P%}0eS_?k%#xV_jix=YJI1PgIMYFXTmI$^ z26ki(@mlmsYrHbV{N|Vj&+6TD%0s+NBWfFS_F~j9fGdF>hvUPANg~o!9!|lhXQ(ls=Cb7=ePc zQV}f{)THNy^B7?G!}52-pa1dY5~|@7yZIRCk$k0g0?G0)pefJD>K=xqz7$N1-T2a^ZS0bC!XSG$^>B%S4c02 z57-LD2t82e<`aG+^{A_7veNz{zBzjxGA-#aN9-L&(h|9r7E+a=zTMOhB>+W!dMPNj z;VPJf1=}xu?kCHRMni)+*!h@l=}qqQK@we^D(Aoxf;|VJ{S43K(A3*ZQ9E zeUWqBPupJV0xk)24;B$fHQm49`l3w#bERr>=`6pOsv%AweJ#M&1iaA#F&Z7n5l@U( z1_HFUtPMBRvnTIbK6ByC18yo_@-0QE_nE}g?Va4H5M<3LO7SflsNmErT{_p0RqTK~Pw`Vb9aQ1}{av6&%_G|`IK7Ato%EaW=(tto3ce#y@ z)CNrF0nKW~n`2m?)vHAT!|OllfMNA_CYXI`s*2$5(wf)326%0cIT| z)sZA_Dz;GHPagztUY%9vO^Yn3k&ztq?*V2iK(59Sh^u~X;5f7U`nOuMrv@^&u6w=a zIYSP4CA{?>=fm>R_uaq7heZGJUN{sJ1*S_a;5n_a=fo>o<9eUmq7uIBB;*m>FZ=Qj zI&Q?bA>dFp0RH7mwA@rAuXyTrP3-KJepI>g0oPo{qbI;9o!aZC?JjQHB0jdhPyxQi&>}z({2s;gev5VPSvY zpUH_2I&p+GdKh8Cu@hCfX|nrqilDIQ7>KEH&5frga5#e732hC88EZi%A|e{{b-1Uh zYA5B%Mgmx}C}hy==Qfu-iO@dAv+0djx4vX*kFvtj?b4Gn#4VVLIG1txF5Z z<&hFy8xJ^W2$))gl~s5a5*qxbRs&o^Sx*r?F8Q#{p`i4E)QM4 zX2z=>T8xYnW?;U{^Z{U=!`Y97gCm5>zOy&AAp~zj{j(=x(}Pc&IQgbE;Q+4?*ZwHuBOU?WSWB^u4*rIr@+Eq5g6l?m{G8-o zhiSk%np&bsXg8JhL`+$|7AOL)rxk2FVOC8OuO3~Uf>@GBr zZ9I(QZ@^CsGAOJ>R?KYoeq*eFWcVqkgMR( z6dUn+A^#$@O-Dz*<3&~6qTclj*WSGK_Gwd+JN>NrsW&sVI*a!<`NIEU@4cg%O7y;8 z$A%41iiN7uyV5%-p*I5wy(l16KuYLk5D@_Z=@5EoAvBRDHKNjc2}qX?p_kA}-VM&o zGc)I$cRlCa_pW=_y$^o?%O$J;J3D)Sf8XEdL&%n>_zxggHF$;|tIVR9x*y_z|7bwR z*G6@>!;W#J7AV)8*pD_x{(H62|85+-GN2AoCuHN7+VGxwb?Mi(6A7kI@cR{89m|FG z)`}d&&yPb4{jGoTto!i})B%FEJH;>l@Fg4!;;VYw+@kBMh~wB_*wRCB46Zi`o7J{$#uq6qEgu1tFmT2gkC4^sB(Oh zL5NP6M_2I;z1Q@IxQU+wj#&oUnOp-iYVcMTkLh7Z>BJCwME`)+GXx1kkYxZMzR<6nN z4Kk}j)R)~6iJW?$L1x z(P+-`NwQ#fE~+VeiyX!M1r#&YA6xfu_xp7^qKJeS&W&7xFHJWTTm!I1owG)TeC3Qh z>N}?PJ_zm&nfp)ZQ*9BV^sGl$+I_yQsuoIK*4^~%JAR}#21VZr!g4*+GKJ*aZM}9e z$5;GUf0f4#>RKZAnyvQ1i(Zd@LyX)5CsP*gn~0Sj$0C(#`eF4G5O zDvxqk(C$3A6pxi-DfB+BNMcJWWUA> zeVDHOn(nm#4oVpIHvHwxXZu2$B|J|X3%Zm*HFo_6+J$gPiSr@h9M8kI8Q5w|3Ie<* zUF3vgMVxbKRpEU9w{N*AA9@P!LnUS*efxV=Po*b6z4T(O6ETpr&-;=%Ei+xpdBKTT zqD4a0#0M(#V%>nfN=}6emPnSw)ProvdZW{zbI`nHReXiAuz9&?U2WUbHH7Kg*16Gh>pew7%S5#7^&S%^|tbhxk#G+xn5R)zXFM zZ12Z?&$q^uN_FLC-7jZqn{T}ZTx$Eu-yFvn6&*B<-S5KWdhEEI0~!H6uAgk_U@pzH zFRr#h>6SV~l~Y(V5#bp4acY`C;Ixf@{TvB97q7Gf>I;r1b`F!kIL)?SCo9bR@->Gl06RNdMXwxHR*z|i3JmT2XKpV zaa^FOudvWYV4N6Xg`xoX=xYE+;ujani=aSnmtZ)}eqBBL?3wji0I#j$p3}d`$w#gL zQQclLdE_fQ%DoUtpi@h6l(2cXlM!bX8N~)TU$VFB{rAUlZ;Dg+a(kS^y=9K3s>G3W;3Ke&8WF+IHAR?S1rCd?*0&}U`Gs2 zpkNOeCYcM-4%zp&O^;k}4&%(F$=H~6PS*j>SLfsyx!|Q@GzMP_IG9I>3(wi#m-U0* z+gAzw{w)W9J^50q+L*TCu0M%Y51Nr?q(Fveb*UQwI24Mj&7z*ANM{(hc8Vwh$Vp}_ z{iqy~wSw2PDMs=-%f0MP)3m~GJa4g9G5MEPqc+08?fH0~ifTz|@5i2er6LYHn;-|_ z9<7xGBvmN-C{w4sVKBs7ms*4qmGGj7;*N5iB+*w>~b$ze&1f#AIH#V(tU4K>JL z7-Fm%T>r%oqgG7WT~N2Uzz;}OM;)3D29y3-%8qg%wO@Dc8h-j|KKx_fkR`%h(KN}w ze{{9%qseCTT1$7zyHnXwgQPm_^;zQLZB|=u=5iAt2a#^2==U=#4N*dV{feQ{MpV^E zJT&NMSM&ySDStP8L@|H`&yC1Q88xy4L>$czIl|bkUOGy;oqAqJC)J-kMO&mVvGTGO}rmh_+!vcS40slxH z_nhM~u;Kv+Vrke_GxcqPql5(HhM7Xx>!*<90Oc&ErXJL(Tn4+oXu%lJwk4i{G5 znu+9h<;Rp%=GtY^Shuds&NV~x=N4*#^KfUY6h|wEDn$0s_4TX7aDzIq!i!7%E3Pgb zf()M~Rm;SZju%nCa!nl8K4rC*G-(h&;S?2$TlRUmi9I1!Metz^0`$!OtUYphq8o&L zBZM*7l6Isq)N(QiLJdDMXR1^IJT%NdTYuL838F|}N;w&(7!OdYA2GernrYf%m58p^ zZ~IVcQeypr`9jfAZh3qHQk3X6{0=buaSL&b&y+k1@hN@!w{md16q)&20>^M=rV005 zQF&5g%;u=4b>UFdRE8tr6UR;(mcyay{?4a=;y((H0{ll#?LAo#zsR|`atd=LuV=Q3 z6s-y`98&jx4X2sV9ZSeg%r!#$NR;qV&?c!N;NFWwEB4>Dfu;IfsfoR!t6OF$CDE-m zc{E;!Fpo{{tHcv_LIWLIqyTW^Z89i4gJASZQ-}K4 zFKxX5WN_@@F%`o$R^E(fZ^mH*23*%@u~wel4^~5h0N~a0SAwN^g5BLw8Dt%40OrhP zXI=%8mk}n0*F5E$4dng~H`AidpXeCLfjfCtUe-%%F?9YggeB$x!?Xd9UaOy*{-(;$ z*k9>cp4a?ux&MG}hHA%27CaA6bZPA1jz$i%p-pI697Vsc4-ZlImzICEPMzPe3_=~b zUIlbnGn12cY5;j#E#&wW2sU8$_cesllR1F0mu9Qy1s$M5-XRX2J=-xE^^pd!V@;RA z_`uJdMbj+s8~ua{{R&tV|3DJD%_veT&|*E`Eum1(E2~ zJ@0(MCnG)z{h7k0IXzE)iRuXEq`eFmH2h8gJ(Y1PNgqe4(qzdYRpT{imCr4CHh9w2 zBJYdm$x@_Hg%)LYEqPC!xT|Dwd)dDLeOo!xBBXkPXf-h?_9B&RhgplG8S_6G53s>! z{?H1M%M{Q0{lk19`&*MU(je=Q@9j!o>*#scwEailF1^k;ccIGjGwJGkVIkb}rmxtf~OTRc_?YAj`2jDY$K(#xwaPba`Z)F;!=7i8w zD5YvVNZGb57KXp$)V}%z(dycmR!C0NyBYso2D|?9q$LWaAvIyqVSqi8`|WD;;ZN+D zn8Uw`JsTA<`1;(-^gR4|ic~x%d*qUEC+lxsp-)wi$zlXA+I*n=)5IQwo;LtcQv`qp z%D^sHZ+?O4?#4~A!=&QFFFy`+U|Ur80Jw2Bg(fX5)HA19*~yc7NmQe7?a}%#8#(?w z`*Ehg0zwxk4+xgR^Nfkn_-QO{lQ8&rmv$Fo@4I&MC->||RV_J&x9u}cdZ0k%#TVHr zmp7CCdoCY$Milw<<|8O{l6FJKAIQ#UJm@n__6FWJq}ST+_Qm{Y>?KO{Tu7GyB&(`N z*HT}O)bF)7A%i`bLFdkf0Ko+h_vuwi5gr?1RN{*jT;Z#3 zNCqCrjzga?b2*(Cq^yR`F&e8Y-Xp`*%?BTU2TTS~tVfq6AHzL%yLYUf+dWoHOHg0$ zOF#_(?`9$kTjNwAEWv@PBo}J~Pa4MFXl>tEb;y32_mNmX%g$eC1c-^7Dj(>0&0*Ot zN!|P`D8zfS*QxF0+YvfzA%N@>Z5wWfkWxgb_up#@46HsGHaUy;kEMqZ#iuLEC8Ba8 zBTxhKSxb%pRU0Vmw3>&R^7e^tFbM->#gIt#>_3z~2}nJ@{aK*2t1faiIz;yZHl%}3 z$p^|rD*>QfUBIfKv6b?8*xYby0+Zp4kRY6!^fH@7keJ+@cv`R9paocF)LD#&Te4PFS zAe`_tHa2!9i?R6kPfkt(gp=(kbx9HT&CGTUA|fJyaB>U~PIgx+CM3P~J{+_FmVq;U zZ~pAnF*)I#NHhHnC-HxajNtzzV}pO^*Z&*cgM?gFz_eDi0}a> zA4Brq6A%G8zy}z>KP-F8HbM)OjjeQ!0Q`mZ%)OojXo=mhg7Fef>_y6mMSeoz=fWCQ zu2zu1NEV4rQ{04(?^TlBD=oPEYvbA8ZQsS8F(b zth+wp0gz4v#)PVGY(&8(eUdxJ)EV}bM@;D>(N8BDV5T*-Iw*XhcWKJJ~YKM z1)%lVL9bU)?Wgcm)yY}De+yI7ctQ{UVufA6$6{m8r5XddZ6I&*ls#QI`n!8w5(wcz zeX3x}C3zcBS64Z)7RDpFPJFD=CH^3LFY(c#*!i1*4ROd`DK0qr=AMcnUH5ho5%y({ zF%_40Mdw;j1JA#XmA_)gG69^*XvzWV(1bpwi^Dwq!F6whAbg7V#LM6d|Atj<%lMc$ zSMGtDS&WTc8oO>cEL3ovGzjaJsEW{2DdWkt7K5->e8rukG{-WMOX<$OzMC^EpS5*i zBVyjm4}h=&Y$G&!ckUqbC4f9|zsOl_Yve-(eYICR_%mOQk<7UT;11&dTvy&(ap=2v zAFxaY@mMmV@Uni^KE6wxmKLn=N6lW6lo)!!-guaXHN3o*T7Tv+AZGOnrZ%aq*1+P0qEX6nwdG$T zWzGjY=X{>G^cCKQX&)OgqAFek`kUl0s&vQ-k>8BAcfrXqj#4q+ z9e*k@Ycu(HjsoTGkXxZoB)WSO>LP~jU}!JU1kObCXvI;tcH6X>Oz@|Wy^tgHVs}lccm#{T4tkTlHEg}a-4>q zD(5*{yv>5*sukH*9+ipzyhe|JNiT9F`Uhta;1m=1#@^T~pQ0WDMZT0Z_YH7GOjPT0 z-n;oW>uPCOe4krfye1UQF-+r3DE#p+@?<-Whm{Qv${9mk{2+n#TT>YZCM76nA6`5s zHu!riXDWv=&G6U}t*)E4XDyaqKI9@#Yqw@GaLx5!%mv~TV8Z;gM>4G=(a0Cam?n=B zy_T+QI~59zo+j%Kym~kM>qc4q(=8snZuHGNX~NLSgIns~M%-MX1y)NE9a-Voi0~(4 zc~mLk<*~2h4Jx#KZrPK;^fl<)C^W<@y{GHS&(q%)e;QkXX3V$ltp1ES)kSQ14x#{K zgcWJbKfo7`#(7C8<$Ytd{`cW>OyK)a(I}D^)qL*qO;hH#Y7?df+8=*Q0?Jm%Y|&Ts zZ{`6UgT|m{6Uy_k8~^Xs>RrW3G%~V~f!N$SvM1XbWtNG;ffuU`GFgD3gp;dian!u6 zc$0Wul(Bnf>MH^IZSUW-`wep#jw&U}mHr?f&iF*ge zwC0FlCpvn)q?2B3eapngx5x}PC%(357FvY%_-ym4I`Yn{KpLVY-5yL- zk3Sf2Vitg}-sq#z(kL|JZ&arY$(at7`>cb1;aI98JWQwIpmWa^A^l4)#+i}gMf9!A zrIA*UO`QCAMs&&hQ7Qy48{|qEZTqdFn_EO9)&Ocdv@xzPz~tT-CCTlGQp?`emoHUG zXP-5gRoBCQsAjT$U}sFttu$?mPzOr2cy@RldmF<+x0J3VQ{=gbCux$gl2Q)9BI}7t zB~R937OVBf5?ZwPC{yqWwTNEY8yf2(;@4~q+5NqiM}Wxwf1fUgzocTZG=<2Ma}o4S zlT7PIR}Vf@6*pPgzY%2VG)iG5VHrkAkV7*z;!-I>D)&5!d2AR00e;vD#_#$Bq)0fa z&0#NoLLLZJ+6>ou{O8N&+*nYBt@PEC59MN9bkkN`DROU;2s$O(BBapd`Js$m)dwY| zXW?FJq^qAyk8L_nhBY~0kE77?S+@RF?XugY4 zD%1=OZZMQG|Hj+aPXBmRRKBc1PirIyryO*eD$B->dKyGxq7EuyA~b(iR=h9Lp&(Qw zTCGV^mS5TFG-NfP#}L1gzfk)1nz`c7=aF4zhJaZ3L>h}`kQ955N+k#*B8Tf9u=lP$ zCKizs7%E#$B&>5VqU;Wgd&Yg8dMEb9qtFs7aWQH22vBw6u2}NA;=czC+_=9+Wxu9%oZkf?&)U8Gy1xBj z=IT5|!igTL<}ql{RAYHK-Oa>&80wGy3p26EmLpLBG(>lXOfQB6j+kkf&xSirJ{i30 zYiC#hobc&w?T~rX4sqt7giRxPpQE=f08E>%Y~-;a$_x#sD`d zUv#9m`0(0vUH13%^s_{DVW1c~{r-W{kA*Im%lxYX$T4rd^;Q2dYKCG$%WYOKR5EtZ zs^VVQq4e1T;f|i}w?4r$cHbl;MLE=E?390&#(&H)#Mx7jQJ+;kOg1d(xMb(1xk6GP zrOffP4Zu#^4u*&8JUnTSr*M!C^V5%$KxCp8R0OosZ|XJ$-OaAFTYP)NQqqzh;s`WF zg=%u=;6#zr3m;DoQw#|&N6YgQEy6z-GepRsOXtD^`<)G#Gtb;QfG%a&Kiz^_3%veXCEP$6xAGkRCzLAVcwyH`1 zR?P?b0D@KhBEVRT^XbOF@x~B}QV+I53Be$YEP=x#7%j3tqS^Us#8331IQrqN$`Zp8 z{Ucj|7w2plRPB%>Uk9I4mur9;U>9ZV7UF5;H6iiob2g7T^@wkLs49Pv%gSVQ( zOZhsEc*^q?yo{&^;s3p^dmjGJUHA5Xv+Ld{mJO&Sm3~q(Uj0)_#x2r{3;rFBXEHJO zuc(JMYWL3LBpoW=HX%2E$j6+~`&oHEKCQfKGNXE>&8*VE{VK69wBMbuGCURL>{dZB zuPUnyW%w0)7>&R1WH;c4<5J>p2Xm43+bJg18gQnh>GQ|?C0hl9Vj8dZ{UP%3y!bmS zBdwa~=m$w65{r zb5`yu%lA%Rd;yyWiXQnuGwPinRFjDTS`e-@ID210RS2BLBX4t^IJqK0`*>s`J_Jw*BLe{GTcrMP+! zK&yyMVl@JMbz6?$x+7CQ)8Uq|`Id@3BtJL{reF1~O@*stSk#5yzPP08PBqW9!f>dN zMF^w3#Ix+++_0*~TFsfP%GyvEE!*Jk-MwG;`s(A3+8&|?i!2bBjv_)6rs$0^K+gy> z1thkIVVA_d!|;V@)~%mZbznY5X{6t5{Y83VW6{l0MIQA)=VMS zCa69NmsYI!RFRG996WU*l_<>-F0Bqqog}vtyKR3$$pCkOlpoywgVMn$6j7J-mxg`j zDv9+!R_s@AI(RlE4@eg!-5Kk=%HNp!8BPHDb=^1T;6_{Ei}zXm%)C;_to#V_*lC#}8Qbg(~BrX?5Slw?xmC z+t?-V4ck6kYA=i7Q?6>Rt(lIC#NFl=+#zIItpD1^aTdrbEH{{TEb zTR>81PE0KR6Fy9^fVSCt%FU zpy9Moep)X7`&=NI^fahqgvr$65+IB^^z>TxDkj;!`p#mvmu##S+u|l3F?dtkpllu| z>*9RsfDng!sctCLtU9ln*V_?Yz+2v#IH~1)X=qYbnU<)rf(qUSMX52%L z*=3m1vrZPCToA1eX5}0ZLk1%n=U@?lSxWJ1E5I!6paX{@FbPj@@MZr}-Q$*+gn$dKzMIPbOS;eo#1p_N4On%?0dl29GqM^@Uj z$Rvf)ilF4%jdl}jA!ho){MQLlvW;^KI>vDLUWO}zUAXZ*0EKmdE3)MzwDj7loFgvk zp{D9&Yrc^jtv#?Np&VsWCBsp2&nK4ey7vBDum|lnG58X-^Xr00J}@-55Or;YG4Yja&;h?@oBpeW-+s`>em>zOnp}?>fBsQ?W=L3n@ z-*93?A@swx#yM7QZY=WRa?@|1K;&2LELrn+UXN&Z-;{=7)nUw&%h_D1uaRR z3$$3TPjzmtP*&0uMv8T8*I*|k+@tL88xhvwC1e~Ls%FQ}$8GfbgHSoT zzK}NnLUBsLW>^UV0I;_|MBe&zuL%jC)QxRKwzjC`;NsZ|bZi(iMDF(jk{Oqw3#f-5 zGK9#ZU{|MP$@IdzR zH3WcI+;^l<+Mjs0q)E&^biT{Uc|SZB^@Y^Rmpa3#P_b}o@|UYS(r?@u)anYzH+1#8 zqwHa9qcqN8$Z~hzDJb z!dBmU)WHYiO*cLV3aiqNO=yfc{@Ahs1lyOAH7k)@jld1No;BN$NCqIls4T|GcSRtB zO>A$t3!RbQpUXPF$=;Ok9%T#El(L35y^3Wi3wqz{m)(;sP{`_GLA!;IU#@tB&=Vc* zhsTn?N{XeA=_C*;TnT8^BzL;cO@xM-rle0J=5gf@j~=5AFQo4MqJ2F1>Q(7@hQ{DF zQD@6Il$+%qeT-n)cm2-GZ}l*?gHt;??TTR9n|e+amrA6Zmque7txAW}Zek#_udSk< zyQDWEpG0~}rp_lMSTvGv1_(E<9%doo?<`W>=Mn-v=8`SU&vWzkX9HzZ&H3dXVhwtL zP)9p)lk>?$z$&H{gt2;Ql>ibDzO99DVzEui|9*Y-z&?3Z8N!BgEj*dIEe&1L7%^qO zH5Q|?%BwBY*`&;14&tE~6`d(#NulM#1tn6woi*C!J%RQGdq+Mm z4A715OY_92EF5Y&aLX4p9aVINB?kP$Wc;j69cOgxIN^!=a}hyUjOJk!dhZ+=CZ;C{ zu|^+27gT8a4iyF73}{peLeV+5u53=>H^1ULF7~QW=~NYhVqA>#SqW{aL5LkxAn9vF zQ%!5t1#Gu$|By};%(wI%h8eXjyLd5sl`S-?uUMWLHLQEx`5I=JUZs78bn%E)LYVYe2zQiorjAcBWeubo8ztB^2>#tI7J1IiODd; z*U7F{-QiFb&Z%?8T!$lreI44QoC-8 z`{%^mQT+^7oR-bTja#WG?bi+#>jy1xwHwd4s@4mAdj!e|JV@?Ng7NxekME!|1K<3Y zwpNRJ_w39enW&s3>)}eL*XwZ`W0h0&Zal}s)KYF9tK3}5^`lSH9ogCDc1dP)(D`#y zzRzx(FURouF7+W>BsKF*cDxCpi((&N%BGmvkjDWPue=#EfAw&R zVlG`t?eP?`1P`^Fk}2urB-W`v=mHA4yM9etp_&^2txAjwNoILwAP0wXd?ab(@@gP( zjFL}n)h9Ek6A!WQigC8UesW4KJt2>kOH6hiC_zrt>8Wf@V#kuX4d;93^D5Ug$2sNHo_a9T8xsn@^-SQYNz!lYTw+c_y+CRzkc2&kQ$U++ryTew49EVTCP8%)|Mz{;B`1#M`s=E73%qM zu(n}5#_ZPS6Vugf(y_*wbIClSs@rzSgDX946!H6kk*1lBhs>S-axxvUmBvV zRo#&TF)8!3P0Pky+veBdfK82>jnQ*`Rfg=Bwu?|}&VR%%Yk9MDTJku?+~Z93IyAbf zuUQn33{&q(DskEnzE}Ky1oQL(UNtL`{LtR7bVlwQ5?_y}@zrd%lorVywjo z1n%Qd7CL;oW5T0u6@Dqrv48SAjRF0H!}^#h>!;9jOTd!JS>t-DjpJ8@7FX`NS*hKg zsj07vqdTU2?BH5Qe$gEOu#_jYNU*}~H02okcr5X$+k1N~?HV2O0Dz^IZSRV;+`62) zt^V;*Uj{Iy`;K-W`j#&bs9zN5!4neEk4t?z4)7%J$1QSv2t=sER{=MkfnZmUnh#IA89* z-ed#a9j)Ho(gaqcl9i=~*H-ajM(FJG(xbR5fqb43@$Ec806HpRM1;cjI+NP;c~N`KoS?1QNwf-u$Xs434ZlkWgPMh2kN<4qZtODkth28r z!kQUBtvOP7Yd6SL*EQ#!ajHlSS19`&Oh$U?2|!R;1tF#tMu*34(FrOL=+P|oo+V0?7Vf~S9X(Dk%pm_ zjP?FCFH=;hS~r551)McIhBgjnZxMUzIa;&g*b$fI3|SApn7y3HL|tw$E*xC@ za<6)#t%jiqsnxjaGf(du1klRTU}r7FY|0mX*WX~4I_Ht1w`9k&l0S9!@G#563m4L4 zQ5pQ4olftGE&yE;q0`}>yXnQ1kfPSi_6~Zh$$Jc$*V8G|! z@D!mZHdWOA#KGnMv+emLgZ4ukR9h%#A~uO#pMQPFeSdH+H@{_;-*(E`l$oBd<9plw zCX`b44Ku2A%5T$l-&b#+#b8*gnJ$1CRmLD;0%KXq)b;}pv`kB@w@F>7hVArkim5tT z@cKUMoccTn)TC@edRq*O{kTf$`#F=4);x#XWSBZ=sNiJ_38ws>txE`82$6hLLCw1c+|6oC^Kxn^v zk!A~!giEX!!k3&Gjn^DqS>7X2=Vl<0Z6HLI9s3pAkE`LaH*ROJTX^)@A*!x>1^vSE z#_s0=N#N-MiG{WYS3WD-9@)8sjet|Gd^;OJksjfM5LJSGnVut*EN%=xP_KNqrT)cA z!a|lO4w7^MG`*11W9@DSfaR?Ku)J&G6iZl|HHX7lhOkcqdrArjtZF+Qy@+Rs6f+_#Wx;?iNRY#a1g1ximIL@i_Lb(0R+l9V^ zqHbPH{+*7xoX+6_j(v1c=3*lu!Jt1*t#wfv(b{$8DR5QeCe5Xd7;UPQk_ANZ0ntOL zx!sz^NLJi8`l2K0LJ(`9hKywZR;uV8Fuc-Q3^b8R)spYnQ)HL3`*N%E@|M$V)Z! z6DO97@6sP9D>iVU18|n=;q=@YB}i?w zvBP0dQrNZRx=MxW*g9mG`*CzElCCCmPLwvNDr=;AbWHbTJm&$Ng*?7lY6@WZH896W zcf+5zG9?}M4wzf|o`}{9qF-5_1ETXpmKRGXZ^j;_DT4uhxx^y12X3J+!#@bztTaiP^BRl#~uajsI6Lb zdq3!Fc|q&KuTd&PF}}gK8F+^gI`Zfx-yaGcJF`lq(su#QyPdYrYJH@4!3P#HFt9Q} zX(Go-02V~#EqZIa_`Nd>K6UFHc>8?5-E44Opm<)5$wSK{>|~~9W#i~OBhCICWsG6w z?o&gm3ZpW-8|xzX#_Hn3KpMbEty-QU1s;?-Xt!ibRwXaK2WI-!4!4*7%djC3hBIPI zOc3m<&kx_dMka6$<=v*gx@5x4?o{yJ;chPhS^$K*=e7)@pJlS zhiAEW3|-HU^DbeOWKb#|m2(g1ySMIq+p(JMmflht;Ge2w3rV3{Hwic3)!9ECr;!r3 zS^(oTPrJUg1J_}`%(HZ@Ot@-%W#7p-Z8du-V64BEZOi*9W}JP0v(F~r(=%o@%vz8Y zCf-OYqAv-lH+!RRR2$hbvg5^6EyE=p#4dHmAFk${N$c+L8nSz7xf8fu8wWotFryoO z0bB{1mIbkUi&zU;15ZiMiTH3pu?%$!JAml7??>Y7h;QuW#X8o!2S#bhr=zq1_#G#q znKvUlK8cGh8h$E2K&Kl6 z_UVYVjB2T=T9R@O|ArN-Oi02!=jdm_*kpUSwi#x4NV0=%qZbRFl*-Oy)YV#wd_R10 zu8pS1O7Lz8GLaLse*iW_sjnA0s4Um*AzkHpJri7->-5sd7HC!1ZVrmeK`H7|JrzDW z2bZgJ1QNkRdC|$au0rT!MeaMuBLF28>AitbVD$QA>Ai`WPaNjUKTFkP<-12yb{RH& zrNYV*Q8iOn-u9jMJxwj6C#uc6C4MAcPbwW?l*!(U;e?TTbm%Rr+P=e1m^&7AqZxac zQEd*pmsbBctjMT<3@15u)M^8~091Xim0>|Knt~QIQBeay_FtjQCtj+oI^P33GsTR9`lKkkX zx|SLF9w`~CSMK|O_I5PYW)$5rsrVfl(O>uG8SM96$uNO@(_Puj_G4&Y!q;Mp!&Gm% zqocN-RB?_bB)8XQNamqAYEg(lVh`+-pK&uV1TOU_W|QD7pKdX})ttO6uP&SRD5Kjt z8YwttGSR~d#u!yyIYX@wLZ}Mmd2LGs{)Gh_Kn&BCaI?B_#ICR)%&rb2gW?Jahr4L} zfemaBpi7NaI?2;a1_Yc?h^Cms!3Bd$slb!cSNJCw*072fd|^RasCA!Dpv~yx{u>8Z z>HDQ&W60Uv9Y*G}3?MOTK;}5GI1Ylj(D=T%xFG!-SiYMC$m&zBX)zt1ow#VX-AGDd zeNaM{M!8UaJiZss)1wKizI6JPtsvOsXtT?F@x?RUx{#FM6CQ0E?Qh}h8Ry$EIj2w^ zOQPTDJ+!}1F@}FPl1c}j^z@;?^U>w^puhXs|3|--jxFKZ5g!1*p; z{8lP{o2Bg|ey>T2o0HRPe>RR+q1Iu#(IVA*XE7($=V+seS2;N)1wXdtvpX_@-w{IZ zcK{eF3==>|I+IUzIynPAbG|L`n9}rQ%<})sU+=$l{1{sM6gpOJzD=!kFT3kZ^ZSt+ zXr~IXXv#Pq*|YGH>(GPWiE=8JZ8FDjey72G;r{xd1d3ZC&x418K5AlbwbW^Gt8@-w zD?)eUXDg~asIx?^Z)ey_;Dv(y-_#RTfN88GI#7TY?923TOof%5wetX(bIK~@WIQdm}CHAN02UTeg3aAXD!O9e;zp-yDc(k0<6^>c#zB44WGD}I-TBhbr#|2 zm*wc|1mF@&=c^HMVM%@X@@dG6og^m|^W2Zp6$h2)^cw{%b!ibu7w#(%>L`XLN7J6s zb|K*Mq$p)L^{9dV^tALMiCYCC(`3wDAFD#53RbAm?lUUS_>^gQ}U5QS0%6} zMc`5Dp*^Isfx>P71{^c0pj()awR{Wj;m_XM`7ZX_Ud&143$-5NQ-GviTB6FRdeyWH z0CspuZOeh1EI$y;@YCGbK$#dP826TsUjq06$DQA}gj9);VQ?~t;aY%8U-YKQI)twY zVcIuwI<)()G8TvI3=15kWiAwHfM&TSZ_JG1cDSCj;hL@t#>N&>PMOQeqC8r2v)R-_ zZ<93zxXuR?P1kPQ*dP5^tgJpk_Q(XZ=4QrEh()L3Kf*%@0ng%#wOdb_J%5Q!&3y+v zE9u2ge3mmdHwzf%7|Vl2YW-Opa~0OBURCJSumL{H_SBY!itdYj^Gh{0az`^cHOelt z@2%)i-;MkX0!OAYJoeL2P{)t;zcYJAoLDrwTD~;#`J=pFc~Vq~Lc2x^pV_I-j8A(f zw#wc2x2M2~9`<+TOgqNJDFM3`McTLG@~v01e#tp*E1e6SN>O0MP5V-2Jj->4^%nY^cq@NWwY#2Pb!%kN_tSK40 z@2WRGIyp7Mvx|G8Ib$;#RlCZyQ^;8TK9I^u$a_JMnSQ~m#|q)PRP#pjZG4niJ{bmU z$;i7cw+MO#PodJ1AirHlT zM;mT8=#zC`6;B0wtV4q8?Cltw@&t<0Hk*<*8%tk?o*8{t{J20GWevke;^G?9pDQmrR zL_A24LUHe|;vj>>LSqfDhL9&&>V6naiiqHnYG1Z&+2YH$y)}0oUA(Bvesbzldg*RR z&mzATTa6BwmrQp|=8i~ykUY^`TE|W43w>ZXl*~%fntd7Fn)!qcE;;dm{(I=w zqAgHVH=iniKi4nY`1H)&#w1Ryk)ir(bl_0TyB1*W0mAm-BYTnUl8EzSNzm(!!OG!t zx^z7!5hq(jQmb5Oz1PZ4@4394xiroB_Y%E)|4F(D4zm6kZ2}jfG&H>cDEdfy}@|m69x5@o-2Ljy*RNf`G@Upl{F?fkVcTgCbrpRJwsc zVDtLXi-YoVvB@Cov`u=>H}Ak%GUl1Sso#avp+0u%gs|h#f(BQbm*WM67GO6V_10vBL*74^bx}<{gQPfotybw>uR9c>Oesp5sq;z3wTy ze%3$@VAoe07ac*BH;gUE4D9?&ia(d@1*u&#!?P~xyYfo@j4_AkXrt7RXKJ?q@g~BLzrxzX?~x%6IvYZFBYwby1-b0|b^n!((#Y6&>d;9|kUX zw|3kqg(o|eL5n(@BB*eNow<1wj3`?T+N@^|DgNTDPt-+ft+>EhAG)adERDUO%+Kxc z3Rg+*^lVs3A}LljaKB0jB`6a&n24`Bez>gyv5`NDxx?P6#`q4O6crLMid&P5RfVa= za8bD(dYOIL+egHkI*Ouj)Zkad1I`+}nH5!Sa!%h;3aKj$?(hi5 zoaUBaXrH!!gc5FKdc0voq3lWx=UJPXtX93sUOu=p!W0PK#Bbiav>Y~0WrV;Mi4#}a zszDm?^r3P{8NJzaa*n+d{POM1ey*6w?vo=fMQ)KO!ZNJ)sfn?Q)AN1+e6w6CusSXY zkqNXsSxJy^JUm@VD9g9X?DR}l;+77=0$*&9!?5oWS1slTg3{j2i8Np)!@!~xEf*{` zUG*G+i-vSS{lN=)`VN(}s9GI_{ZjdC_k@A-M}!%oRAyrF2iBeij3a&E%v;xeinY%H z2*e$aVehGN+8QZ*>+zbl;cj>4Q(yOabOsx7=L%na+ju$2uX}UU!@969a*BaxZ--p| zNf|Uc{9lKd5thE*;l|e~*VpRkM%w3f>555=L;Ym@SbH)Z2nkPBq31& zZg-U0BI~`FnMA^fI?6vI7sMV;)bGgD>V2`R`EU%1ur^dkI8L}C5gHmymf9O=wC`sS z^n~PpwRf)XQ0ILdCre#ck!dLIk-dpbD`kp|hE}sIIW*0wFb>g@9M<^|rnIbCOpKUC zQlq3{Y)(x^Mh9b;(u~98-k4d%N-N_u#0)e0owlCr(|vmX0lx>o>-t^a@8^2`-k;a| zR*pbhNCy4b@Y}2bU0#k8i&{QkjLRSW-sUP~@=dShVC-Oi#H7FLt2YkK!+1Rd zj$2yJ6ydVI@X~>NIwsWhiOwYo6H6Y}I45!WVm<4u3+VFT6*EL4Y0MJX7eVz9;wPT;5iKaiz2qjw7J z!cT8qO=I*rPS3QDeR)@=a^2T&9@z#)j?Zh&B(Arv-9_Vt7nOUQ7m_|1ZlVo39zg>g z1wW5ur0%Kr={T&P*QuY*>wLfHaoFxLfBE8bgkz0Dz{u=Uw*5V1mPeDR%=?GO0(rus zWwA!1j>L3CM_TKFy+x`o&2v5RCOV!GT4P~!FADFv@oH#q!y2}0dr`ju4=E!lHQXZZ z*#NoC29?~VeIZ`A^xe5^R8g)`bs9?#ae5ULXF4N`C7?Ld_>afg-2=0W8r?@GvuY`* zWO#q`Ks*kgRpaGXEH~SD!V0_2w2LiE0$dP3bVx|;=wWP_2!Bw%yw-)21t=uDZ}Ku z(M?Cfs9(AT*0+A!J-WFq_*SX!K)8RVEcaNYZ>|wAyPFB>$4E*k+b^*9tzFC%Ng4NF z!Og$b_wj7rj7oj4K$Hp4B`;tmhR)tMr-xo7ucYLKgsnH8KSz#D_A77UGr%n_eLjIT6}A<`+w^(+_HDMG^vw+2$jy_HX+fKzKnB-s@HK z?oQ;h14H9hEZ+dG|F7?k~) z1l3YSl%ks8)obO}{T9WkiNoY66N)f74&hMulu+x#9QIt2l(xGrrQ;YccMtmA2+w<7 zS9O&Zs0@mIn`UL@fsoT6y!=RU5QBrO8Y2NCe#SgzmKwTjJ5!j^dSsWtv0QB3kP5^% z>CW#9L*H(Tsv>OBJz#t$(-Auxo#|NYZ+m?83`Dp~{<^N{o0aeSWfOIL`_{0Nng9;f14*OSXgz%T0<@qbC z^lIl+0u@7AnJ{#J--jEFQNYBWngCke=j_8kyLRLtHIw(IvHo+X!dJAU6cUpq zqg&llf`eb>*>Laogy5!^WR_x*a;GPUV;oWirOi5|%f9)%TdVujd8 ztahL%l!u%8pXZ>V*AqGRm`dJYp&GL2qawdW1E5OFOZXn{L-s}Ej(Lsjaz*`T;hLPN zPJ6}pF)2>8H|xWLwiwbO`zBFpy}DY0!6zQ{e{!ipvwiFqsgk<=!S!yag|`Y{x_|AB JZg2_8`U`^6(GCCr literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index 249d6de806..8ee9cd8e12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -29,12 +29,20 @@ Managing incidents is an important part of every cybersecurity operation. You ca Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details. -![Image of the incidents management pane](images/atp-incidents-mgt-pane.png) +![Image of the incidents management pane](images/atp-incidents-mgt-pane-updated.png) -You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress. +You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress. -![Image of incident detail page](images/atp-incident-details-page.png) +> [!TIP] +> For additional visibility at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident. +> +> For example: *Multi-stage incident on multiple endpoints reported by multiple sources.* +> +> Incidents that existed prior the rollout of automatic incident naming will not have their name changed. +> +> Learn more about [turning on preview features](preview.md#turn-on-preview-features). +![Image of incident detail page](images/atp-incident-details-updated.png) ## Assign incidents If an incident has not been assigned yet, you can select **Assign to me** to assign the incident to yourself. Doing so assumes ownership of not just the incident, but also all the alerts associated with it. diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md index f215fda3db..0a72f9fa7d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md @@ -63,6 +63,17 @@ You can choose to limit the list of incidents shown based on their status to see ### Data sensitivity Use this filter to show incidents that contain sensitivity labels. +## Incident naming + +To understand the incident's scope at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. + +For example: *Multi-stage incident on multiple endpoints reported by multiple sources.* + +> [!NOTE] +> Incidents that existed prior the rollout of automatic incident naming will not have their name changed. + +Learn more about [turning on preview features](preview.md#turn-on-preview-features). + ## Related topics - [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) - [Manage incidents](manage-incidents.md) From f67f940aa6e983b13477718beb18e2c62612355b Mon Sep 17 00:00:00 2001 From: ashwin-pr <66497769+ashwin-pr@users.noreply.github.com> Date: Thu, 16 Jul 2020 16:06:39 +0530 Subject: [PATCH 091/102] Updated hyperlink to point to the right link --- .../microsoft-defender-atp/android-configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index 182bb5e356..307e0470c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -30,7 +30,7 @@ based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. For more information on how to setup Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and -Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#configure-web-protection-on-devices-that-run-android). +Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). ## Configure custom indicators From 160fb76d6b9cc88502d3a0979afac966cd862362 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 16 Jul 2020 09:30:57 -0700 Subject: [PATCH 092/102] pencil edit --- .../microsoft-defender-atp/android-configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index 307e0470c1..478249c6d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -29,7 +29,7 @@ Directory enables enforcing Device compliance and Conditional Access policies based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. -For more information on how to setup Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and +For more information on how to set up Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). From 0f7b22f8b638ade08fc99e83b2f0ca1999083d96 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 16 Jul 2020 09:50:27 -0700 Subject: [PATCH 093/102] pencil edit --- .../microsoft-defender-atp/android-configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index 478249c6d3..4c9046ca63 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -29,7 +29,7 @@ Directory enables enforcing Device compliance and Conditional Access policies based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. -For more information on how to set up Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and +For more information about how to set up Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). From fcf40f3c0340234fa8ae90b2d0b3c8a20c9189af Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 16 Jul 2020 11:33:19 -0700 Subject: [PATCH 094/102] Update enable-controlled-folders.md --- .../enable-controlled-folders.md | 23 ++++++++++++------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md index 1fe945f148..4fa6b49fc9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md @@ -60,19 +60,21 @@ For more information about disabling local list merging, see [Prevent or allow u ## Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. -1. Click **Device configuration** > **Profiles** > **Create profile**. -1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. - ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) -1. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**. -1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. - ![Enable controlled folder access in Intune](../images/enable-cfa-intune.png) +2. Click **Device configuration** > **Profiles** > **Create profile**. + +3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
+ +4. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**. + +5. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.
![Enable controlled folder access in Intune](../images/enable-cfa-intune.png)
> [!NOTE] > Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. -1. Click **OK** to save each open blade and click **Create**. -1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. +6. Click **OK** to save each open blade and click **Create**. + +7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. ## MDM @@ -81,12 +83,17 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt ## Microsoft Endpoint Configuration Manager 1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. + 2. Click **Home** > **Create Exploit Guard Policy**. + 3. Enter a name and a description, click **Controlled folder access**, and click **Next**. + 4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**. > [!NOTE] > Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. + 5. Review the settings and click **Next** to create the policy. + 6. After the policy is created, click **Close**. ## Group Policy From d3e585fdd3701e6c7dbed6988aeb2f6a74756e15 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 16 Jul 2020 13:29:26 -0700 Subject: [PATCH 095/102] Changed bold to Italic for emphasis --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 1648a29310..3c5cf80686 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3256,7 +3256,7 @@ The following list shows the supported values: > [!NOTE] -> This policy is **only** recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. +> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. From b4c1e288146f1627fc4a1e1be2786841749f7caf Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 17 Jul 2020 10:15:59 -0700 Subject: [PATCH 096/102] added new videos --- .../windows-autopilot/deployment-process.md | 12 +++++++++++- .../windows-autopilot-scenarios.md | 6 ++++++ .../windows-autopilot/windows-autopilot.md | 18 ++++++------------ 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/windows/deployment/windows-autopilot/deployment-process.md b/windows/deployment/windows-autopilot/deployment-process.md index 6723d50e35..0c22b52f04 100644 --- a/windows/deployment/windows-autopilot/deployment-process.md +++ b/windows/deployment/windows-autopilot/deployment-process.md @@ -24,4 +24,14 @@ Windows Autopilot deployment processes are summarized in the poster below. The p [![Deploy Windows 10 with Autopilot](../media/windows10-autopilot-flowchart.png)](../media/Windows10AutopilotFlowchart.pdf) -**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager). \ No newline at end of file +**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager). + +## Windows Autopilot walkthrough + +The following video shows the process of setting up Windows Autopilot: + +
+ + + +This video is also available [here](https://www.microsoft.com/videoplayer/embed/RE4ATOx). \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md index ab95bacbee..16abf999ea 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md @@ -35,6 +35,12 @@ The following Windows Autopilot scenarios are described in this guide: | Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) | | Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) | +These scenarios are summarized in the following video. + +  + +> [!video https://www.microsoft.com/videoplayer/embed/RE4Ci1b?autoplay=false] + ## Windows Autopilot capabilities ### Windows Autopilot is self-updating during OOBE diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md index cf333e1a55..16e1781d6e 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot.md +++ b/windows/deployment/windows-autopilot/windows-autopilot.md @@ -25,9 +25,13 @@ ms.topic: article Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple. -Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following diagram: +Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following video and diagram: - ![Process overview](images/image1.png) +  + +> [!video https://www.microsoft.com/videoplayer/embed/RE4C7G9?autoplay=false] + +![Process overview](images/image1.png) When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features. @@ -40,16 +44,6 @@ Windows Autopilot enables you to: * Create and auto-assign devices to configuration groups based on a device's profile. * Customize OOBE content specific to the organization. -## Windows Autopilot walkthrough - -The following video shows the process of setting up Windows Autopilot: - -
- - - -This video is also available [here](https://www.microsoft.com/videoplayer/embed/RE4ATOx). - ## Benefits of Windows Autopilot Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach. From 510d8d01167c909826b981bb013a482fcc27be8d Mon Sep 17 00:00:00 2001 From: sazankha <67922512+sazankha@users.noreply.github.com> Date: Fri, 17 Jul 2020 10:32:39 -0700 Subject: [PATCH 097/102] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 0a946cec7c..8c53e5bb46 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -107,3 +107,7 @@ Windows Defender Application Guard accesses files from a VHD mounted on the host If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. +### Why am I getting the error message ("ERROR_VIRTUAL_DISK_LIMITATION")? + +Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. + From 1e1aeef1b193369d36993d25dc6074a8786604db Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 17 Jul 2020 11:13:17 -0700 Subject: [PATCH 098/102] remove old video --- .../windows-autopilot/deployment-process.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/windows/deployment/windows-autopilot/deployment-process.md b/windows/deployment/windows-autopilot/deployment-process.md index 0c22b52f04..6723d50e35 100644 --- a/windows/deployment/windows-autopilot/deployment-process.md +++ b/windows/deployment/windows-autopilot/deployment-process.md @@ -24,14 +24,4 @@ Windows Autopilot deployment processes are summarized in the poster below. The p [![Deploy Windows 10 with Autopilot](../media/windows10-autopilot-flowchart.png)](../media/Windows10AutopilotFlowchart.pdf) -**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager). - -## Windows Autopilot walkthrough - -The following video shows the process of setting up Windows Autopilot: - -
- - - -This video is also available [here](https://www.microsoft.com/videoplayer/embed/RE4ATOx). \ No newline at end of file +**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager). \ No newline at end of file From ad933f3a62a31b85722a9b2ea81769801eb58d07 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 17 Jul 2020 11:34:21 -0700 Subject: [PATCH 099/102] pencil edit --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 8c53e5bb46..ad435fd8ad 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -95,7 +95,7 @@ Microsoft Defender Application Guard accesses files from a VHD mounted on the ho ### Why do the Network Isolation policies in Group Policy and CSP look different? -There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatary network isolation policies to deploy WDAG are different between CSP and GP. +There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP. Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources" Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" From 32468767f9a83b3b5b490adabd3ff787a3bfc7a6 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 17 Jul 2020 13:28:35 -0700 Subject: [PATCH 100/102] updated api topics --- .../get-all-vulnerabilities-by-machines.md | 16 +++++++++------- .../next-gen-threat-and-vuln-mgt.md | 1 + 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index de0e5c2508..3ec0c82630 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -1,5 +1,5 @@ --- -title: Get all vulnerabilities by Machine and Software +title: Get all vulnerabilities by machine and software description: Retrieves a list of all the vulnerabilities affecting the organization by Machine and Software keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api search.product: eADQiWindows 10XVcnh @@ -16,13 +16,14 @@ ms.collection: M365-security-compliance ms.topic: article --- -# List vulnerabilities by Machine and Software +# List vulnerabilities by machine and software + **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Retrieves a list of all the vulnerabilities affecting the organization per [Machine](machine.md) and [Software](software.md). -
If the vulnerability has a fixing KB, it will appear in the response. -
Supports [OData V4 queries](https://www.odata.org/documentation/). -
The OData ```$filter``` is supported on all properties. +Retrieves a list of all the vulnerabilities affecting the organization per [machine](machine.md) and [software](software.md). +- If the vulnerability has a fixing KB, it will appear in the response. +- Supports [OData V4 queries](https://www.odata.org/documentation/). +- The OData ```$filter``` is supported on all properties. >[!Tip] >This is great API for [Power BI integration](api-power-bi.md). @@ -100,5 +101,6 @@ Here is an example of the response. ``` ## Related topics -- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) + +- [Risk-based threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) - [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 05fb5adc3b..0f1e02ecd1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -110,6 +110,7 @@ See the following topics for related APIs: - [Score APIs](score.md) - [Software APIs](software.md) - [Vulnerability APIs](vulnerability.md) +- [List vulnerabilities by machine and software](get-all-vulnerabilities-by-machines.md) ## Related topics From 18c98c3a8201efcd30929fe7fff7bdb1b51d68f3 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Fri, 17 Jul 2020 21:23:04 -0700 Subject: [PATCH 101/102] Fixing it-showcase link in WHFB --- .../identity-protection/hello-for-business/hello-overview.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 0b032dbbdc..6a70672f7a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -99,7 +99,9 @@ Windows Hello for Business with a key does not support RDP. RDP does not support ## Learn more -[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/itshowcase/implementing-windows-hello-for-business-at-microsoft) +[Implementing strong user authentication with Windows Hello for Business](https://www.microsoft.com/en-us/itshowcase/implementing-strong-user-authentication-with-windows-hello-for-business) + +[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/en-us/itshowcase/implementing-windows-hello-for-business-at-microsoft) [Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy From b59d63b9188b7bd00a3eb1d0c0245d0d0259b486 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 20 Jul 2020 15:45:03 +0300 Subject: [PATCH 102/102] 1 --- .../microsoft-defender-atp/alerts.md | 8 +- .../exposed-apis-odata-samples.md | 221 +++++++++++------- .../microsoft-defender-atp/get-alerts.md | 184 ++++++++++++--- .../microsoft-defender-atp/get-machines.md | 2 +- 4 files changed, 305 insertions(+), 110 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index e8811269cd..820026e626 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -49,9 +49,9 @@ lastEventTime | Nullable DateTimeOffset | The last occurrence of the event that firstEventTime | Nullable DateTimeOffset | The first occurrence of the event that triggered the alert on that device. lastUpdateTime | Nullable DateTimeOffset | The date and time (in UTC) the alert was last updated. resolvedTime | Nullable DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'. -incidentId | Nullable Long | The [Incident](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) ID of the Alert. -investigationId | Nullable Long | The [Investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) ID related to the Alert. -investigationState | Nullable Enum | The current state of the [Investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign', 'Failed', 'PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert'. +incidentId | Nullable Long | The [Incident](view-incidents-queue.md) ID of the Alert. +investigationId | Nullable Long | The [Investigation](automated-investigations.md) ID related to the Alert. +investigationState | Nullable Enum | The current state of the [Investigation](automated-investigations.md). Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign', 'Failed', 'PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert'. assignedTo | String | Owner of the alert. severity | Enum | Severity of the alert. Possible values are: 'UnSpecified', 'Informational', 'Low', 'Medium' and 'High'. status | Enum | Specifies the current status of the alert. Possible values are: 'Unknown', 'New', 'InProgress' and 'Resolved'. @@ -61,6 +61,8 @@ category| String | Category of the alert. detectionSource | String | Detection source. threatFamilyName | String | Threat family. machineId | String | ID of a [machine](machine.md) entity that is associated with the alert. +computerDnsName | String | [machine](machine.md) fully qualified name. +aadTenantId | String | The Azure Active Directory ID. comments | List of Alert comments | Alert Comment is an object that contains: comment string, createdBy string and createTime date time. ### Response example for getting single alert: diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md index 908028109d..37e873ced5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md @@ -29,98 +29,172 @@ Not all properties are filterable. ## Properties that supports $filter: -- [Alert](alerts.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category. -- [Machine](machine.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId. -- [MachineAction](machineaction.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc. +- [Alert](alerts.md): ```alertCreationTime```, ```lastUpdateTime```, ```incidentId```,```InvestigationId```, ```status```, ```severity``` and ```category```. +- [Machine](machine.md): ```ComputerDnsName```, ```LastSeen```, ```HealthStatus```, ```OsPlatform```, ```RiskScore``` and ```RbacGroupId```. +- [MachineAction](machineaction.md): ```Status```, ```MachineId```, ```Type```, ```Requestor``` and ```CreationDateTimeUtc```. +- [Indicator](ti-indicator.md): ```indicatorValue```, ```indicatorType```, ```creationTimeDateTimeUtc```, ```createdBy```, ```severity ``` and ```action ```. ### Example 1 -Get all the devices with the tag 'ExampleTag' +Get 10 latest Alerts with related Evidence ``` -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=machineTags/any(tag: tag eq 'ExampleTag') +HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence ``` **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts", "value": [ - { - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", - "computerDnsName": "mymachine1.contoso.com", - "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", - "osPlatform": "Windows10", - "version": "1709", - "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, - "healthStatus": "Active", - "rbacGroupId": 140, - "rbacGroupName": "The-A-Team", - "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "ExampleTag" ] - }, - ... - ] + { + "id": "da637306396589640224_1753239473", + "incidentId": 875832, + "investigationId": 478434, + "assignedTo": null, + "severity": "Low", + "status": "New", + "classification": null, + "determination": null, + "investigationState": "PendingApproval", + "detectionSource": "WindowsDefenderAv", + "category": "UnwantedSoftware", + "threatFamilyName": "InstallCore", + "title": "An active 'InstallCore' unwanted software was detected", + "description": "Potentially unwanted applications (PUA) often impact productivity and performance and are often unwanted in enterprise environments. This category of applications include torrent downloaders, cryptocurrency miners, browser advertising software, and evasion software.\n\nAn application is considered active if it is found running on the machine or it already has persistence mechanisms in place.\n\nBecause this PUA was active, take precautionary measures and check for residual signs of infection.", + "alertCreationTime": "2020-07-18T03:27:38.9483995Z", + "firstEventTime": "2020-07-18T03:25:39.6124549Z", + "lastEventTime": "2020-07-18T03:26:18.4362304Z", + "lastUpdateTime": "2020-07-18T03:28:19.76Z", + "resolvedTime": null, + "machineId": "97868b864dc8fa09cc8726c37a1fcd8ab582f3aa", + "computerDnsName": "temp2.redmond.corp.microsoft.com", + "rbacGroupName": "Ring0", + "aadTenantId": "12f988bf-1234-1234-91ab-2d7cd011db47", + "relatedUser": { + "userName": "temp2", + "domainName": "REDMOND" + }, + "comments": [], + "evidence": [ + { + "entityType": "File", + "sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c", + "sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2", + "fileName": "Your File Is Ready To Download_1911150169.exe", + "filePath": "C:\\Users\\temp2\\Downloads", + "processId": null, + "processCommandLine": null, + "processCreationTime": null, + "parentProcessId": null, + "parentProcessCreationTime": null, + "ipAddress": null, + "url": null, + "accountName": null, + "domainName": null, + "userSid": null, + "aadUserId": null, + "userPrincipalName": null + }, + { + "entityType": "Process", + "sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c", + "sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2", + "fileName": "Your File Is Ready To Download_1911150169.exe", + "filePath": "C:\\Users\\temp2\\Downloads", + "processId": 24348, + "processCommandLine": "\"Your File Is Ready To Download_1911150169.exe\" ", + "processCreationTime": "2020-07-18T03:25:38.5269993Z", + "parentProcessId": 16840, + "parentProcessCreationTime": "2020-07-18T02:12:32.8616797Z", + "ipAddress": null, + "url": null, + "accountName": null, + "domainName": null, + "userSid": null, + "aadUserId": null, + "userPrincipalName": null + }, + { + "entityType": "User", + "sha1": null, + "sha256": null, + "fileName": null, + "filePath": null, + "processId": null, + "processCommandLine": null, + "processCreationTime": null, + "parentProcessId": null, + "parentProcessCreationTime": null, + "ipAddress": null, + "url": null, + "accountName": "temp2", + "domainName": "REDMOND", + "userSid": "S-1-5-21-1127532184-1642412920-1887927527-75363", + "aadUserId": "319dc320-4ce3-4cd7-a0de-c476d146342d", + "userPrincipalName": "temp2@microsoft.com" + } + ] + }, + ... + ] } ``` ### Example 2 -Get all the alerts that created after 2018-10-20 00:00:00 +Get all the alerts last updated after 2019-10-20 00:00:00 ``` -HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime+gt+2018-11-22T00:00:00Z +HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z ``` **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts", "value": [ { - "id": "da637084217856368682_-292920499", - "incidentId": 66860, - "investigationId": 4416234, - "investigationState": "Running", - "assignedTo": "secop@contoso.com", - "severity": "Low", - "status": "New", - "classification": "TruePositive", - "determination": null, - "detectionSource": "WindowsDefenderAtp", - "category": "CommandAndControl", - "threatFamilyName": null, - "title": "Network connection to a risky host", - "description": "A network connection was made to a risky host which has exhibited malicious activity.", - "alertCreationTime": "2019-11-03T23:49:45.3823185Z", - "firstEventTime": "2019-11-03T23:47:16.2288822Z", - "lastEventTime": "2019-11-03T23:47:51.2966758Z", - "lastUpdateTime": "2019-11-03T23:55:52.6Z", - "resolvedTime": null, - "machineId": "986e5df8b73dacd43c8917d17e523e76b13c75cd", + "id": "da637308392288907382_-880718168", + "incidentId": 7587, + "investigationId": 723156, + "assignedTo": "secop123@contoso.com", + "severity": "Low", + "status": "New", + "classification": "TruePositive", + "determination": null, + "investigationState": "Queued", + "detectionSource": "WindowsDefenderAv", + "category": "SuspiciousActivity", + "threatFamilyName": "Meterpreter", + "title": "Suspicious 'Meterpreter' behavior was detected", + "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nA malware is considered active if it is found running on the machine or it already has persistence mechanisms in place. Active malware detections are assigned higher severity ratings.\n\nBecause this malware was active, take precautionary measures and check for residual signs of infection.", + "alertCreationTime": "2020-07-20T10:53:48.7657932Z", + "firstEventTime": "2020-07-20T10:52:17.6654369Z", + "lastEventTime": "2020-07-20T10:52:18.1362905Z", + "lastUpdateTime": "2020-07-20T10:53:50.19Z", + "resolvedTime": null, + "machineId": "12ee6dd8c833c8a052ea231ec1b19adaf497b625", + "computerDnsName": "temp123.middleeast.corp.microsoft.com", + "rbacGroupName": "MiddleEast", + "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c", + "relatedUser": { + "userName": "temp123", + "domainName": "MIDDLEEAST" + }, "comments": [ { "comment": "test comment for docs", - "createdBy": "secop@contoso.com", - "createdTime": "2019-11-05T14:08:37.8404534Z" + "createdBy": "secop123@contoso.com", + "createdTime": "2020-07-21T01:00:37.8404534Z" } - ] - }, - ... - ] + ], + "evidence": [] + } + ... + ] } ``` @@ -134,9 +208,7 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+ **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ @@ -175,9 +247,7 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStat **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ @@ -216,9 +286,7 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen g **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ @@ -257,10 +325,8 @@ HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requ **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json -{ +```json +json{ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", "value": [ { @@ -291,10 +357,7 @@ HTTP GET https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415 **Response:** -``` -HTTP/1.1 200 OK -Content-type: application/json - +```json 4 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index dc8f29bd61..b86855ce76 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -26,7 +26,11 @@ ms.topic: article ## API description Retrieves a collection of Alerts.
Supports [OData V4 queries](https://www.odata.org/documentation/). -
The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```lastUpdateTime```, ```incidentId```,```InvestigationId```, ```status```, ```severity``` and ```category``` properties. +
OData supported operators: +
```$filter``` on: ```alertCreationTime```, ```lastUpdateTime```, ```incidentId```,```InvestigationId```, ```status```, ```severity``` and ```category``` properties. +
```$top``` with max value of 10,000 +
```$skip``` +
```$expand``` of ```evidence```
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) @@ -70,14 +74,14 @@ Empty If successful, this method returns 200 OK, and a list of [alert](alerts.md) objects in the response body. -## Example +## Example 1 - Default **Request** Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/alerts +GET https://api.securitycenter.microsoft.com/api/alerts ``` [!include[Improve request performance](../../includes/improve-request-performance.md)] @@ -93,41 +97,167 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts", "value": [ { - "id": "da637084217856368682_-292920499", - "incidentId": 66860, - "investigationId": 4416234, - "assignedTo": "secop@contoso.com", - "severity": "Low", - "status": "New", - "classification": "TruePositive", - "determination": null, - "investigationState": "Running", - "detectionSource": "WindowsDefenderAtp", - "category": "CommandAndControl", - "threatFamilyName": null, - "title": "Network connection to a risky host", - "description": "A network connection was made to a risky host which has exhibited malicious activity.", - "alertCreationTime": "2019-11-03T23:49:45.3823185Z", - "firstEventTime": "2019-11-03T23:47:16.2288822Z", - "lastEventTime": "2019-11-03T23:47:51.2966758Z", - "lastUpdateTime": "2019-11-03T23:55:52.6Z", - "resolvedTime": null, - "machineId": "986e5df8b73dacd43c8917d17e523e76b13c75cd", + "id": "da637308392288907382_-880718168", + "incidentId": 7587, + "investigationId": 723156, + "assignedTo": "secop123@contoso.com", + "severity": "Low", + "status": "New", + "classification": "TruePositive", + "determination": null, + "investigationState": "Queued", + "detectionSource": "WindowsDefenderAv", + "category": "SuspiciousActivity", + "threatFamilyName": "Meterpreter", + "title": "Suspicious 'Meterpreter' behavior was detected", + "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nA malware is considered active if it is found running on the machine or it already has persistence mechanisms in place. Active malware detections are assigned higher severity ratings.\n\nBecause this malware was active, take precautionary measures and check for residual signs of infection.", + "alertCreationTime": "2020-07-20T10:53:48.7657932Z", + "firstEventTime": "2020-07-20T10:52:17.6654369Z", + "lastEventTime": "2020-07-20T10:52:18.1362905Z", + "lastUpdateTime": "2020-07-20T10:53:50.19Z", + "resolvedTime": null, + "machineId": "12ee6dd8c833c8a052ea231ec1b19adaf497b625", + "computerDnsName": "temp123.middleeast.corp.microsoft.com", + "rbacGroupName": "MiddleEast", + "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c", + "relatedUser": { + "userName": "temp123", + "domainName": "MIDDLEEAST" + }, "comments": [ { "comment": "test comment for docs", - "createdBy": "secop@contoso.com", - "createdTime": "2019-11-05T14:08:37.8404534Z" + "createdBy": "secop123@contoso.com", + "createdTime": "2020-07-21T01:00:37.8404534Z" } - ] + ], + "evidence": [] } ... ] } ``` +## Example 2 - Get 10 latest Alerts with related Evidence + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence +``` + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. All alerts will be returned from an actual call. + + +```json +{ + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts", + "value": [ + { + "id": "da637306396589640224_1753239473", + "incidentId": 875832, + "investigationId": 478434, + "assignedTo": null, + "severity": "Low", + "status": "New", + "classification": null, + "determination": null, + "investigationState": "PendingApproval", + "detectionSource": "WindowsDefenderAv", + "category": "UnwantedSoftware", + "threatFamilyName": "InstallCore", + "title": "An active 'InstallCore' unwanted software was detected", + "description": "Potentially unwanted applications (PUA) often impact productivity and performance and are often unwanted in enterprise environments. This category of applications include torrent downloaders, cryptocurrency miners, browser advertising software, and evasion software.\n\nAn application is considered active if it is found running on the machine or it already has persistence mechanisms in place.\n\nBecause this PUA was active, take precautionary measures and check for residual signs of infection.", + "alertCreationTime": "2020-07-18T03:27:38.9483995Z", + "firstEventTime": "2020-07-18T03:25:39.6124549Z", + "lastEventTime": "2020-07-18T03:26:18.4362304Z", + "lastUpdateTime": "2020-07-18T03:28:19.76Z", + "resolvedTime": null, + "machineId": "97868b864dc8fa09cc8726c37a1fcd8ab582f3aa", + "computerDnsName": "temp2.redmond.corp.microsoft.com", + "rbacGroupName": "Ring0", + "aadTenantId": "12f988bf-1234-1234-91ab-2d7cd011db47", + "relatedUser": { + "userName": "temp2", + "domainName": "REDMOND" + }, + "comments": [], + "evidence": [ + { + "entityType": "File", + "sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c", + "sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2", + "fileName": "Your File Is Ready To Download_1911150169.exe", + "filePath": "C:\\Users\\temp2\\Downloads", + "processId": null, + "processCommandLine": null, + "processCreationTime": null, + "parentProcessId": null, + "parentProcessCreationTime": null, + "ipAddress": null, + "url": null, + "accountName": null, + "domainName": null, + "userSid": null, + "aadUserId": null, + "userPrincipalName": null + }, + { + "entityType": "Process", + "sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c", + "sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2", + "fileName": "Your File Is Ready To Download_1911150169.exe", + "filePath": "C:\\Users\\temp2\\Downloads", + "processId": 24348, + "processCommandLine": "\"Your File Is Ready To Download_1911150169.exe\" ", + "processCreationTime": "2020-07-18T03:25:38.5269993Z", + "parentProcessId": 16840, + "parentProcessCreationTime": "2020-07-18T02:12:32.8616797Z", + "ipAddress": null, + "url": null, + "accountName": null, + "domainName": null, + "userSid": null, + "aadUserId": null, + "userPrincipalName": null + }, + { + "entityType": "User", + "sha1": null, + "sha256": null, + "fileName": null, + "filePath": null, + "processId": null, + "processCommandLine": null, + "processCreationTime": null, + "parentProcessId": null, + "parentProcessCreationTime": null, + "ipAddress": null, + "url": null, + "accountName": "temp2", + "domainName": "REDMOND", + "userSid": "S-1-5-21-1127532184-1642412920-1887927527-75363", + "aadUserId": "319dc320-4ce3-4cd7-a0de-c476d146342d", + "userPrincipalName": "temp2@microsoft.com" + } + ] + }, + ... + ] +} +``` + + ## Related topics - [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index e46fe6e5cd..74c8253d5d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -26,7 +26,7 @@ ms.topic: article ## API description Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud on the last 30 days.
Supports [OData V4 queries](https://www.odata.org/documentation/). -
The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```lastIpAddress```, ```healthStatus```, ```osPlatform```, ```riskScore```, ```rbacGroupId``` and ```machineTags``` properties. +
The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```healthStatus```, ```osPlatform```, ```riskScore``` and ```rbacGroupId```.
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)