From d07b0d86f6869b9e1b4e902f7601b8bc4682eecb Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 22 Sep 2021 14:39:09 +0300 Subject: [PATCH 001/335] Update token elevation type values https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9920 --- .../threat-protection/auditing/event-4688.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index fbb93d7b9b..22f0be469e 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -154,11 +154,11 @@ This event generates every time a new process starts. - **Token Elevation Type** \[Type = UnicodeString\]**:** - - **TokenElevationTypeDefault (1):** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. + - **%%1936:** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. - - **TokenElevationTypeFull (2):** Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. + - **%%1937:** Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. - - **TokenElevationTypeLimited (3):** Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. + - **%%1938:** Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. - **Mandatory Label** \[Version 2\] \[Type = SID\]**:** SID of [integrity label](/windows/win32/secauthz/mandatory-integrity-control) which was assigned to the new process. Can have one of the following values: @@ -207,10 +207,10 @@ For 4688(S): A new process has been created. - It can be unusual for a process to run using a local account in either **Creator Subject\\Security ID** or in **Target** **Subject\\Security ID**. -- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. Typically this means that UAC is disabled for this account for some reason. +- Monitor for **Token Elevation Type** with value **%%1936** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. Typically this means that UAC is disabled for this account for some reason. -- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. This means that a user ran a program using administrative privileges. +- Monitor for **Token Elevation Type** with value **%%1937** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. This means that a user ran a program using administrative privileges. -- You can also monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs. +- You can also monitor for **Token Elevation Type** with value **%%1937** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs. -- If you need to monitor all new processes with a specific Mandatory Label, for example S-1-16-20480 (Protected process), check the "**Mandatory Label**" in this event. \ No newline at end of file +- If you need to monitor all new processes with a specific Mandatory Label, for example S-1-16-20480 (Protected process), check the "**Mandatory Label**" in this event. From 356e56d25d3fce5fc4db68c9b5c94fff29f77a20 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 23 Sep 2021 09:21:09 +0300 Subject: [PATCH 002/335] Update windows/security/threat-protection/auditing/event-4688.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/event-4688.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 22f0be469e..1aae0dcddb 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -154,7 +154,7 @@ This event generates every time a new process starts. - **Token Elevation Type** \[Type = UnicodeString\]**:** - - **%%1936:** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. + - **%%1936:** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC is disabled by default), service account, or local system account. - **%%1937:** Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. From 9fe817e86791d952d5ec1abb2ee31c0d16f748c6 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 13:31:42 +0530 Subject: [PATCH 003/335] changed metadata --- .../identity-protection/access-control/access-control.md | 2 +- .../access-control/active-directory-accounts.md | 2 +- .../access-control/active-directory-security-groups.md | 2 +- .../access-control/dynamic-access-control.md | 2 +- .../identity-protection/access-control/local-accounts.md | 2 +- .../identity-protection/access-control/microsoft-accounts.md | 2 +- .../identity-protection/access-control/security-identifiers.md | 2 +- .../identity-protection/access-control/security-principals.md | 2 +- .../identity-protection/access-control/service-accounts.md | 2 +- .../identity-protection/access-control/special-identities.md | 2 +- windows/security/identity-protection/configure-s-mime.md | 2 +- .../credential-guard/additional-mitigations.md | 2 +- .../credential-guard/credential-guard-considerations.md | 2 +- .../credential-guard/credential-guard-how-it-works.md | 2 +- .../credential-guard/credential-guard-known-issues.md | 2 +- .../credential-guard/credential-guard-manage.md | 2 +- .../credential-guard-not-protected-scenarios.md | 2 +- .../credential-guard/credential-guard-protection-limits.md | 2 +- .../credential-guard/credential-guard-requirements.md | 2 +- .../credential-guard/credential-guard-scripts.md | 2 +- .../identity-protection/credential-guard/credential-guard.md | 2 +- .../identity-protection/credential-guard/dg-readiness-tool.md | 2 +- .../identity-protection/enterprise-certificate-pinning.md | 2 +- .../identity-protection/hello-for-business/WebAuthnAPIs.md | 2 +- .../hello-for-business/feature-multifactor-unlock.md | 2 +- .../hello-for-business/hello-aad-join-cloud-only-deploy.md | 2 +- .../hello-for-business/hello-adequate-domain-controllers.md | 2 +- .../hello-for-business/hello-and-password-changes.md | 2 +- .../hello-for-business/hello-biometrics-in-enterprise.md | 2 +- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- .../hello-for-business/hello-cert-trust-policy-settings.md | 2 +- .../hello-for-business/hello-cert-trust-validate-ad-prereq.md | 2 +- .../hello-for-business/hello-cert-trust-validate-deploy-mfa.md | 2 +- .../hello-for-business/hello-cert-trust-validate-pki.md | 2 +- .../hello-for-business/hello-deployment-cert-trust.md | 2 +- .../hello-for-business/hello-deployment-guide.md | 2 +- .../hello-for-business/hello-deployment-issues.md | 2 +- .../hello-for-business/hello-deployment-key-trust.md | 2 +- .../hello-for-business/hello-deployment-rdp-certs.md | 2 +- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- .../identity-protection/hello-for-business/hello-event-300.md | 2 +- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- .../hello-for-business/hello-feature-conditional-access.md | 2 +- .../hello-for-business/hello-feature-dual-enrollment.md | 2 +- .../hello-for-business/hello-feature-dynamic-lock.md | 2 +- .../hello-for-business/hello-feature-pin-reset.md | 2 +- .../hello-for-business/hello-feature-remote-desktop.md | 2 +- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- .../hello-for-business/hello-how-it-works-provisioning.md | 2 +- .../hello-for-business/hello-how-it-works-technology.md | 2 +- .../hello-for-business/hello-how-it-works.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso.md | 2 +- .../hello-for-business/hello-hybrid-cert-new-install.md | 2 +- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 2 +- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- .../hello-for-business/hello-hybrid-cert-trust.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-settings-ad.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md | 2 +- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-settings-pki.md | 2 +- .../hello-hybrid-cert-whfb-settings-policy.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-settings.md | 2 +- .../hello-for-business/hello-hybrid-key-new-install.md | 2 +- .../hello-for-business/hello-hybrid-key-trust-devreg.md | 2 +- .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 2 +- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- .../hello-for-business/hello-hybrid-key-trust.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-provision.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings-ad.md | 2 +- .../hello-hybrid-key-whfb-settings-dir-sync.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings.md | 2 +- .../hello-for-business/hello-identity-verification.md | 2 +- .../hello-for-business/hello-key-trust-adfs.md | 2 +- .../hello-for-business/hello-key-trust-policy-settings.md | 2 +- .../hello-for-business/hello-key-trust-validate-ad-prereq.md | 2 +- .../hello-for-business/hello-key-trust-validate-deploy-mfa.md | 2 +- .../hello-for-business/hello-key-trust-validate-pki.md | 2 +- .../hello-for-business/hello-manage-in-organization.md | 2 +- .../identity-protection/hello-for-business/hello-overview.md | 2 +- .../hello-for-business/hello-planning-guide.md | 2 +- .../hello-for-business/hello-prepare-people-to-use.md | 2 +- .../identity-protection/hello-for-business/hello-videos.md | 2 +- .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +- .../security/identity-protection/hello-for-business/index.yml | 2 +- .../hello-for-business/microsoft-compatible-security-key.md | 2 +- .../hello-for-business/passwordless-strategy.md | 2 +- .../hello-for-business/reset-security-key.md | 2 +- .../hello-for-business/retired/hello-how-it-works.md | 2 +- windows/security/identity-protection/index.md | 2 +- .../installing-digital-certificates-on-windows-10-mobile.md | 2 +- windows/security/identity-protection/password-support-policy.md | 2 +- windows/security/identity-protection/remote-credential-guard.md | 2 +- .../smart-cards/smart-card-and-remote-desktop-services.md | 2 +- .../identity-protection/smart-cards/smart-card-architecture.md | 2 +- .../smart-cards/smart-card-certificate-propagation-service.md | 2 +- .../smart-card-certificate-requirements-and-enumeration.md | 2 +- .../smart-cards/smart-card-debugging-information.md | 2 +- .../identity-protection/smart-cards/smart-card-events.md | 2 +- .../smart-card-group-policy-and-registry-settings.md | 2 +- .../smart-card-how-smart-card-sign-in-works-in-windows.md | 2 +- .../smart-cards/smart-card-removal-policy-service.md | 2 +- .../smart-cards/smart-card-smart-cards-for-windows-service.md | 2 +- .../smart-cards/smart-card-tools-and-settings.md | 2 +- .../smart-card-windows-smart-card-technical-reference.md | 2 +- .../user-account-control/how-user-account-control-works.md | 2 +- ...er-account-control-group-policy-and-registry-key-settings.md | 2 +- .../user-account-control/user-account-control-overview.md | 2 +- .../user-account-control-security-policy-settings.md | 2 +- .../virtual-smart-card-deploy-virtual-smart-cards.md | 2 +- .../virtual-smart-cards/virtual-smart-card-evaluate-security.md | 2 +- .../virtual-smart-cards/virtual-smart-card-get-started.md | 2 +- .../virtual-smart-cards/virtual-smart-card-overview.md | 2 +- .../virtual-smart-cards/virtual-smart-card-tpmvscmgr.md | 2 +- .../virtual-smart-card-understanding-and-evaluating.md | 2 +- .../virtual-smart-card-use-virtual-smart-cards.md | 2 +- ...figure-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 2 +- ...-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 2 +- windows/security/identity-protection/vpn/vpn-authentication.md | 2 +- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 2 +- .../security/identity-protection/vpn/vpn-conditional-access.md | 2 +- windows/security/identity-protection/vpn/vpn-connection-type.md | 2 +- windows/security/identity-protection/vpn/vpn-guide.md | 2 +- windows/security/identity-protection/vpn/vpn-name-resolution.md | 2 +- .../identity-protection/vpn/vpn-office-365-optimization.md | 2 +- windows/security/identity-protection/vpn/vpn-profile-options.md | 2 +- windows/security/identity-protection/vpn/vpn-routing.md | 2 +- .../security/identity-protection/vpn/vpn-security-features.md | 2 +- .../windows-credential-theft-mitigation-guide-abstract.md | 2 +- windows/security/includes/improve-request-performance.md | 2 +- windows/security/includes/machineactionsnote.md | 2 +- windows/security/includes/microsoft-defender-api-usgov.md | 2 +- windows/security/includes/microsoft-defender.md | 2 +- windows/security/includes/prerelease.md | 2 +- .../bitlocker/bcd-settings-and-bitlocker.md | 2 +- .../information-protection/bitlocker/bitlocker-and-adds-faq.yml | 2 +- .../bitlocker/bitlocker-basic-deployment.md | 2 +- .../bitlocker/bitlocker-countermeasures.md | 2 +- .../bitlocker/bitlocker-deployment-and-administration-faq.yml | 2 +- .../bitlocker/bitlocker-deployment-comparison.md | 2 +- .../bitlocker-device-encryption-overview-windows-10.md | 2 +- .../bitlocker/bitlocker-frequently-asked-questions.yml | 2 +- .../bitlocker/bitlocker-group-policy-settings.md | 2 +- .../bitlocker/bitlocker-how-to-deploy-on-windows-server.md | 2 +- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 2 +- .../bitlocker/bitlocker-key-management-faq.yml | 2 +- .../bitlocker/bitlocker-management-for-enterprises.md | 2 +- .../bitlocker/bitlocker-network-unlock-faq.yml | 2 +- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 2 +- .../information-protection/bitlocker/bitlocker-overview.md | 2 +- .../bitlocker/bitlocker-recovery-guide-plan.md | 2 +- .../bitlocker/bitlocker-recovery-loop-break.md | 2 +- .../information-protection/bitlocker/bitlocker-security-faq.yml | 2 +- .../information-protection/bitlocker/bitlocker-to-go-faq.yml | 2 +- .../bitlocker/bitlocker-upgrading-faq.yml | 2 +- ...-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md | 2 +- .../bitlocker-use-bitlocker-recovery-password-viewer.md | 2 +- .../bitlocker/bitlocker-using-with-other-programs-faq.yml | 2 +- ...are-your-organization-for-bitlocker-planning-and-policies.md | 2 +- ...r-shared-volumes-and-storage-area-networks-with-bitlocker.md | 2 +- .../information-protection/bitlocker/troubleshoot-bitlocker.md | 2 +- .../bitlocker/ts-bitlocker-cannot-encrypt-issues.md | 2 +- .../bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md | 2 +- .../bitlocker/ts-bitlocker-config-issues.md | 2 +- .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md | 2 +- .../bitlocker/ts-bitlocker-intune-issues.md | 2 +- .../bitlocker/ts-bitlocker-network-unlock-issues.md | 2 +- .../bitlocker/ts-bitlocker-recovery-issues.md | 2 +- .../information-protection/bitlocker/ts-bitlocker-tpm-issues.md | 2 +- windows/security/information-protection/encrypted-hard-drive.md | 2 +- windows/security/information-protection/index.md | 2 +- .../kernel-dma-protection-for-thunderbolt.md | 2 +- .../secure-the-windows-10-boot-process.md | 2 +- .../tpm/backup-tpm-recovery-information-to-ad-ds.md | 2 +- .../information-protection/tpm/change-the-tpm-owner-password.md | 2 +- .../information-protection/tpm/how-windows-uses-the-tpm.md | 2 +- .../tpm/initialize-and-configure-ownership-of-the-tpm.md | 2 +- .../security/information-protection/tpm/manage-tpm-commands.md | 2 +- .../security/information-protection/tpm/manage-tpm-lockout.md | 2 +- .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md | 2 +- windows/security/information-protection/tpm/tpm-fundamentals.md | 2 +- .../security/information-protection/tpm/tpm-recommendations.md | 2 +- .../tpm/trusted-platform-module-overview.md | 2 +- .../trusted-platform-module-services-group-policy-settings.md | 2 +- .../tpm/trusted-platform-module-top-node.md | 2 +- .../windows-information-protection/app-behavior-with-wip.md | 2 +- .../collect-wip-audit-event-logs.md | 2 +- .../create-and-verify-an-efs-dra-certificate.md | 2 +- .../create-vpn-and-wip-policy-using-intune-azure.md | 2 +- .../create-wip-policy-using-configmgr.md | 2 +- .../create-wip-policy-using-intune-azure.md | 2 +- .../deploy-wip-policy-using-intune-azure.md | 2 +- .../enlightened-microsoft-apps-and-wip.md | 2 +- .../guidance-and-best-practices-wip.md | 2 +- .../windows-information-protection/limitations-with-wip.md | 2 +- .../mandatory-settings-for-wip.md | 2 +- .../overview-create-wip-policy-configmgr.md | 2 +- .../overview-create-wip-policy.md | 2 +- .../protect-enterprise-data-using-wip.md | 2 +- .../recommended-network-definitions-for-wip.md | 2 +- .../windows-information-protection/testing-scenarios-for-wip.md | 2 +- .../windows-information-protection/using-owa-with-wip.md | 2 +- .../wip-app-enterprise-context.md | 2 +- .../windows-information-protection/wip-learning.md | 2 +- .../security-policy-settings/includes/smb1-perf-note.md | 2 +- .../microsoft-recommended-driver-block-rules.md | 2 +- 210 files changed, 210 insertions(+), 210 deletions(-) diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md index 079ce945b4..1103ca2f3d 100644 --- a/windows/security/identity-protection/access-control/access-control.md +++ b/windows/security/identity-protection/access-control/access-control.md @@ -1,7 +1,7 @@ --- title: Access Control Overview (Windows 10) description: Access Control Overview -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index 69dba47679..b876d29dfc 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -1,7 +1,7 @@ --- title: Active Directory Accounts (Windows 10) description: Active Directory Accounts -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 5ac3dcc651..f2d2363055 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -1,7 +1,7 @@ --- title: Active Directory Security Groups description: Active Directory Security Groups -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md index c1ae4462c3..c68a4e721f 100644 --- a/windows/security/identity-protection/access-control/dynamic-access-control.md +++ b/windows/security/identity-protection/access-control/dynamic-access-control.md @@ -1,7 +1,7 @@ --- title: Dynamic Access Control Overview (Windows 10) description: Learn about Dynamic Access Control and its associated elements, which were introduced in Windows Server 2012 and Windows 8. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 6ad17afded..41f8a016ae 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -1,7 +1,7 @@ --- title: Local Accounts (Windows 10) description: Learn how to secure and manage access to the resources on a standalone or member server for services or users. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md index 033df47072..79e1a30a6a 100644 --- a/windows/security/identity-protection/access-control/microsoft-accounts.md +++ b/windows/security/identity-protection/access-control/microsoft-accounts.md @@ -1,7 +1,7 @@ --- title: Microsoft Accounts (Windows 10) description: Microsoft Accounts -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index be0a573f71..6f82d5fa09 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -1,7 +1,7 @@ --- title: Security identifiers (Windows 10) description: Security identifiers -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/security-principals.md b/windows/security/identity-protection/access-control/security-principals.md index 293acd13c9..d6bdc4569e 100644 --- a/windows/security/identity-protection/access-control/security-principals.md +++ b/windows/security/identity-protection/access-control/security-principals.md @@ -1,7 +1,7 @@ --- title: Security Principals (Windows 10) description: Security Principals -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md index 11290388a1..62a1f37271 100644 --- a/windows/security/identity-protection/access-control/service-accounts.md +++ b/windows/security/identity-protection/access-control/service-accounts.md @@ -1,7 +1,7 @@ --- title: Service Accounts (Windows 10) description: Service Accounts -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index f08c30bd24..d4abeec003 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -1,7 +1,7 @@ --- title: Special Identities (Windows 10) description: Special Identities -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md index 2f95950f32..d0ddb7f478 100644 --- a/windows/security/identity-protection/configure-s-mime.md +++ b/windows/security/identity-protection/configure-s-mime.md @@ -4,7 +4,7 @@ description: S/MIME lets users encrypt outgoing messages and attachments so that ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05 ms.reviewer: keywords: encrypt, digital signature -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index 74a0f7dd85..9ca5657e1d 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -1,7 +1,7 @@ --- title: Additional mitigations description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md index 871578d4d0..f9dce14935 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md @@ -1,7 +1,7 @@ --- title: Advice while using Windows Defender Credential Guard (Windows) description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md index c3473caa24..0d09f98a43 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md @@ -1,7 +1,7 @@ --- title: How Windows Defender Credential Guard works description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 208a4b22a1..9fff952689 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -1,7 +1,7 @@ --- title: Windows Defender Credential Guard - Known issues (Windows) description: Windows Defender Credential Guard - Known issues in Windows Enterprise -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 17ee0a5394..20437d1219 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -1,7 +1,7 @@ --- title: Manage Windows Defender Credential Guard (Windows) description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index 30f8dbe57c..170018c2c2 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -1,7 +1,7 @@ --- title: Windows Defender Credential Guard protection limits & mitigations (Windows) description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index e348a5ba65..9cab64d757 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -1,7 +1,7 @@ --- title: Windows Defender Credential Guard protection limits (Windows) description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index a23f5dbebd..d71e281729 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -1,7 +1,7 @@ --- title: Windows Defender Credential Guard Requirements (Windows) description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index f4e9fb404e..709bc9de64 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -1,7 +1,7 @@ --- title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows) description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md index 20d2d330d4..492a069d08 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard.md +++ b/windows/security/identity-protection/credential-guard/credential-guard.md @@ -3,7 +3,7 @@ title: Protect derived domain credentials with Windows Defender Credential Guard description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index 5e6d9befec..a3c6d35840 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -1,7 +1,7 @@ --- title: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool description: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool script -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index fea29a3fc3..632eb6cb36 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -9,7 +9,7 @@ ms.author: dansimp manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.prod: w10 +ms.prod: m365-security ms.technology: windows ms.pagetype: security ms.localizationpriority: medium diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index 46ae044e8f..92e56d01b5 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -1,7 +1,7 @@ --- title: WebAuthn APIs description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index d1e93b59ef..2ac4f07df9 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -2,7 +2,7 @@ title: Multi-factor Unlock description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 8e5fd2f049..fccc969f85 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -2,7 +2,7 @@ title: Azure Active Directory join cloud only deployment description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. keywords: identity, Hello, Active Directory, cloud, -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index b317356b81..a7761bfd94 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -2,7 +2,7 @@ title: Having enough Domain Controllers for Windows Hello for Business deployments description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index 1933fad122..44dc96c2b7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -3,7 +3,7 @@ title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index 7dc20cb316..74dfea915d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -4,7 +4,7 @@ description: Windows Hello uses biometrics to authenticate users and guard again ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc ms.reviewer: keywords: Windows Hello, enterprise biometrics -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 958d349b3e..78a031e4af 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -2,7 +2,7 @@ title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business) description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 4f529da2a1..cca8ec5dbd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -2,7 +2,7 @@ title: Configure Windows Hello for Business Policy settings - certificate trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index f468cbe23f..e89eef978c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -2,7 +2,7 @@ title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business) description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 6a840d43c6..d3767350b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -2,7 +2,7 @@ title: Validate and Deploy MFA for Windows Hello for Business with certificate trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with certificate trust keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 2f2d3bcf5b..366ce9b8bb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -2,7 +2,7 @@ title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index db310a19e8..f802872ce7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -2,7 +2,7 @@ title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment description: A guide to on premises, certificate trust Windows Hello for Business deployment. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 4e7d1f7942..9e35376c70 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -2,7 +2,7 @@ title: Windows Hello for Business Deployment Overview description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index 30dbcc8929..41f1a39158 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Deployment Known Issues description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues keywords: identity, PIN, biometric, Hello, passport params: siblings_only -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 5a5f0334f7..5a525a6f6a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -2,7 +2,7 @@ title: Windows Hello for Business Deployment Guide - On Premises Key Deployment description: A guide to on premises, key trust Windows Hello for Business deployment. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 260463cdb8..ec0411f5bd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -2,7 +2,7 @@ title: Deploying Certificates to Key Trust Users to Enable RDP description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index f6d78686a8..115abd293d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -4,7 +4,7 @@ description: When you set up Windows Hello in Windows 10, you may get an error ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502 ms.reviewer: keywords: PIN, error, create a work PIN -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index a41f3c8418..5eecb9ecac 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -4,7 +4,7 @@ description: This event is created when a Windows Hello for Business is successf ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04 ms.reviewer: keywords: ngc -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 213b9c9999..1a3fac8308 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -3,7 +3,7 @@ metadata: title: Windows Hello for Business Frequently Asked Questions (FAQ) description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 0b13b8388a..ebd49da74d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -2,7 +2,7 @@ title: Conditional Access description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index 82cb73cd43..c1051280eb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -2,7 +2,7 @@ title: Dual Enrollment description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, dual enrollment, -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 6a880c9a9c..b7a04269f4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -2,7 +2,7 @@ title: Dynamic lock description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 29bce3f5dc..806ac19923 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -2,7 +2,7 @@ title: Pin Reset description: Learn how Microsoft PIN reset services enables you to help users recover who have forgotten their PIN. keywords: identity, PIN, Hello, passport, WHFB, hybrid, cert-trust, device, reset -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 8ed00949b2..3b8be4415e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -2,7 +2,7 @@ title: Remote Desktop description: Learn how Windows Hello for Business supports using biometrics with remote desktop keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index d6cff27980..892f986c01 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -1,7 +1,7 @@ --- title: How Windows Hello for Business works - Authentication description: Learn about the authentication flow for Windows Hello for Business. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 9e1ddf66b7..c114cd86e5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -1,7 +1,7 @@ --- title: How Windows Hello for Business works - Provisioning description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index cae576ab66..4bdde9ea88 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -1,7 +1,7 @@ --- title: How Windows Hello for Business works - Technology and Terms description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 657611e55f..90514e334a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -1,7 +1,7 @@ --- title: How Windows Hello for Business works description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index eeb8ee8626..daada1f51d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -2,7 +2,7 @@ title: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index fba0adf89f..cd403a4167 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -2,7 +2,7 @@ title: Using Certificates for AADJ On-premises Single-sign On single sign-on description: If you want to use certificates for on-premises single-sign on for Azure Active Directory joined devices, then follow these additional steps. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index cb23b1e6a7..c74516519b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -2,7 +2,7 @@ title: Azure AD Join Single Sign-on Deployment description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory joined devices, using Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index c9afa19802..893bb67c67 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -2,7 +2,7 @@ title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business) description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on. keywords: identity, PIN, biometric, Hello, passport, WHFB -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index ba0f914fa0..2bae50c063 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -2,7 +2,7 @@ title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 228747d35b..edf8fab283 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -2,7 +2,7 @@ title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 9cd1d4350b..b9a5fcd43e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -2,7 +2,7 @@ title: Hybrid Certificate Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index e7082740c2..560844634b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -2,7 +2,7 @@ title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business) description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 2a261013b9..6d48646f3b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -2,7 +2,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD) description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, ad -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 398d31c3d6..2a5517fe70 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -2,7 +2,7 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS) description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, adfs -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index c48e5ae621..681c874730 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -2,7 +2,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 53d6fd45a0..fc322a0194 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -2,7 +2,7 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI) description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 519afac582..7b25db52a4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -2,7 +2,7 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index a56e989ba6..498f54f10a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -2,7 +2,7 @@ title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business) description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index bb3de61241..00829103e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -2,7 +2,7 @@ title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. keywords: identity, PIN, biometric, Hello, passport, WHFB -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 713fcd89a5..3a30549629 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -2,7 +2,7 @@ title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, device, registration -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 5acfb06f68..db1f93ef28 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -2,7 +2,7 @@ title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, synchronization, AADConnect -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 95442ae6dd..da7496b3b0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -2,7 +2,7 @@ title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 93903312e5..a8b090fc5b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -2,7 +2,7 @@ title: Hybrid Key Trust Deployment (Windows Hello for Business) description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 8d412b86f0..224aa7d094 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -2,7 +2,7 @@ title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business) description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 0f8a916c18..c8db509239 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -2,7 +2,7 @@ title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD) description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) keywords: identity, PIN, biometric, Hello, passport, WHFB, ad, key trust, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 28f3658a43..8e58707531 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -2,7 +2,7 @@ title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect, Windows Hello, AD Connect, key trust, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index bc2ae4f46c..700d8a0062 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -2,7 +2,7 @@ title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI, Windows Hello, key trust, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 3cdd96f898..5303323b09 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -2,7 +2,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Configuring Hybrid key trust Windows Hello for Business - Group Policy keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, key trust, key-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index b849c9ce8a..b7f6408196 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -2,7 +2,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 92c2b72d61..6f024c2186 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -4,7 +4,7 @@ description: Overview of all the different infrastructure requirements for Windo ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E ms.reviewer: keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 7423caec53..0dfae840a6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -2,7 +2,7 @@ title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business) description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 116c9ba6ab..b028a12e97 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -2,7 +2,7 @@ title: Configure Windows Hello for Business Policy settings - key trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 943e611e93..85a36fa384 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -2,7 +2,7 @@ title: Key registration for on-premises deployment of Windows Hello for Business description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 349b328807..549c4ffd5d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -2,7 +2,7 @@ title: Validate and Deploy MFA for Windows Hello for Business with key trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index d4e87e620e..e4d0dbd8ab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -2,7 +2,7 @@ title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 5c7129efd6..0af1014ea8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -4,7 +4,7 @@ description: You can create a Group Policy or mobile device management (MDM) pol ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8 ms.reviewer: keywords: identity, PIN, biometric, Hello -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 33d820a1a7..6b960df121 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Overview (Windows) ms.reviewer: An overview of Windows Hello for Business description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 8aada054b6..b02e68aace 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -2,7 +2,7 @@ title: Planning a Windows Hello for Business Deployment description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. keywords: identity, PIN, biometric, Hello, passport -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index bf0a6af0ea..966f0adef8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -4,7 +4,7 @@ description: When you set a policy to require Windows Hello for Business in the ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B ms.reviewer: keywords: identity, PIN, biometric, Hello -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 0f47042799..61a06b945e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -2,7 +2,7 @@ title: Windows Hello for Business Videos description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 738db8c9bd..00d8d722b0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -4,7 +4,7 @@ description: Windows Hello in Windows 10 enables users to sign in to their devi ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212 ms.reviewer: keywords: pin, security, password, hello -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml index 4282b8e701..0ede08ad94 100644 --- a/windows/security/identity-protection/hello-for-business/index.yml +++ b/windows/security/identity-protection/hello-for-business/index.yml @@ -6,7 +6,7 @@ summary: Learn how to manage and deploy Windows Hello for Business. metadata: title: Windows Hello for Business documentation description: Learn how to manage and deploy Windows Hello for Business. - ms.prod: w10 + ms.prod: m365-security ms.topic: landing-page author: mapalko manager: dansimp diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 73aab32a55..308554bde8 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -2,7 +2,7 @@ title: Microsoft-compatible security key description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. keywords: FIDO2, security key, CTAP, Hello, WHFB -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index f7bb6e7722..56a0e61012 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -2,7 +2,7 @@ title: Passwordless Strategy description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11. keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 92a7af375c..d9743650a3 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -2,7 +2,7 @@ title: Reset-security-key description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key keywords: FIDO2, security key, CTAP, Microsoft-compatible security key -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index d90093aab8..e6350966ce 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -1,7 +1,7 @@ --- title: How Windows Hello for Business works (Windows) description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index 7e62fc8954..e4ecd908cf 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -1,7 +1,7 @@ --- title: Identity and access management (Windows 10) description: Learn more about identity and access protection technologies in Windows 10 and Windows 10 Mobile. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md index 9cf1ca34c2..9839a92845 100644 --- a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md +++ b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md @@ -4,7 +4,7 @@ description: Digital certificates bind the identity of a user or computer to a p ms.assetid: FF7B1BE9-41F4-44B0-A442-249B650CEE25 ms.reviewer: keywords: S/MIME, PFX, SCEP -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md index b92183cdd3..45d54643a7 100644 --- a/windows/security/identity-protection/password-support-policy.md +++ b/windows/security/identity-protection/password-support-policy.md @@ -7,7 +7,7 @@ ms.custom: - CI ID 110060 - CSSTroubleshoot ms.author: v-tea -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.pagetype: security author: Teresa-Motiv diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index 65fa656745..841def1a8c 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -1,7 +1,7 @@ --- title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10) description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index 70b89b04ee..99de6899d4 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -1,7 +1,7 @@ --- title: Smart Card and Remote Desktop Services (Windows) description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index 604f470a49..bad0c616fe 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -1,7 +1,7 @@ --- title: Smart Card Architecture (Windows) description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md index 32f79fdf8f..1ad9d49a24 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md @@ -1,7 +1,7 @@ --- title: Certificate Propagation Service (Windows) description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index 7e32d7679f..5bb30875b0 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -1,7 +1,7 @@ --- title: Certificate Requirements and Enumeration (Windows) description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index b65f0ce66c..fd8c26a453 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -1,7 +1,7 @@ --- title: Smart Card Troubleshooting (Windows) description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md index b8f7de6f81..0d7a79fdac 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-events.md +++ b/windows/security/identity-protection/smart-cards/smart-card-events.md @@ -1,7 +1,7 @@ --- title: Smart Card Events (Windows) description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index ad5011e9b9..21bb862284 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -1,7 +1,7 @@ --- title: Smart Card Group Policy and Registry Settings (Windows) description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md index 05d1dbf771..1787f63661 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md +++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md @@ -1,7 +1,7 @@ --- title: How Smart Card Sign-in Works in Windows description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md index c52deb3971..77c8c9d18b 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md @@ -1,7 +1,7 @@ --- title: Smart Card Removal Policy Service (Windows) description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md index ba3e2a4c05..dd3d3ccddb 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md @@ -1,7 +1,7 @@ --- title: Smart Cards for Windows Service (Windows) description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md index 1151e206de..935f57edf3 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md @@ -1,7 +1,7 @@ --- title: Smart Card Tools and Settings (Windows) description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md index dfd605776c..377f4811d2 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md +++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md @@ -1,7 +1,7 @@ --- title: Smart Card Technical Reference (Windows) description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index a5676db15b..dc439af883 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -3,7 +3,7 @@ title: How User Account Control works (Windows) description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware. ms.assetid: 9f921779-0fd3-4206-b0e4-05a19883ee59 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: operate ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md index a4ae0b4d3d..de326e9360 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md @@ -1,7 +1,7 @@ --- title: User Account Control Group Policy and registry key settings (Windows) description: Here's a list of UAC Group Policy and registry key settings that your organization can use to manage UAC. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index 2e221d273c..6a86b8cdd3 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -3,7 +3,7 @@ title: User Account Control (Windows) description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. ms.assetid: 43ac4926-076f-4df2-84af-471ee7d20c38 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: operate ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index 9a6cb42323..a44a22e080 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -3,7 +3,7 @@ title: User Account Control security policy settings (Windows) description: You can use security policies to configure how User Account Control works in your organization. ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md index 4468785ff0..7b01e6dec2 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md @@ -1,7 +1,7 @@ --- title: Deploy Virtual Smart Cards (Windows 10) description: This topic for the IT professional discusses the factors to consider when you deploy a virtual smart card authentication solution. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md index 044f7c1fe1..852c4af6d4 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md @@ -1,7 +1,7 @@ --- title: Evaluate Virtual Smart Card Security (Windows 10) description: This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md index c6ad4e0710..799487b7f9 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md @@ -1,7 +1,7 @@ --- title: Get Started with Virtual Smart Cards - Walkthrough Guide (Windows 10) description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index 1ef7fb2c75..cfdee83c74 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -1,7 +1,7 @@ --- title: Virtual Smart Card Overview (Windows 10) description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md index 4a9273d496..48cbc570a2 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md @@ -1,7 +1,7 @@ --- title: Tpmvscmgr (Windows 10) description: This topic for the IT professional describes the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md index d7c394285f..f64d08cdbe 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md @@ -1,7 +1,7 @@ --- title: Understanding and Evaluating Virtual Smart Cards (Windows 10) description: Learn how smart card technology can fit into your authentication design. Find links to additional topics about virtual smart cards. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md index 4d3f59ff0a..da45445e1a 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md @@ -1,7 +1,7 @@ --- title: Use Virtual Smart Cards (Windows 10) description: This topic for the IT professional describes requirements for virtual smart cards and provides information about how to use and manage them. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 907bcfc24c..0226c9ea7c 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -1,7 +1,7 @@ --- title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11) description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 510a5a9e76..6298f7d90f 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -1,7 +1,7 @@ --- title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11) description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 77824138a9..f03cb37b27 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -1,7 +1,7 @@ --- title: VPN authentication options (Windows 10 and Windows 11) description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 128afcfee9..5e8dbb7965 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -1,7 +1,7 @@ --- title: VPN auto-triggered profile options (Windows 10 and Windows 11) description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 068d41d1a5..fafe96b51b 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -1,7 +1,7 @@ --- title: VPN and conditional access (Windows 10 and Windows 11) description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 90b1a56b41..72d3fed61c 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -1,7 +1,7 @@ --- title: VPN connection types (Windows 10 and Windows 11) description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index 3f23cadc79..f1ef2a83ef 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -1,7 +1,7 @@ --- title: Windows VPN technical guide (Windows 10 and Windows 11) description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library author: dansimp diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index a61584597c..a07cf8e0c7 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -1,7 +1,7 @@ --- title: VPN name resolution (Windows 10 and Windows 11) description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md index 562a872615..a0a8aecf5e 100644 --- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md +++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md @@ -1,7 +1,7 @@ --- title: Optimizing Office 365 traffic for remote workers with the native Windows 10 or Windows 11 VPN client description: tbd -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 8e683158b9..c999481679 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -4,7 +4,7 @@ description: Windows adds Virtual Private Network (VPN) profile options to help ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523 ms.reviewer: manager: dansimp -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index 5c2b3d00e1..3ba700ab9e 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -1,7 +1,7 @@ --- title: VPN routing decisions (Windows 10 and Windows 10) description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index 88d9c1dfba..31f424f860 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -1,7 +1,7 @@ --- title: VPN security features (Windows 10 and Windows 11) description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index 3a8d6e6ed0..0465f35ec4 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -3,7 +3,7 @@ title: Windows Credential Theft Mitigation Guide Abstract description: Provides a summary of the Windows credential theft mitigation guide. ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/includes/improve-request-performance.md b/windows/security/includes/improve-request-performance.md index efaf6664a9..2048d9f516 100644 --- a/windows/security/includes/improve-request-performance.md +++ b/windows/security/includes/improve-request-performance.md @@ -3,7 +3,7 @@ title: Improve request performance description: Improve request performance keywords: server, request, performance search.product: eADQiWindows 10XVcnh -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/includes/machineactionsnote.md b/windows/security/includes/machineactionsnote.md index 713356c6f7..5d784c2abe 100644 --- a/windows/security/includes/machineactionsnote.md +++ b/windows/security/includes/machineactionsnote.md @@ -6,7 +6,7 @@ ms.reviewer: manager: dansimp ms.author: macapara author: mjcaparas -ms.prod: w10 +ms.prod: m365-security --- >[!Note] diff --git a/windows/security/includes/microsoft-defender-api-usgov.md b/windows/security/includes/microsoft-defender-api-usgov.md index eb6e94cc23..536dab4a74 100644 --- a/windows/security/includes/microsoft-defender-api-usgov.md +++ b/windows/security/includes/microsoft-defender-api-usgov.md @@ -3,7 +3,7 @@ title: Microsoft Defender for Endpoint API URIs for US Government description: Microsoft Defender for Endpoint API URIs for US Government keywords: defender, endpoint, api, government, gov search.product: eADQiWindows 10XVcnh -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md index ec183caa51..8e7c769509 100644 --- a/windows/security/includes/microsoft-defender.md +++ b/windows/security/includes/microsoft-defender.md @@ -6,7 +6,7 @@ ms.reviewer: manager: dansimp ms.author: dansimp author: dansimp -ms.prod: w10 +ms.prod: m365-security ms.topic: include --- diff --git a/windows/security/includes/prerelease.md b/windows/security/includes/prerelease.md index a008aa45d7..bced58da9f 100644 --- a/windows/security/includes/prerelease.md +++ b/windows/security/includes/prerelease.md @@ -6,7 +6,7 @@ ms.reviewer: manager: dansimp ms.author: macapara author: mjcaparas -ms.prod: w10 +ms.prod: m365-security --- > [!IMPORTANT] diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 3c10de8372..0a0b518012 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -3,7 +3,7 @@ title: BCD settings and BitLocker (Windows 10) description: This topic for IT professionals describes the BCD settings that are used by BitLocker. ms.assetid: c4ab7ac9-16dc-4c7e-b061-c0b0deb2c4fa ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml index 21493aca12..342b5eda5d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml @@ -4,7 +4,7 @@ metadata: description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 9a77ca4317..84e0ecad4e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -3,7 +3,7 @@ title: BitLocker basic deployment (Windows 10) description: This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index f73028e4a0..55b50f9a5a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -3,7 +3,7 @@ title: BitLocker Countermeasures (Windows 10) description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key. ms.assetid: ebdb0637-2597-4da1-bb18-8127964686ea ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml index d247254b4b..85b7bbb000 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml @@ -4,7 +4,7 @@ metadata: description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md index e017f3cd8d..c9cf5ba6f5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md @@ -1,7 +1,7 @@ --- title: BitLocker deployment comparison (Windows 10) description: This article shows the BitLocker deployment comparison chart. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index ddb93cce30..263e76a815 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -1,7 +1,7 @@ --- title: Overview of BitLocker Device Encryption in Windows description: This topic provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml index ce3ad7185a..44f663add4 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml @@ -4,7 +4,7 @@ metadata: description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 25c64a62b1..ccf1c31234 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -3,7 +3,7 @@ title: BitLocker Group Policy settings (Windows 10) description: This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. ms.assetid: 4904e336-29fe-4cef-bb6c-3950541864af ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 5a619e7a83..28c20974f7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -3,7 +3,7 @@ title: BitLocker How to deploy on Windows Server 2012 and later description: This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 5adf857335..fcd4a25a03 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -3,7 +3,7 @@ title: BitLocker - How to enable Network Unlock (Windows 10) description: This article for the IT professional describes how BitLocker Network Unlock works and how to configure it. ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml index 4413577e0b..eba6835e4f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml @@ -4,7 +4,7 @@ metadata: description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index eabe91593f..a131034086 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -1,7 +1,7 @@ --- title: BitLocker Management Recommendations for Enterprises (Windows 10) description: Refer to relevant documentation, products, and services to learn about managing BitLocker for enterprises and see recommendations for different computers. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml index 10287fc220..9828c35058 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml @@ -2,7 +2,7 @@ metadata: title: BitLocker Network Unlock FAQ (Windows 10) description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments. - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index bd62782893..db8217ee49 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -4,7 +4,7 @@ metadata: description: This article for IT professionals answers frequently asked questions concerning the requirements to use BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index bc8488a920..2c74f92e6e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -4,7 +4,7 @@ description: This topic provides a high-level overview of BitLocker, including a ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2 ms.reviewer: ms.author: dansimp -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index bc39c1121d..4917773d60 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -3,7 +3,7 @@ title: BitLocker recovery guide (Windows 10) description: This article for IT professionals describes how to recover BitLocker keys from AD DS. ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 4ae0e5d8e8..c9415f3f7d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -2,7 +2,7 @@ title: Breaking out of a Bitlocker recovery loop description: This topic for IT professionals describes how to break out of a Bitlocker recovery loop. ms.assetid: #c40f87ac-17d3-47b2-afc6-6c641f72ecee -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml index bb50bfcba5..b9edd5b644 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml @@ -4,7 +4,7 @@ metadata: description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml index e28fda09ee..c9d6d649c1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml @@ -5,7 +5,7 @@ metadata: ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.author: dansimp - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml index 6cb7eaa23e..84f82e3483 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml @@ -2,7 +2,7 @@ metadata: title: BitLocker Upgrading FAQ (Windows 10) description: Learn more about upgrading systems that have BitLocker enabled. Find frequently asked questions, such as, "Can I upgrade to Windows 10 with BitLocker enabled?" - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 4f375c0d85..a6ebc0704c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -3,7 +3,7 @@ title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windo description: This article for the IT professional describes how to use tools to manage BitLocker. ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 7c4a6c76bf..7f39bdb50d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -3,7 +3,7 @@ title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10) description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. ms.assetid: 04c93ac5-5dac-415e-b636-de81435753a2 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml index 1a02bc65c8..52150c7455 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml @@ -4,7 +4,7 @@ metadata: description: Learn how to integrate BitLocker with other software on your device. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: - ms.prod: w10 + ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 8a15267bc2..ddb6ceab56 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -3,7 +3,7 @@ title: Prepare your organization for BitLocker Planning and policies (Windows 10 description: This topic for the IT professional explains how can you plan your BitLocker deployment. ms.assetid: 6e3593b5-4e8a-40ac-808a-3fdbc948059d ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index ac8caab616..e1fd9969af 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -3,7 +3,7 @@ title: Protecting cluster shared volumes and storage area networks with BitLocke description: This article for IT pros describes how to protect CSVs and SANs with BitLocker. ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 664fb40db0..807b6930ed 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -3,7 +3,7 @@ title: Guidelines for troubleshooting BitLocker description: Describes approaches for investigating BitLocker issues, including how to gather diagnostic information ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index f2ed14e623..61204f5c9e 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -3,7 +3,7 @@ title: BitLocker cannot encrypt a drive known issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 6aac911b2c..7ed9457a01 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -3,7 +3,7 @@ title: BitLocker cannot encrypt a drive known TPM issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive, and that you can attribute to the TPM ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md index 4142982e69..e788a71995 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md @@ -3,7 +3,7 @@ title: BitLocker configuration known issues description: Describes common issues that involve your BitLocker configuration and BitLocker's general functionality, and provides guidance for addressing those issues. ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index 9c0af342bc..c092a6fbe5 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -3,7 +3,7 @@ title: Decode Measured Boot logs to track PCR changes description: Provides instructions for installing and using a tool for analyzing log information to identify changes to PCRs ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index 44ad76e76b..f130448942 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -3,7 +3,7 @@ title: Enforcing BitLocker policies by using Intune known issues description: provides assistance for issues that you may see if you use Microsoft Intune policy to manage silent BitLocker encryption on devices. ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md index 48dacb659a..2dd2a8d321 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md @@ -3,7 +3,7 @@ title: BitLocker Network Unlock known issues description: Describes several known issues that you may encounter while using Network Unlock, and provided guidance for addressing those issues. ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index 110aad6465..ee38a4d96a 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -3,7 +3,7 @@ title: BitLocker recovery known issues description: Describes common issues that can occur that prevent BitLocker from behaving as expected when recovering a drive, or may cause BitLocker to start recovery unexpectedly. The article provides guidance for addressing those issues. ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 6f05c69982..4f34d0ccd0 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -3,7 +3,7 @@ title: BitLocker and TPM other known issues description: Describes common issues that relate directly to the TPM, and provides guidance for resolving those issues. ms.reviewer: kaushika ms.technology: windows -ms.prod: w10 +ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 94d231d8f3..9bbeeb2de3 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -5,7 +5,7 @@ ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: manager: dansimp ms.author: dansimp -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md index e72f8d6c68..22875d7dbf 100644 --- a/windows/security/information-protection/index.md +++ b/windows/security/information-protection/index.md @@ -1,7 +1,7 @@ --- title: Information protection (Windows 10) description: Learn more about how to protect sensitive data across your organization. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index bca11cfd78..af041c7955 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -1,7 +1,7 @@ --- title: Kernel DMA Protection (Windows) description: Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index a13435b388..61af4c4e77 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -2,7 +2,7 @@ title: Secure the Windows boot process description: This article describes how Windows security features helps protect your PC from malware, including rootkits and other applications keywords: trusted boot, windows boot process -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: Explore ms.pagetype: security ms.sitesec: library diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md index 9e8fb338ce..5356f4bc2d 100644 --- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -3,7 +3,7 @@ title: Back up the TPM recovery information to AD DS (Windows) description: This topic for the IT professional describes backup of Trusted Platform Module (TPM) information. ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 44bdc2c7a6..4393f76f6f 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -3,7 +3,7 @@ title: Change the TPM owner password (Windows) description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system. ms.assetid: e43dcff3-acb4-4a92-8816-d6b64b7f2f45 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 038e7da093..c4ccd04df1 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -3,7 +3,7 @@ title: How Windows uses the TPM description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it to enhance security. ms.assetid: 0f7e779c-bd25-42a8-b8c1-69dfb54d0c7f ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index bb72304f8c..9902639bee 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -3,7 +3,7 @@ title: Troubleshoot the TPM (Windows) description: This article for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM). ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md index 23fb8a8789..a2334e30b7 100644 --- a/windows/security/information-protection/tpm/manage-tpm-commands.md +++ b/windows/security/information-protection/tpm/manage-tpm-commands.md @@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to manage which Tr ms.assetid: a78e751a-2806-43ae-9c20-2e7ca466b765 ms.reviewer: ms.author: dansimp -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md index fe1fb8255c..814498c4c7 100644 --- a/windows/security/information-protection/tpm/manage-tpm-lockout.md +++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md @@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to manage the lock ms.assetid: bf27adbe-404c-4691-a644-29ec722a3f7b ms.reviewer: ms.author: dansimp -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index f2c79979ef..1f0b8bd031 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -3,7 +3,7 @@ title: Understanding PCR banks on TPM 2.0 devices (Windows) description: This topic for the IT professional provides background about what happens when you switch PCR banks on TPM 2.0 devices. ms.assetid: 743FCCCB-99A9-4636-8F48-9ECB3A3D10DE ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 123b5b21c7..714bf860ae 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -3,7 +3,7 @@ title: Trusted Platform Module (TPM) fundamentals (Windows) description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks. ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index de5f910d13..698fc3097b 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -3,7 +3,7 @@ title: TPM recommendations (Windows) description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows. ms.assetid: E85F11F5-4E6A-43E7-8205-672F77706561 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index e401d19506..14dfaeb9f7 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -3,7 +3,7 @@ title: Trusted Platform Module Technology Overview (Windows) description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. ms.assetid: face8932-b034-4319-86ac-db1163d46538 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index 0ae9cb6622..aefc372e52 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -3,7 +3,7 @@ title: TPM Group Policy settings (Windows) description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. ms.assetid: 54ff1c1e-a210-4074-a44e-58fee26e4dbd ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md index 1e071cfbdc..fe3aaf0a9c 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md @@ -1,7 +1,7 @@ --- title: Trusted Platform Module (Windows) description: This topic for the IT professional provides links to information about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index f1bededfaf..650b38981d 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -2,7 +2,7 @@ title: Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) (Windows 10) description: Learn how unenlightened and enlightened apps might behave, based on Windows Information Protection (WIP) network policies, app configuration, and other criteria keywords: WIP, Enterprise Data Protection, EDP, Windows Information Protection, unenlightened apps, enlightened apps -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 680008fcdc..22190edaa2 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -1,7 +1,7 @@ --- title: How to collect Windows Information Protection (WIP) audit event logs (Windows 10) description: How to collect & understand Windows Information Protection audit event logs via the Reporting configuration service provider (CSP) or Windows Event Forwarding. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 5a5e12feb9..6c878e9d9c 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -2,7 +2,7 @@ title: Make & verify an EFS Data Recovery Agent certificate (Windows 10) description: Follow these steps to create, verify, and perform a quick recovery by using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 909073181d..7d32f0a68b 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -2,7 +2,7 @@ title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune (Windows 10) description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy keywords: WIP, Enterprise Data Protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index 32511b9cd5..6b49217ac9 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -4,7 +4,7 @@ description: Use Configuration Manager to make & deploy a Windows Information Pr ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager, MEMCM, Microsoft Endpoint Configuration Manager -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 0442c3778a..b483d6f902 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -1,7 +1,7 @@ --- title: Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune (Windows 10) description: Learn how to use the Azure portal for Microsoft Intune to create and deploy your Windows Information Protection (WIP) policy to protect data on your network. -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 8d929e1db4..1c9ca74eed 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -2,7 +2,7 @@ title: Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune (Windows 10) description: After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, Intune -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 557fa276cb..6551bd495d 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -4,7 +4,7 @@ description: Learn the difference between enlightened and unenlightened apps. Fi ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index bbfa13516c..4abadeccec 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -4,7 +4,7 @@ description: Find resources about apps that can work with Windows Information Pr ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 929975aa97..8c9dcd9251 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -2,7 +2,7 @@ title: Limitations while using Windows Information Protection (WIP) (Windows 10) description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP). keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 5114046477..1d28851374 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -2,7 +2,7 @@ title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise. keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Protected apps list -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md index 419f25c61c..6f0d4796b6 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md @@ -3,7 +3,7 @@ title: Create a Windows Information Protection (WIP) policy using Microsoft Endp description: Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 42f746faba..238400ed86 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -3,7 +3,7 @@ title: Create a Windows Information Protection (WIP) policy using Microsoft Intu description: Microsoft Intune and Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy. ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 424341046d..0e91c0758c 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -4,7 +4,7 @@ description: Learn how to prevent accidental enterprise data leaks through apps ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 69b104f1b4..254e5b85bc 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -2,7 +2,7 @@ title: Recommended URLs for Windows Information Protection (Windows 10) description: Recommended URLs to add to your Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP). keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP and Neutral Resources, WIP and Enterprise Cloud Resources -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index c2b7cb2188..b0877c16e0 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -4,7 +4,7 @@ description: A list of suggested testing scenarios that you can use to test Wind ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index c7caa873dc..1b6f9a67bd 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -2,7 +2,7 @@ title: Using Outlook on the web with WIP (Windows 10) description: Options for using Outlook on the web with Windows Information Protection (WIP). keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP and OWA configuration, OWA, Outlook Web access -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index dd3fb2529e..4a5b35da13 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -2,7 +2,7 @@ title: Determine the Enterprise Context of an app running in Windows Information Protection (WIP) (Windows 10) description: Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP and Task Manager, app context, enterprise context -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index e2f9ce0a1f..65aaeda64c 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -4,7 +4,7 @@ description: How to access the WIP Learning report to monitor and apply Windows ms.assetid: 53db29d2-d99d-4db6-b494-90e2b4872ca2 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, WIP Learning -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: ms.sitesec: library ms.pagetype: security diff --git a/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md b/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md index 2e59de26d8..c85aa9183c 100644 --- a/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md +++ b/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md @@ -5,6 +5,6 @@ ms.date: 1/4/2019 ms.reviewer: manager: dansimp ms.topic: include -ms.prod: w10 +ms.prod: m365-security --- Using SMB packet signing can degrade performance on file service transactions, depending on the version of SMB and available CPU cycles. diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 4e5251d27d..f6f7f13cd2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -3,7 +3,7 @@ title: Microsoft recommended driver block rules (Windows) description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community. keywords: security, malware, kernel mode, driver ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security From c5767c6ab8134907a863d15c189d595dc936977f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 14:17:23 +0530 Subject: [PATCH 004/335] Update service-accounts.md --- .../access-control/service-accounts.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md index 62a1f37271..eb608349d4 100644 --- a/windows/security/identity-protection/access-control/service-accounts.md +++ b/windows/security/identity-protection/access-control/service-accounts.md @@ -33,7 +33,7 @@ This topic contains information about the following types of service accounts: - [Standalone managed service accounts](#bkmk-standalonemanagedserviceaccounts) -- [Group managed service accounts](#bkmk-groupmanagedserviceaccounts) +- [Group-managed service accounts](#bkmk-groupmanagedserviceaccounts) - [Virtual accounts](#bkmk-virtualserviceaccounts) @@ -41,7 +41,7 @@ This topic contains information about the following types of service accounts: A managed service account is designed to isolate domain accounts in crucial applications, such as Internet Information Services (IIS), and eliminate the need for an administrator to manually administer the service principal name (SPN) and credentials for the accounts. -To use managed service accounts, the server on which the application or service is installed must be running at least Windows Server 2008 R2. One managed service account can be used for services on a single computer. Managed service accounts cannot be shared between multiple computers, and they cannot be used in server clusters where a service is replicated on multiple cluster nodes. For this scenario, you must use a group managed service account. For more information, see [Group Managed Service Accounts Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831782(v=ws.11)). +To use managed service accounts, the server on which the application or service is installed must be running at least Windows Server 2008 R2. One managed service account can be used for services on a single computer. Managed service accounts cannot be shared between multiple computers, and they cannot be used in server clusters where a service is replicated on multiple cluster nodes. For this scenario, you must use a group-managed service account. For more information, see [Group-Managed Service Accounts Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831782(v=ws.11)). In addition to the enhanced security that is provided by having individual accounts for critical services, there are four important administrative benefits associated with managed service accounts: @@ -57,36 +57,36 @@ In addition to the enhanced security that is provided by having individual accou Managed service accounts apply to the Windows operating systems that are designated in the **Applies To** list at the beginning of this topic. -### Group managed service accounts +### Group-managed service accounts -Group managed service accounts are an extension of the standalone managed service accounts, which were introduced in Windows Server 2008 R2. These are managed domain accounts that provide automatic password management and simplified service principal name (SPN) management, including delegation of management to other administrators. +Group-managed service accounts are an extension of the standalone-managed service accounts, which were introduced in Windows Server 2008 R2. These accounts are managed domain accounts that provide automatic password management and simplified service principal name (SPN) management, including delegation of management to other administrators. -The group managed service account provides the same functionality as a standalone managed service account within the domain, but it extends that functionality over multiple servers. When connecting to a service that is hosted on a server farm, such as Network Load Balancing, the authentication protocols that support mutual authentication require all instances of the services to use the same principal. When group managed service accounts are used as service principals, the Windows Server operating system manages the password for the account instead of relying on the administrator to manage the password. +The group-managed service account provides the same functionality as a standalone managed service account within the domain, but it extends that functionality over multiple servers. When connecting to a service that is hosted on a server farm, such as Network Load Balancing, the authentication protocols that support mutual authentication require all instances of the services to use the same principal. When group-managed service accounts are used as service principals, the Windows Server operating system manages the password for the account instead of relying on the administrator to manage the password. -The Microsoft Key Distribution Service (kdssvc.dll) provides the mechanism to securely obtain the latest key or a specific key with a key identifier for an Active Directory account. This service was introduced in Windows Server 2012, and it does not run on previous versions of the Windows Server operating system. The Key Distribution Service shares a secret, which is used to create keys for the account. These keys are periodically changed. For a group managed service account, the domain controller computes the password on the key that is provided by the Key Distribution Services, in addition to other attributes of the group managed service account. +The Microsoft Key Distribution Service (kdssvc.dll) provides the mechanism to securely obtain the latest key or a specific key with a key identifier for an Active Directory account. This service was introduced in Windows Server 2012, and it does not run on previous versions of the Windows Server operating system. The Key Distribution Service shares a secret, which is used to create keys for the account. These keys are periodically changed. For a group-managed service account, the domain controller computes the password on the key that is provided by the Key Distribution Services, in addition to other attributes of the group-managed service account. ### Practical applications -Group managed service accounts provide a single identity solution for services running on a server farm, or on systems that use Network Load Balancing. By providing a group managed service account solution, services can be configured for the group managed service account principal, and the password management is handled by the operating system. +Group-managed service accounts provide a single identity solution for services running on a server farm, or on systems that use Network Load Balancing. By providing a group-managed service account solution, services can be configured for the group-managed service account principal, and the password management is handled by the operating system. -By using a group managed service account, services or service administrators do not need to manage password synchronization between service instances. The group managed service account supports hosts that are kept offline for an extended time period and the management of member hosts for all instances of a service. This means that you can deploy a server farm that supports a single identity to which existing client computers can authenticate without knowing the instance of the service to which they are connecting. +By using a group-managed service account, service administrators do not need to manage password synchronization between service instances. The group-managed service account supports hosts that are kept offline for an extended time period and the management of member hosts for all instances of a service. This provision means that you can deploy a server farm that supports a single identity to which existing client computers can authenticate without knowing the instance of the service to which they are connecting. -Failover clusters do not support group managed service account s. However, services that run on top of the Cluster service can use a group managed service account or a standalone managed service account if they are a Windows service, an App pool, a scheduled task, or if they natively support group managed service account or standalone managed service accounts. +Failover clusters do not support group-managed service accounts. However, services that run on top of the Cluster service can use a group-managed service account or a standalone managed service account if they are a Windows service, an App pool, a scheduled task, or if they natively support group-managed service account or standalone managed service accounts. ### Software requirements -Group managed service accounts can only be configured and administered on computers running at least Windows Server 2012, but they can be deployed as a single service identity solution in domains that still have domain controllers running operating systems earlier than Windows Server 2012. There are no domain or forest functional level requirements. +Group-managed service accounts can only be configured and administered on computers running at least Windows Server 2012, but they can be deployed as a single service identity solution in domains that still have domain controllers running operating systems earlier than Windows Server 2012. There are no domain or forest functional level requirements. -A 64-bit architecture is required to run the Windows PowerShell commands that are used to administer group managed service accounts. +A 64-bit architecture is required to run the Windows PowerShell commands that are used to administer group-managed service accounts. -A managed service account is dependent on encryption types supported by Kerberos. When a client computer authenticates to a server by using Kerberos protocol, the domain controller creates a Kerberos service ticket that is protected with encryption that the domain controller and the server support. The domain controller uses the account’s **msDS-SupportedEncryptionTypes** attribute to determine what encryption the server supports, and if there is no attribute, it assumes that the client computer does not support stronger encryption types. The Advanced Encryption Standard (AES) should always be explicitly configured for managed service accounts. If computers that host the managed service account are configured to not support RC4, authentication will always fail. +A managed service account is dependent on encryption types supported by Kerberos. When a client computer authenticates to a server by using Kerberos protocol, the domain controller creates a Kerberos service ticket that is protected with encryption that the domain controller and the server support. The domain controller uses the account’s **msDS-SupportedEncryptionTypes** attribute to determine what encryption the server supports, and if there is no attribute, it assumes that the client computer does not support stronger encryption types. The Advanced Encryption Standard (AES) must always be configured for managed service accounts. If computers that host the managed service account are configured to not support RC4, authentication will always fail. **Note**   Introduced in Windows Server 2008 R2, the Data Encryption Standard (DES) is disabled by default. For more information about supported encryption types, see [Changes in Kerberos Authentication](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd560670(v=ws.10)). -Group managed service accounts are not applicable in Windows operating systems prior to Windows Server 2012. +Group-managed service accounts are not applicable in Windows operating systems prior to Windows Server 2012. ### Virtual accounts @@ -109,10 +109,10 @@ Virtual accounts apply to the Windows operating systems that are designated in t ## See also -The following table provides links to additional resources that are related to standalone managed service accounts, group managed service accounts, and virtual accounts. +The following table provides links to other resources that are related to standalone managed service accounts, group-managed service accounts, and virtual accounts. | Content type | References | |---------------|-------------| -| **Product evaluation** | [What's New for Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831451(v=ws.11))
[Getting Started with Group Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)) | -| **Deployment** | [Windows Server 2012: Group Managed Service Accounts - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs](https://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx) | +| **Product evaluation** | [What's New for Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831451(v=ws.11))
[Getting Started with Group-Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)) | +| **Deployment** | [Windows Server 2012: Group-Managed Service Accounts - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs](https://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx) | | **Related technologies** | [Security Principals](security-principals.md)
[What's new in Active Directory Domain Services](/windows-server/identity/whats-new-active-directory-domain-services) | \ No newline at end of file From 7e436a1ff90580df24237eb0ba0b7eac11716785 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 15:31:50 +0530 Subject: [PATCH 005/335] resolved warnings --- .../active-directory-accounts.md | 30 +++++++++---------- .../enterprise-certificate-pinning.md | 2 +- .../hello-cert-trust-validate-deploy-mfa.md | 2 +- .../hello-key-trust-validate-deploy-mfa.md | 2 +- ...man-protocol-over-ikev2-vpn-connections.md | 4 +-- .../bitlocker/troubleshoot-bitlocker.md | 6 ++-- .../ts-bitlocker-cannot-encrypt-issues.md | 2 +- .../ts-bitlocker-cannot-encrypt-tpm-issues.md | 2 +- .../bitlocker/ts-bitlocker-config-issues.md | 2 +- .../ts-bitlocker-decode-measured-boot-logs.md | 2 +- .../bitlocker/ts-bitlocker-intune-issues.md | 2 +- .../ts-bitlocker-network-unlock-issues.md | 2 +- .../bitlocker/ts-bitlocker-recovery-issues.md | 2 +- .../bitlocker/ts-bitlocker-tpm-issues.md | 2 +- .../kernel-dma-protection-for-thunderbolt.md | 6 ++-- 15 files changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index b876d29dfc..a48fbd757f 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -592,7 +592,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s > **Note**  You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx). - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample1.gif) + ![Active Directory local accounts](images/adlocalaccounts-proc1-sample1.gif) 3. Close Active Directory Users and Computers. @@ -600,13 +600,13 @@ In this procedure, the workstations are dedicated to domain administrators. By s 5. Right-click the new OU, and > **Create a GPO in this domain, and Link it here**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample2.png) + ![Active Directory's local accounts](images/adlocalaccounts-proc1-sample2.png) 6. Name the GPO, and > **OK**. 7. Expand the GPO, right-click the new GPO, and > **Edit**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample3.png) + ![Active Directory (AD) local accounts](images/adlocalaccounts-proc1-sample3.png) 8. Configure which members of accounts can log on locally to these administrative workstations as follows: @@ -625,7 +625,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s 5. Click **Add User or Group**, type **Administrators**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample4.png) + ![AD local accounts](images/adlocalaccounts-proc1-sample4.png) 9. Configure the proxy configuration: @@ -633,7 +633,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s 2. Double-click **Proxy Settings**, select the **Enable proxy settings** check box, type **127.0.0.1** (the network Loopback IP address) as the proxy address, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample5.png) + ![AD's local accounts](images/adlocalaccounts-proc1-sample5.png) 10. Configure the loopback processing mode to enable the user Group Policy proxy setting to apply to all users on the computer as follows: @@ -696,11 +696,11 @@ In this procedure, the workstations are dedicated to domain administrators. By s 1. Right-click **Windows Firewall with Advanced Security LDAP://path**, and > **Properties**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample6.png) + ![Local accounts for an Active Directory](images/adlocalaccounts-proc1-sample6.png) 2. On each profile, ensure that the firewall is enabled and that inbound connections are set to **Block all connections**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample7.png) + ![Local accounts for an AD](images/adlocalaccounts-proc1-sample7.png) 3. Click **OK** to complete the configuration. @@ -738,11 +738,11 @@ For this procedure, do not link accounts to the OU that contain workstations for 3. Right-click **Group Policy Objects**, and > **New**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample1.png) + ![Local account's representation - Active Directory](images/adlocalaccounts-proc2-sample1.png) 4. In the **New GPO** dialog box, name the GPO that restricts administrators from signing in to workstations, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample2.png) + ![Local account's representation - AD](images/adlocalaccounts-proc2-sample2.png) 5. Right-click **New GPO**, and > **Edit**. @@ -756,7 +756,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 3. Click **Add User or Group**, click **Browse**, type **Domain Admins**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample3.png) + ![An Active Directory's local accounts](images/adlocalaccounts-proc2-sample3.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -778,7 +778,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 3. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample4.png) + ![An AD's local accounts](images/adlocalaccounts-proc2-sample4.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -791,7 +791,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 6. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample5.png) + ![Local accounts for an AD](images/adlocalaccounts-proc2-sample5.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -804,11 +804,11 @@ For this procedure, do not link accounts to the OU that contain workstations for 1. Right-click the workstation OU, and then > **Link an Existing GPO**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample6.png) + ![Local accounts for an Active Directory](images/adlocalaccounts-proc2-sample6.png) 2. Select the GPO that you just created, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample7.png) + ![Active Directory's local accounts' presentation](images/adlocalaccounts-proc2-sample7.png) 10. Test the functionality of enterprise applications on workstations in the first OU and resolve any issues caused by the new policy. @@ -831,7 +831,7 @@ It is a best practice to configure the user objects for all sensitive accounts i As with any configuration change, test this enabled setting fully to ensure that it performs correctly before you implement it. -![Active Directory local accounts.](images/adlocalaccounts-proc3-sample1.png) +![An Active Directory local accounts' presentation](images/adlocalaccounts-proc3-sample1.png) ## Secure and manage domain controllers diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index 632eb6cb36..bef5c8651e 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -10,7 +10,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.prod: m365-security -ms.technology: windows +ms.technology: windows-sec ms.pagetype: security ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index d3767350b3..6e41052f09 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multifactor Authentication (MFA) +# Validate and Deploy Multifactor Authentication **Applies to** diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 549c4ffd5d..1099786e5a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multifactor Authentication (MFA) +# Validate and Deploy Multifactor Authentication > [!IMPORTANT] > As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 0226c9ea7c..70c0e42b27 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -23,7 +23,7 @@ To secure the connections, update the configuration of VPN servers and clients b ## VPN server -For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. +For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. ```powershell Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy @@ -38,7 +38,7 @@ Set-VpnServerIPsecConfiguration -CustomPolicy ## VPN client For VPN client, you need to configure each VPN connection. -For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps) and specify the name of the connection: +For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection: ```powershell diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 807b6930ed..351952c249 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -34,7 +34,7 @@ Open Event Viewer and review the following logs under Applications and Services Additionally, review the Windows logs\\System log for events that were produced by the TPM and TPM-WMI event sources. -To filter and display or export logs, you can use the [wevtutil.exe](/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6) cmdlet. +To filter and display or export logs, you can use the [wevtutil.exe](/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6&preserve-view=true) cmdlet. For example, to use wevtutil to export the contents of the operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run the following command: @@ -88,11 +88,11 @@ Open an elevated Windows PowerShell window, and run each of the following comman |Command |Notes | | --- | --- | -|[**get-tpm \> C:\\TPM.txt**](/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps) |Exports information about the local computer's Trusted Platform Module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | +|[**get-tpm \> C:\\TPM.txt**](/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps&preserve-view=true) |Exports information about the local computer's Trusted Platform Module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | |[**manage-bde –status \> C:\\BDEStatus.txt**](/windows-server/administration/windows-commands/manage-bde-status) |Exports information about the general encryption status of all drives on the computer. | |[**manage-bde c:
-protectors -get \> C:\\Protectors**](/windows-server/administration/windows-commands/manage-bde-protectors) |Exports information about the protection methods that are used for the BitLocker encryption key. | |[**reagentc /info \> C:\\reagent.txt**](/windows-hardware/manufacture/desktop/reagentc-command-line-options) |Exports information about an online or offline image about the current status of the Windows Recovery Environment (WindowsRE) and any available recovery image. | -|[**get-BitLockerVolume \| fl**](/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps) |Gets information about volumes that BitLocker Drive Encryption can protect. | +|[**get-BitLockerVolume \| fl**](/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps&preserve-view=true) |Gets information about volumes that BitLocker Drive Encryption can protect. | ## Review the configuration information diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index 61204f5c9e..f5e25880c6 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -2,7 +2,7 @@ title: BitLocker cannot encrypt a drive known issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 7ed9457a01..d8bb7f6c91 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -2,7 +2,7 @@ title: BitLocker cannot encrypt a drive known TPM issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive, and that you can attribute to the TPM ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md index e788a71995..57b7fbf0f7 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md @@ -2,7 +2,7 @@ title: BitLocker configuration known issues description: Describes common issues that involve your BitLocker configuration and BitLocker's general functionality, and provides guidance for addressing those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index c092a6fbe5..f066def4da 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -2,7 +2,7 @@ title: Decode Measured Boot logs to track PCR changes description: Provides instructions for installing and using a tool for analyzing log information to identify changes to PCRs ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index f130448942..a10219b03c 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -2,7 +2,7 @@ title: Enforcing BitLocker policies by using Intune known issues description: provides assistance for issues that you may see if you use Microsoft Intune policy to manage silent BitLocker encryption on devices. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md index 2dd2a8d321..19bbdce535 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md @@ -2,7 +2,7 @@ title: BitLocker Network Unlock known issues description: Describes several known issues that you may encounter while using Network Unlock, and provided guidance for addressing those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index ee38a4d96a..11cd49e917 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -2,7 +2,7 @@ title: BitLocker recovery known issues description: Describes common issues that can occur that prevent BitLocker from behaving as expected when recovering a drive, or may cause BitLocker to start recovery unexpectedly. The article provides guidance for addressing those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 4f34d0ccd0..898f3dcfbe 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -2,7 +2,7 @@ title: BitLocker and TPM other known issues description: Describes common issues that relate directly to the TPM, and provides guidance for resolving those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index af041c7955..36e66cf506 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -53,7 +53,7 @@ By default, peripherals with DMA Remapping incompatible drivers will be blocked ## User experience -![Kernel DMA protection user experience.](images/kernel-dma-protection-user-experience.png) +![Kernel DMA protection user experience](images/kernel-dma-protection-user-experience.png) By default, peripherals with DMA remapping compatible device drivers will be automatically enumerated and started. Peripherals with DMA Remapping incompatible drivers will be blocked from starting if the peripheral was plugged in before an authorized user logs in, or while the screen is locked. Once the system is unlocked, the peripheral driver will be started by the OS, and the peripheral will continue to function normally until the system is rebooted, or the peripheral is unplugged. The peripheral will continue to function normally if the user locks the screen or logs out of the system. @@ -113,11 +113,11 @@ No, Kernel DMA Protection only protects against drive-by DMA attacks after the O DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of two means that the device driver supports DMA-remapping. If the property is not available, then the policy is not set by the device driver (that is, the device driver does not support DMA-remapping). Check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external). -![Kernel DMA protection user experience.](images/device_details_tab_1903.png) +![A user's experience about Kernel DMA protection](images/device_details_tab_1903.png) *For Windows 10 versions 1803 and 1809, the property field in Device Manager uses a GUID, as highlighted in the following image. -![Kernel DMA protection user experience.](images/device-details-tab.png) +![Experience of a user about Kernel DMA protection](images/device-details-tab.png) ### When the drivers for PCI or Thunderbolt™ 3 peripherals do not support DMA-remapping? From 50a8050dd5e168b8d6b0d1cf50bd3eb2afb439d3 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 16:19:37 +0530 Subject: [PATCH 006/335] resolved warnings --- .../access-control/active-directory-accounts.md | 6 +++--- .../hello-cert-trust-validate-deploy-mfa.md | 2 +- .../hello-key-trust-validate-deploy-mfa.md | 2 +- .../bitlocker/troubleshoot-bitlocker.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index a48fbd757f..acfe856cae 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -696,7 +696,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s 1. Right-click **Windows Firewall with Advanced Security LDAP://path**, and > **Properties**. - ![Local accounts for an Active Directory](images/adlocalaccounts-proc1-sample6.png) + ![Local accounts for Active Directory](images/adlocalaccounts-proc1-sample6.png) 2. On each profile, ensure that the firewall is enabled and that inbound connections are set to **Block all connections**. @@ -791,7 +791,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 6. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**. - ![Local accounts for an AD](images/adlocalaccounts-proc2-sample5.png) + ![Local accounts for AD](images/adlocalaccounts-proc2-sample5.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -804,7 +804,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 1. Right-click the workstation OU, and then > **Link an Existing GPO**. - ![Local accounts for an Active Directory](images/adlocalaccounts-proc2-sample6.png) + ![Local accounts representation for an Active Directory](images/adlocalaccounts-proc2-sample6.png) 2. Select the GPO that you just created, and > **OK**. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 6e41052f09..2cd3770d1b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multifactor Authentication +# Validate and Deploy Multifactor Authentication feature **Applies to** diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 1099786e5a..549c4ffd5d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multifactor Authentication +# Validate and Deploy Multifactor Authentication (MFA) > [!IMPORTANT] > As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 351952c249..fdb74da056 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -2,7 +2,7 @@ title: Guidelines for troubleshooting BitLocker description: Describes approaches for investigating BitLocker issues, including how to gather diagnostic information ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium From 7c51a3cacdb0a81936b404b2f5cd71635bcd212a Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 21 Oct 2021 16:53:31 +0530 Subject: [PATCH 007/335] changed metadata --- windows/client-management/mdm/Language-pack-management-csp.md | 4 ++-- windows/client-management/mdm/accountmanagement-csp.md | 4 ++-- windows/client-management/mdm/accountmanagement-ddf.md | 4 ++-- windows/client-management/mdm/accounts-csp.md | 4 ++-- windows/client-management/mdm/accounts-ddf-file.md | 4 ++-- windows/client-management/mdm/activesync-csp.md | 4 ++-- windows/client-management/mdm/activesync-ddf-file.md | 4 ++-- .../mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md | 4 ++-- windows/client-management/mdm/alljoynmanagement-csp.md | 4 ++-- windows/client-management/mdm/alljoynmanagement-ddf.md | 4 ++-- windows/client-management/mdm/application-csp.md | 4 ++-- windows/client-management/mdm/applicationcontrol-csp-ddf.md | 4 ++-- windows/client-management/mdm/applicationcontrol-csp.md | 4 ++-- windows/client-management/mdm/applocker-csp.md | 4 ++-- windows/client-management/mdm/applocker-ddf-file.md | 4 ++-- windows/client-management/mdm/applocker-xsd.md | 4 ++-- windows/client-management/mdm/appv-deploy-and-config.md | 4 ++-- windows/client-management/mdm/assign-seats.md | 4 ++-- windows/client-management/mdm/assignedaccess-csp.md | 4 ++-- windows/client-management/mdm/assignedaccess-ddf.md | 4 ++-- .../mdm/azure-active-directory-integration-with-mdm.md | 4 ++-- ...osoft-intune-automatic-mdm-enrollment-in-the-new-portal.md | 4 ++-- windows/client-management/mdm/bitlocker-csp.md | 4 ++-- windows/client-management/mdm/bitlocker-ddf-file.md | 4 ++-- windows/client-management/mdm/bootstrap-csp.md | 4 ++-- windows/client-management/mdm/browserfavorite-csp.md | 4 ++-- .../mdm/bulk-assign-and-reclaim-seats-from-user.md | 4 ++-- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 4 ++-- windows/client-management/mdm/cellularsettings-csp.md | 4 ++-- .../mdm/certificate-authentication-device-enrollment.md | 4 ++-- .../client-management/mdm/certificate-renewal-windows-mdm.md | 4 ++-- windows/client-management/mdm/certificatestore-csp.md | 4 ++-- windows/client-management/mdm/certificatestore-ddf-file.md | 4 ++-- .../mdm/change-history-for-mdm-documentation.md | 4 ++-- windows/client-management/mdm/cleanpc-csp.md | 4 ++-- windows/client-management/mdm/cleanpc-ddf.md | 4 ++-- windows/client-management/mdm/clientcertificateinstall-csp.md | 4 ++-- .../mdm/clientcertificateinstall-ddf-file.md | 4 ++-- windows/client-management/mdm/cm-cellularentries-csp.md | 4 ++-- windows/client-management/mdm/cm-proxyentries-csp.md | 4 ++-- windows/client-management/mdm/cmpolicy-csp.md | 4 ++-- windows/client-management/mdm/cmpolicyenterprise-csp.md | 4 ++-- windows/client-management/mdm/cmpolicyenterprise-ddf-file.md | 4 ++-- .../mdm/configuration-service-provider-reference.md | 4 ++-- windows/client-management/mdm/customdeviceui-csp.md | 4 ++-- windows/client-management/mdm/customdeviceui-ddf.md | 4 ++-- .../mdm/data-structures-windows-store-for-business.md | 4 ++-- windows/client-management/mdm/defender-csp.md | 4 ++-- windows/client-management/mdm/defender-ddf.md | 4 ++-- windows/client-management/mdm/devdetail-csp.md | 4 ++-- windows/client-management/mdm/devdetail-ddf-file.md | 4 ++-- windows/client-management/mdm/developersetup-csp.md | 4 ++-- windows/client-management/mdm/developersetup-ddf.md | 4 ++-- windows/client-management/mdm/device-update-management.md | 4 ++-- windows/client-management/mdm/deviceinstanceservice-csp.md | 4 ++-- windows/client-management/mdm/devicelock-csp.md | 4 ++-- windows/client-management/mdm/devicelock-ddf-file.md | 4 ++-- windows/client-management/mdm/devicemanageability-csp.md | 4 ++-- windows/client-management/mdm/devicemanageability-ddf.md | 4 ++-- windows/client-management/mdm/devicestatus-csp.md | 4 ++-- windows/client-management/mdm/devicestatus-ddf.md | 4 ++-- windows/client-management/mdm/devinfo-csp.md | 4 ++-- windows/client-management/mdm/devinfo-ddf-file.md | 4 ++-- .../mdm/diagnose-mdm-failures-in-windows-10.md | 4 ++-- windows/client-management/mdm/diagnosticlog-csp.md | 4 ++-- windows/client-management/mdm/diagnosticlog-ddf.md | 4 ++-- .../mdm/disconnecting-from-mdm-unenrollment.md | 4 ++-- windows/client-management/mdm/dmacc-csp.md | 4 ++-- windows/client-management/mdm/dmacc-ddf-file.md | 4 ++-- windows/client-management/mdm/dmclient-csp.md | 4 ++-- windows/client-management/mdm/dmclient-ddf-file.md | 4 ++-- windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 4 ++-- windows/client-management/mdm/dmsessionactions-csp.md | 4 ++-- windows/client-management/mdm/dmsessionactions-ddf.md | 4 ++-- windows/client-management/mdm/dynamicmanagement-csp.md | 4 ++-- windows/client-management/mdm/dynamicmanagement-ddf.md | 4 ++-- windows/client-management/mdm/eap-configuration.md | 4 ++-- windows/client-management/mdm/email2-csp.md | 4 ++-- windows/client-management/mdm/email2-ddf-file.md | 4 ++-- .../mdm/enable-admx-backed-policies-in-mdm.md | 4 ++-- ...for-windows-embedded-8-1-handheld-devices-to-windows-10.md | 4 ++-- ...ll-a-windows-10-device-automatically-using-group-policy.md | 4 ++-- .../client-management/mdm/enrollmentstatustracking-csp-ddf.md | 4 ++-- windows/client-management/mdm/enrollmentstatustracking-csp.md | 4 ++-- windows/client-management/mdm/enterprise-app-management.md | 4 ++-- windows/client-management/mdm/enterpriseapn-csp.md | 4 ++-- windows/client-management/mdm/enterpriseapn-ddf.md | 4 ++-- windows/client-management/mdm/enterpriseappmanagement-csp.md | 4 ++-- windows/client-management/mdm/enterpriseappvmanagement-csp.md | 4 ++-- windows/client-management/mdm/enterpriseappvmanagement-ddf.md | 4 ++-- windows/client-management/mdm/enterpriseassignedaccess-csp.md | 4 ++-- windows/client-management/mdm/enterpriseassignedaccess-ddf.md | 4 ++-- windows/client-management/mdm/enterpriseassignedaccess-xsd.md | 4 ++-- windows/client-management/mdm/enterprisedataprotection-csp.md | 4 ++-- .../mdm/enterprisedataprotection-ddf-file.md | 4 ++-- .../mdm/enterprisedesktopappmanagement-csp.md | 4 ++-- .../mdm/enterprisedesktopappmanagement-ddf-file.md | 4 ++-- .../mdm/enterprisedesktopappmanagement2-xsd.md | 4 ++-- windows/client-management/mdm/enterpriseext-csp.md | 4 ++-- windows/client-management/mdm/enterpriseext-ddf.md | 4 ++-- windows/client-management/mdm/enterpriseextfilessystem-csp.md | 4 ++-- windows/client-management/mdm/enterpriseextfilesystem-ddf.md | 4 ++-- .../mdm/enterprisemodernappmanagement-csp.md | 4 ++-- .../mdm/enterprisemodernappmanagement-ddf.md | 4 ++-- .../mdm/enterprisemodernappmanagement-xsd.md | 4 ++-- windows/client-management/mdm/euiccs-csp.md | 4 ++-- windows/client-management/mdm/euiccs-ddf-file.md | 4 ++-- .../mdm/federated-authentication-device-enrollment.md | 4 ++-- windows/client-management/mdm/filesystem-csp.md | 4 ++-- windows/client-management/mdm/firewall-csp.md | 4 ++-- windows/client-management/mdm/firewall-ddf-file.md | 4 ++-- windows/client-management/mdm/get-inventory.md | 4 ++-- .../client-management/mdm/get-localized-product-details.md | 4 ++-- windows/client-management/mdm/get-offline-license.md | 4 ++-- windows/client-management/mdm/get-product-details.md | 4 ++-- windows/client-management/mdm/get-product-package.md | 4 ++-- windows/client-management/mdm/get-product-packages.md | 4 ++-- windows/client-management/mdm/get-seat.md | 4 ++-- windows/client-management/mdm/get-seats-assigned-to-a-user.md | 4 ++-- windows/client-management/mdm/get-seats.md | 4 ++-- windows/client-management/mdm/healthattestation-csp.md | 4 ++-- windows/client-management/mdm/healthattestation-ddf.md | 4 ++-- windows/client-management/mdm/hotspot-csp.md | 4 ++-- .../implement-server-side-mobile-application-management.md | 4 ++-- windows/client-management/mdm/index.md | 4 ++-- .../mdm/management-tool-for-windows-store-for-business.md | 4 ++-- windows/client-management/mdm/maps-csp.md | 4 ++-- windows/client-management/mdm/maps-ddf-file.md | 4 ++-- .../mdm/mdm-enrollment-of-windows-devices.md | 4 ++-- windows/client-management/mdm/messaging-csp.md | 4 ++-- windows/client-management/mdm/messaging-ddf.md | 4 ++-- windows/client-management/mdm/mobile-device-enrollment.md | 4 ++-- windows/client-management/mdm/multisim-csp.md | 4 ++-- windows/client-management/mdm/multisim-ddf.md | 4 ++-- windows/client-management/mdm/nap-csp.md | 4 ++-- windows/client-management/mdm/napdef-csp.md | 4 ++-- windows/client-management/mdm/networkproxy-csp.md | 4 ++-- windows/client-management/mdm/networkproxy-ddf.md | 4 ++-- windows/client-management/mdm/networkqospolicy-csp.md | 4 ++-- windows/client-management/mdm/networkqospolicy-ddf.md | 4 ++-- .../mdm/new-in-windows-mdm-enrollment-management.md | 4 ++-- windows/client-management/mdm/nodecache-csp.md | 4 ++-- windows/client-management/mdm/nodecache-ddf-file.md | 4 ++-- windows/client-management/mdm/office-csp.md | 4 ++-- windows/client-management/mdm/office-ddf.md | 4 ++-- windows/client-management/mdm/oma-dm-protocol-support.md | 4 ++-- .../mdm/on-premise-authentication-device-enrollment.md | 4 ++-- windows/client-management/mdm/passportforwork-csp.md | 4 ++-- windows/client-management/mdm/passportforwork-ddf.md | 4 ++-- windows/client-management/mdm/personalization-csp.md | 4 ++-- windows/client-management/mdm/personalization-ddf.md | 4 ++-- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-group-policy.md | 4 ++-- ...licy-csp-supported-by-hololens-1st-gen-commercial-suite.md | 4 ++-- ...y-csp-supported-by-hololens-1st-gen-development-edition.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-iot-core.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-surface-hub.md | 4 ++-- .../mdm/policies-in-policy-csp-that-can-be-set-using-eas.md | 4 ++-- .../mdm/policy-configuration-service-provider.md | 4 ++-- windows/client-management/mdm/policy-csp-abovelock.md | 4 ++-- windows/client-management/mdm/policy-csp-accounts.md | 4 ++-- windows/client-management/mdm/policy-csp-activexcontrols.md | 4 ++-- .../mdm/policy-csp-admx-activexinstallservice.md | 4 ++-- .../mdm/policy-csp-admx-addremoveprograms.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-admpwd.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-appcompat.md | 4 ++-- .../mdm/policy-csp-admx-appxpackagemanager.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-appxruntime.md | 4 ++-- .../mdm/policy-csp-admx-attachmentmanager.md | 4 ++-- .../client-management/mdm/policy-csp-admx-auditsettings.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-bits.md | 4 ++-- .../client-management/mdm/policy-csp-admx-ciphersuiteorder.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-com.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-controlpanel.md | 4 ++-- .../mdm/policy-csp-admx-controlpaneldisplay.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-cpls.md | 4 ++-- .../mdm/policy-csp-admx-credentialproviders.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-credssp.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-credui.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md | 4 ++-- .../client-management/mdm/policy-csp-admx-datacollection.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dcom.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-desktop.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-devicecompat.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-deviceguard.md | 4 ++-- .../mdm/policy-csp-admx-deviceinstallation.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-devicesetup.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dfs.md | 4 ++-- .../client-management/mdm/policy-csp-admx-digitallocker.md | 4 ++-- .../client-management/mdm/policy-csp-admx-diskdiagnostic.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-disknvcache.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-diskquota.md | 4 ++-- .../mdm/policy-csp-admx-distributedlinktracking.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dnsclient.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dwm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-eaime.md | 4 ++-- .../mdm/policy-csp-admx-encryptfilesonmove.md | 4 ++-- .../client-management/mdm/policy-csp-admx-enhancedstorage.md | 4 ++-- .../client-management/mdm/policy-csp-admx-errorreporting.md | 4 ++-- .../client-management/mdm/policy-csp-admx-eventforwarding.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-eventlog.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-eventlogging.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-eventviewer.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-explorer.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-externalboot.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-filerecovery.md | 4 ++-- .../client-management/mdm/policy-csp-admx-filerevocation.md | 4 ++-- .../mdm/policy-csp-admx-fileservervssprovider.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-filesys.md | 4 ++-- .../mdm/policy-csp-admx-folderredirection.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-framepanes.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-fthsvc.md | 4 ++-- .../client-management/mdm/policy-csp-admx-globalization.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-grouppolicy.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-help.md | 4 ++-- .../client-management/mdm/policy-csp-admx-helpandsupport.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-hotspotauth.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-icm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-iis.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-iscsi.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-kdc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-kerberos.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-lanmanserver.md | 4 ++-- .../mdm/policy-csp-admx-lanmanworkstation.md | 4 ++-- .../client-management/mdm/policy-csp-admx-leakdiagnostic.md | 4 ++-- .../mdm/policy-csp-admx-linklayertopologydiscovery.md | 4 ++-- .../mdm/policy-csp-admx-locationprovideradm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-logon.md | 4 ++-- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-mmc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-mmcsnapins.md | 4 ++-- .../mdm/policy-csp-admx-mobilepcmobilitycenter.md | 4 ++-- .../mdm/policy-csp-admx-mobilepcpresentationsettings.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msapolicy.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msched.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msdt.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msi.md | 4 ++-- .../client-management/mdm/policy-csp-admx-msifilerecovery.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-nca.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-ncsi.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-netlogon.md | 4 ++-- .../mdm/policy-csp-admx-networkconnections.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-offlinefiles.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-pca.md | 4 ++-- .../mdm/policy-csp-admx-peertopeercaching.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-pentraining.md | 4 ++-- .../mdm/policy-csp-admx-performancediagnostics.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-power.md | 4 ++-- .../mdm/policy-csp-admx-powershellexecutionpolicy.md | 4 ++-- .../client-management/mdm/policy-csp-admx-previousversions.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-printing.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-printing2.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-programs.md | 4 ++-- .../client-management/mdm/policy-csp-admx-pushtoinstall.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-radar.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-reliability.md | 4 ++-- .../client-management/mdm/policy-csp-admx-remoteassistance.md | 4 ++-- .../client-management/mdm/policy-csp-admx-removablestorage.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-rpc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-scripts.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sdiageng.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sdiagschd.md | 4 ++-- .../client-management/mdm/policy-csp-admx-securitycenter.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sensors.md | 4 ++-- .../client-management/mdm/policy-csp-admx-servermanager.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-servicing.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-settingsync.md | 4 ++-- .../client-management/mdm/policy-csp-admx-sharedfolders.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sharing.md | 4 ++-- .../mdm/policy-csp-admx-shellcommandpromptregedittools.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-smartcard.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-snmp.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-soundrec.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-srmfci.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-startmenu.md | 4 ++-- .../client-management/mdm/policy-csp-admx-systemrestore.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-tabletshell.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-taskbar.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-tcpip.md | 4 ++-- .../client-management/mdm/policy-csp-admx-terminalserver.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-thumbnails.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-touchinput.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-tpm.md | 4 ++-- .../mdm/policy-csp-admx-userexperiencevirtualization.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-userprofiles.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-w32time.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wcm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wdi.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wincal.md | 4 ++-- .../mdm/policy-csp-admx-windowscolorsystem.md | 4 ++-- .../mdm/policy-csp-admx-windowsconnectnow.md | 4 ++-- .../client-management/mdm/policy-csp-admx-windowsexplorer.md | 4 ++-- .../client-management/mdm/policy-csp-admx-windowsmediadrm.md | 4 ++-- .../mdm/policy-csp-admx-windowsmediaplayer.md | 4 ++-- .../mdm/policy-csp-admx-windowsremotemanagement.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-windowsstore.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wininit.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-winlogon.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-winsrv.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wlansvc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wordwheel.md | 4 ++-- .../mdm/policy-csp-admx-workfoldersclient.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wpn.md | 4 ++-- .../client-management/mdm/policy-csp-applicationdefaults.md | 4 ++-- .../client-management/mdm/policy-csp-applicationmanagement.md | 4 ++-- windows/client-management/mdm/policy-csp-appruntime.md | 4 ++-- windows/client-management/mdm/policy-csp-appvirtualization.md | 4 ++-- windows/client-management/mdm/policy-csp-attachmentmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-audit.md | 4 ++-- windows/client-management/mdm/policy-csp-authentication.md | 4 ++-- windows/client-management/mdm/policy-csp-autoplay.md | 4 ++-- windows/client-management/mdm/policy-csp-bitlocker.md | 4 ++-- windows/client-management/mdm/policy-csp-bits.md | 4 ++-- windows/client-management/mdm/policy-csp-bluetooth.md | 4 ++-- windows/client-management/mdm/policy-csp-browser.md | 4 ++-- windows/client-management/mdm/policy-csp-camera.md | 4 ++-- windows/client-management/mdm/policy-csp-cellular.md | 4 ++-- windows/client-management/mdm/policy-csp-connectivity.md | 4 ++-- .../client-management/mdm/policy-csp-controlpolicyconflict.md | 4 ++-- .../client-management/mdm/policy-csp-credentialproviders.md | 4 ++-- .../client-management/mdm/policy-csp-credentialsdelegation.md | 4 ++-- windows/client-management/mdm/policy-csp-credentialsui.md | 4 ++-- windows/client-management/mdm/policy-csp-cryptography.md | 4 ++-- windows/client-management/mdm/policy-csp-dataprotection.md | 4 ++-- windows/client-management/mdm/policy-csp-datausage.md | 4 ++-- windows/client-management/mdm/policy-csp-defender.md | 4 ++-- .../client-management/mdm/policy-csp-deliveryoptimization.md | 4 ++-- windows/client-management/mdm/policy-csp-desktop.md | 4 ++-- windows/client-management/mdm/policy-csp-deviceguard.md | 4 ++-- .../mdm/policy-csp-devicehealthmonitoring.md | 4 ++-- .../client-management/mdm/policy-csp-deviceinstallation.md | 4 ++-- windows/client-management/mdm/policy-csp-devicelock.md | 4 ++-- windows/client-management/mdm/policy-csp-display.md | 4 ++-- windows/client-management/mdm/policy-csp-dmaguard.md | 4 ++-- windows/client-management/mdm/policy-csp-education.md | 4 ++-- .../client-management/mdm/policy-csp-enterprisecloudprint.md | 4 ++-- windows/client-management/mdm/policy-csp-errorreporting.md | 4 ++-- windows/client-management/mdm/policy-csp-eventlogservice.md | 4 ++-- windows/client-management/mdm/policy-csp-experience.md | 4 ++-- windows/client-management/mdm/policy-csp-exploitguard.md | 4 ++-- windows/client-management/mdm/policy-csp-feeds.md | 4 ++-- windows/client-management/mdm/policy-csp-fileexplorer.md | 4 ++-- windows/client-management/mdm/policy-csp-games.md | 4 ++-- windows/client-management/mdm/policy-csp-handwriting.md | 4 ++-- windows/client-management/mdm/policy-csp-internetexplorer.md | 4 ++-- windows/client-management/mdm/policy-csp-kerberos.md | 4 ++-- windows/client-management/mdm/policy-csp-kioskbrowser.md | 4 ++-- windows/client-management/mdm/policy-csp-lanmanworkstation.md | 4 ++-- windows/client-management/mdm/policy-csp-licensing.md | 4 ++-- .../mdm/policy-csp-localpoliciessecurityoptions.md | 4 ++-- .../client-management/mdm/policy-csp-localusersandgroups.md | 4 ++-- windows/client-management/mdm/policy-csp-lockdown.md | 4 ++-- windows/client-management/mdm/policy-csp-maps.md | 4 ++-- windows/client-management/mdm/policy-csp-messaging.md | 4 ++-- windows/client-management/mdm/policy-csp-mixedreality.md | 4 ++-- windows/client-management/mdm/policy-csp-mssecurityguide.md | 4 ++-- windows/client-management/mdm/policy-csp-msslegacy.md | 4 ++-- windows/client-management/mdm/policy-csp-multitasking.md | 4 ++-- windows/client-management/mdm/policy-csp-networkisolation.md | 4 ++-- .../client-management/mdm/policy-csp-networklistmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-notifications.md | 4 ++-- windows/client-management/mdm/policy-csp-power.md | 4 ++-- windows/client-management/mdm/policy-csp-printers.md | 4 ++-- windows/client-management/mdm/policy-csp-privacy.md | 4 ++-- windows/client-management/mdm/policy-csp-remoteassistance.md | 4 ++-- .../client-management/mdm/policy-csp-remotedesktopservices.md | 4 ++-- windows/client-management/mdm/policy-csp-remotemanagement.md | 4 ++-- .../client-management/mdm/policy-csp-remoteprocedurecall.md | 4 ++-- windows/client-management/mdm/policy-csp-remoteshell.md | 4 ++-- windows/client-management/mdm/policy-csp-restrictedgroups.md | 4 ++-- windows/client-management/mdm/policy-csp-search.md | 4 ++-- windows/client-management/mdm/policy-csp-security.md | 4 ++-- .../client-management/mdm/policy-csp-servicecontrolmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-settings.md | 4 ++-- windows/client-management/mdm/policy-csp-smartscreen.md | 4 ++-- windows/client-management/mdm/policy-csp-speech.md | 4 ++-- windows/client-management/mdm/policy-csp-start.md | 4 ++-- windows/client-management/mdm/policy-csp-storage.md | 4 ++-- windows/client-management/mdm/policy-csp-system.md | 4 ++-- windows/client-management/mdm/policy-csp-systemservices.md | 4 ++-- windows/client-management/mdm/policy-csp-taskmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-taskscheduler.md | 4 ++-- windows/client-management/mdm/policy-csp-textinput.md | 4 ++-- .../client-management/mdm/policy-csp-timelanguagesettings.md | 4 ++-- windows/client-management/mdm/policy-csp-troubleshooting.md | 4 ++-- windows/client-management/mdm/policy-csp-update.md | 4 ++-- windows/client-management/mdm/policy-csp-userrights.md | 4 ++-- windows/client-management/mdm/policy-csp-wifi.md | 4 ++-- .../mdm/policy-csp-windowsconnectionmanager.md | 4 ++-- .../mdm/policy-csp-windowsdefendersecuritycenter.md | 4 ++-- .../client-management/mdm/policy-csp-windowsinkworkspace.md | 4 ++-- windows/client-management/mdm/policy-csp-windowslogon.md | 4 ++-- windows/client-management/mdm/policy-csp-windowspowershell.md | 4 ++-- windows/client-management/mdm/policy-csp-windowssandbox.md | 4 ++-- windows/client-management/mdm/policy-csp-wirelessdisplay.md | 4 ++-- windows/client-management/mdm/policy-ddf-file.md | 4 ++-- windows/client-management/mdm/policymanager-csp.md | 4 ++-- windows/client-management/mdm/provisioning-csp.md | 4 ++-- windows/client-management/mdm/proxy-csp.md | 4 ++-- .../client-management/mdm/push-notification-windows-mdm.md | 4 ++-- windows/client-management/mdm/pxlogical-csp.md | 4 ++-- windows/client-management/mdm/reboot-csp.md | 4 ++-- windows/client-management/mdm/reboot-ddf-file.md | 4 ++-- windows/client-management/mdm/reclaim-seat-from-user.md | 4 ++-- .../register-your-free-azure-active-directory-subscription.md | 4 ++-- windows/client-management/mdm/registry-csp.md | 4 ++-- windows/client-management/mdm/registry-ddf-file.md | 4 ++-- windows/client-management/mdm/remotefind-csp.md | 4 ++-- windows/client-management/mdm/remotefind-ddf-file.md | 4 ++-- windows/client-management/mdm/remotelock-csp.md | 4 ++-- windows/client-management/mdm/remotelock-ddf-file.md | 4 ++-- windows/client-management/mdm/remotering-csp.md | 4 ++-- windows/client-management/mdm/remotering-ddf-file.md | 4 ++-- windows/client-management/mdm/remotewipe-csp.md | 4 ++-- windows/client-management/mdm/remotewipe-ddf-file.md | 4 ++-- windows/client-management/mdm/reporting-csp.md | 4 ++-- windows/client-management/mdm/reporting-ddf-file.md | 4 ++-- .../mdm/rest-api-reference-windows-store-for-business.md | 4 ++-- windows/client-management/mdm/rootcacertificates-csp.md | 4 ++-- windows/client-management/mdm/rootcacertificates-ddf-file.md | 4 ++-- windows/client-management/mdm/secureassessment-csp.md | 4 ++-- windows/client-management/mdm/secureassessment-ddf-file.md | 4 ++-- windows/client-management/mdm/securitypolicy-csp.md | 4 ++-- .../client-management/mdm/server-requirements-windows-mdm.md | 4 ++-- windows/client-management/mdm/sharedpc-csp.md | 4 ++-- windows/client-management/mdm/sharedpc-ddf-file.md | 4 ++-- windows/client-management/mdm/storage-csp.md | 4 ++-- windows/client-management/mdm/storage-ddf-file.md | 4 ++-- .../mdm/structure-of-oma-dm-provisioning-files.md | 4 ++-- windows/client-management/mdm/supl-csp.md | 4 ++-- windows/client-management/mdm/supl-ddf-file.md | 4 ++-- windows/client-management/mdm/surfacehub-csp.md | 4 ++-- windows/client-management/mdm/surfacehub-ddf-file.md | 4 ++-- windows/client-management/mdm/tenantlockdown-csp.md | 4 ++-- windows/client-management/mdm/tenantlockdown-ddf.md | 4 ++-- windows/client-management/mdm/tpmpolicy-csp.md | 4 ++-- windows/client-management/mdm/tpmpolicy-ddf-file.md | 4 ++-- windows/client-management/mdm/uefi-csp.md | 4 ++-- windows/client-management/mdm/uefi-ddf.md | 4 ++-- .../mdm/understanding-admx-backed-policies.md | 4 ++-- windows/client-management/mdm/unifiedwritefilter-csp.md | 4 ++-- windows/client-management/mdm/unifiedwritefilter-ddf.md | 4 ++-- windows/client-management/mdm/update-csp.md | 4 ++-- windows/client-management/mdm/update-ddf-file.md | 4 ++-- ...using-powershell-scripting-with-the-wmi-bridge-provider.md | 4 ++-- windows/client-management/mdm/vpn-csp.md | 4 ++-- windows/client-management/mdm/vpn-ddf-file.md | 4 ++-- windows/client-management/mdm/vpnv2-csp.md | 4 ++-- windows/client-management/mdm/vpnv2-ddf-file.md | 4 ++-- windows/client-management/mdm/vpnv2-profile-xsd.md | 4 ++-- windows/client-management/mdm/w4-application-csp.md | 4 ++-- windows/client-management/mdm/w7-application-csp.md | 4 ++-- windows/client-management/mdm/wifi-csp.md | 4 ++-- windows/client-management/mdm/wifi-ddf-file.md | 4 ++-- .../mdm/win32-and-centennial-app-policy-configuration.md | 4 ++-- windows/client-management/mdm/win32appinventory-csp.md | 4 ++-- windows/client-management/mdm/win32appinventory-ddf-file.md | 4 ++-- .../client-management/mdm/win32compatibilityappraiser-csp.md | 4 ++-- .../client-management/mdm/win32compatibilityappraiser-ddf.md | 4 ++-- .../client-management/mdm/windows-mdm-enterprise-settings.md | 4 ++-- .../mdm/windowsadvancedthreatprotection-csp.md | 4 ++-- .../mdm/windowsadvancedthreatprotection-ddf.md | 4 ++-- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- .../mdm/windowsdefenderapplicationguard-ddf-file.md | 4 ++-- windows/client-management/mdm/windowslicensing-csp.md | 4 ++-- windows/client-management/mdm/windowslicensing-ddf-file.md | 4 ++-- windows/client-management/mdm/windowssecurityauditing-csp.md | 4 ++-- .../client-management/mdm/windowssecurityauditing-ddf-file.md | 4 ++-- windows/client-management/mdm/wirednetwork-csp.md | 4 ++-- windows/client-management/mdm/wirednetwork-ddf-file.md | 4 ++-- .../mdm/wmi-providers-supported-in-windows.md | 4 ++-- 472 files changed, 944 insertions(+), 944 deletions(-) diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md index 0a1e9f72a4..2064d3d2b5 100644 --- a/windows/client-management/mdm/Language-pack-management-csp.md +++ b/windows/client-management/mdm/Language-pack-management-csp.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: v-nsatapathy ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 06/22/2021 --- diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 42722f7bd7..4c7f7c851d 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -3,8 +3,8 @@ title: AccountManagement CSP description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 03/23/2018 ms.reviewer: diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md index c4c26237bc..cee08b95b0 100644 --- a/windows/client-management/mdm/accountmanagement-ddf.md +++ b/windows/client-management/mdm/accountmanagement-ddf.md @@ -3,8 +3,8 @@ title: AccountManagement DDF file description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 03/23/2018 ms.reviewer: diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 1269c2797e..6861848d69 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -3,8 +3,8 @@ title: Accounts CSP description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, as well as create local Windows accounts & joint them to a group. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 03/27/2020 ms.reviewer: diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index 9d91061818..0b092e2454 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -3,8 +3,8 @@ title: Accounts DDF file description: XML file containing the device description framework (DDF) for the Accounts configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 04/17/2018 ms.reviewer: diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index e69eef0c44..997b74ce7b 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index dae70c2133..12db701db4 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md index 64394a6989..d594616006 100644 --- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md +++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index 26bcc2dda6..69dc5d3b65 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md index 77494eaf9f..fe768004be 100644 --- a/windows/client-management/mdm/alljoynmanagement-ddf.md +++ b/windows/client-management/mdm/alljoynmanagement-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md index 728e4dcda3..241c434f87 100644 --- a/windows/client-management/mdm/application-csp.md +++ b/windows/client-management/mdm/application-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index f6d3ef7a2f..ff1a795031 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -3,8 +3,8 @@ title: ApplicationControl CSP DDF description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: ManikaDhiman ms.date: 07/10/2019 --- diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 4a4b41b531..ec3c19a568 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -4,8 +4,8 @@ description: The ApplicationControl CSP allows you to manage multiple Windows De keywords: security, malware ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: ManikaDhiman ms.reviewer: jsuther1974 ms.date: 09/10/2020 diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 5669fcf0f8..7a36dce3e0 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 11/19/2019 --- diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index 7bde68650f..75a140ce62 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md index bf80bc1d61..10387f8304 100644 --- a/windows/client-management/mdm/applocker-xsd.md +++ b/windows/client-management/mdm/applocker-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index 4c8f6eaecd..01bdfeefdf 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -3,8 +3,8 @@ title: Deploy and configure App-V apps using MDM description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index 74ea36df77..05d9380f93 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 15f4ca1e01..2ab139b4f3 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 09/18/2018 --- diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 1adb451c1c..385ab86816 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 02/22/2018 --- diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index a65935c948..1b8ae56970 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp --- diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md index ce25592491..2eb1dd2dee 100644 --- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md +++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md @@ -3,8 +3,8 @@ title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Porta description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 12/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index e3f6b2bd85..7bd8ee01a9 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -3,8 +3,8 @@ title: BitLocker CSP description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.localizationpriority: medium ms.date: 04/16/2020 diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index 06e6fdd613..df14ac7483 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -3,8 +3,8 @@ title: BitLocker DDF file description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.localizationpriority: medium ms.date: 09/30/2019 diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md index e07354fa81..465173f72d 100644 --- a/windows/client-management/mdm/bootstrap-csp.md +++ b/windows/client-management/mdm/bootstrap-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index 15a939f7eb..c35e8759ca 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index 03804b98b6..9cb6765d7e 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index d1db6d514e..1da5a31a00 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index e493bf16e1..a1ad9a7bea 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md index 1d2eebc12f..5cb26cdf54 100644 --- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md +++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md index a2df800805..6eddeaade7 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index aa562a1b58..caa3d07a7b 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 02/28/2020 --- diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index da503f9902..fd13e13391 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index 9a5f7e4425..bef6ad59ae 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/19/2020 diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 437a1a48c2..ea014bc83f 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -3,8 +3,8 @@ title: CleanPC CSP description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 6b38990ac1..3e01db80af 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index ffb8f4fa5d..394340d101 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/30/2021 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index ed787a3b0f..b1e928dab2 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index 44886adee0..a2255c65ad 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/02/2017 --- diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index 5680e25242..526e8194ac 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 1cac56d2f6..158c447a9c 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 3a5cc913a6..2ec112f762 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index 5c1c136c23..214599045d 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index d4793c91e6..7531d8f6e2 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 --- diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 2645a75e3f..41ee326400 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index 7623b155f2..a949e65d81 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index b1e8b42c40..e24f4d1db6 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -9,8 +9,8 @@ manager: dansimp description: ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 88a8764d74..7278050a4f 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.localizationpriority: medium ms.date: 10/04/2021 diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index e5da0cdb7b..4ae84e1bab 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 07/23/2021 diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 5337bb0cfd..30bf4dcaf7 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/27/2020 --- diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index de26ad8620..7abd7ff13e 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/03/2020 --- diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index f36f744684..0091f4281a 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2018 --- diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index 21afb0f2a6..d8a024cf05 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index bd80931f74..44563f27f2 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -7,8 +7,8 @@ manager: dansimp keywords: mdm,management,administrator ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/15/2017 --- diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md index 0db22bf159..46280b0e0d 100644 --- a/windows/client-management/mdm/deviceinstanceservice-csp.md +++ b/windows/client-management/mdm/deviceinstanceservice-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index 9933e58a23..4a28ab77f5 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index eb63ef11fe..1408091172 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 99d2930eff..2f7cb9c748 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index 4cb0c7f58b..f137a5a2b4 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index f861b2d2e4..5282e5b15e 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/25/2021 --- diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index fbdf08a6d0..1507a0af81 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/12/2018 --- diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index e9c0979c67..cc20902d98 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index aec2b4cc91..63eb03e1bb 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 92ed52968c..f61abce9ef 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/25/2018 --- diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index d232842e12..9b59b27cb2 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/19/2019 --- diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index f635ed44c6..adbe226978 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index 5f48d033a0..5cafbe183f 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index e7e340552c..aa1152b77b 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index b10dcad38a..c156622561 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index b8ddb3ffeb..ae039833c9 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index c5ba87da90..529d2e5984 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 8290fa7eea..37d0a59b08 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -16,8 +16,8 @@ api_type: - DllExport ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md index ffdfc3e2b7..8ca8faf4b0 100644 --- a/windows/client-management/mdm/dmsessionactions-csp.md +++ b/windows/client-management/mdm/dmsessionactions-csp.md @@ -3,8 +3,8 @@ title: DMSessionActions CSP description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low-power state. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md index 61b4b4754a..e0a6ffd44a 100644 --- a/windows/client-management/mdm/dmsessionactions-ddf.md +++ b/windows/client-management/mdm/dmsessionactions-ddf.md @@ -3,8 +3,8 @@ title: DMSessionActions DDF file description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 3b59ea0c12..38187f2fe7 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -3,8 +3,8 @@ title: DynamicManagement CSP description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index 2690fa4e23..611754bacc 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 2ef69ad6c3..f59c08c034 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index f3e4080512..0d128db89e 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index 4f11b5b64d..6632a4864f 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index bf6cf8cc1e..764585a83f 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -3,8 +3,8 @@ title: Enable ADMX policies in MDM description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 11/01/2017 diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index bab52cb7fd..9e21996a3e 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 58d590e4b2..eac5606e7f 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -3,8 +3,8 @@ title: Enroll a Windows 10 device automatically using Group Policy description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 10/14/2021 ms.reviewer: diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md index 98739efcb1..7bc0818e3c 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -3,8 +3,8 @@ title: EnrollmentStatusTracking DDF description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: ManikaDhiman ms.date: 05/17/2019 --- diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md index 54e9da339c..53c25eb42f 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -3,8 +3,8 @@ title: EnrollmentStatusTracking CSP description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: ManikaDhiman ms.date: 05/21/2019 --- diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index 8c5e138861..9e53ddbf57 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 10/04/2021 --- diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index f82e763f75..c04026eeed 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index 5e7af9b60d..4252e97e84 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index 98249aad50..88a199e103 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index cb948488da..b7d9bceaca 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -3,8 +3,8 @@ title: EnterpriseAppVManagement CSP description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md index 8cf951cf55..cd1a2c34c7 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md @@ -3,8 +3,8 @@ title: EnterpriseAppVManagement DDF file description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 271c1d69cb..f5831c333f 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/12/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md index 5d0a19de74..0c052b582b 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md index 3ee96832c7..db62544ad2 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index 3b596b6652..ea688b39e4 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/09/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index f7551ccabc..e65600f65e 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 78f0b5cb28..dad80ab697 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/11/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index f4bfca0010..57735eb2a0 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 821ec27110..933a067ca4 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md index 1cf7829f88..bc97d705cd 100644 --- a/windows/client-management/mdm/enterpriseext-csp.md +++ b/windows/client-management/mdm/enterpriseext-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md index 4b3d4b0afd..0d104bcb5f 100644 --- a/windows/client-management/mdm/enterpriseext-ddf.md +++ b/windows/client-management/mdm/enterpriseext-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilessystem-csp.md b/windows/client-management/mdm/enterpriseextfilessystem-csp.md index 58fdde76ab..45cfa899fa 100644 --- a/windows/client-management/mdm/enterpriseextfilessystem-csp.md +++ b/windows/client-management/mdm/enterpriseextfilessystem-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md index 7efb54af20..bcf7449405 100644 --- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md +++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index ee9026f5a7..c7135a9887 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/27/2019 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 237000b2f0..9ab3f032fe 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/01/2019 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index f8b15504cc..a17ca152c3 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index c9219f4340..51d4c6963e 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -3,8 +3,8 @@ title: eUICCs CSP description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/02/2018 ms.reviewer: diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index f7d0851746..c026f24d99 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/02/2018 --- diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 3a32b79699..ac15ddb5f4 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/28/2017 --- diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md index 3df7b51be2..93f4ac0754 100644 --- a/windows/client-management/mdm/filesystem-csp.md +++ b/windows/client-management/mdm/filesystem-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 2d9fbf4570..9ec61e7f3e 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -3,8 +3,8 @@ title: Firewall CSP description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 01/26/2018 ms.reviewer: diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index 72829fc3a9..d73070a8cd 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -3,8 +3,8 @@ title: Firewall DDF file description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index 94c9465267..75bf5449df 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 52848ed620..6eddfc998b 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/07/2020 --- diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 87699a8b11..03a6236d85 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index 18a0174509..725ac1fbfb 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 662580acde..dfca16bc90 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 5ad2851bc5..7cbef1f724 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 598d24ea19..87856507dc 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 016e2a8711..aefc12eace 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index a510b2460c..b6d539d7a8 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 32bdbb1eca..5932097759 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: --- diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index 651900e2d8..ba2239107a 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md index af7934b674..b16afaeeac 100644 --- a/windows/client-management/mdm/hotspot-csp.md +++ b/windows/client-management/mdm/hotspot-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index 68633b48af..2411905da6 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -3,8 +3,8 @@ title: Implement server-side support for mobile application management on Window description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 792bdcb30c..896d8a0262 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -7,8 +7,8 @@ MS-HAID: ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp --- diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index f2da07d4e2..6b06321ab7 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/27/2017 --- diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md index 2fa6bccaa3..62f433fb19 100644 --- a/windows/client-management/mdm/maps-csp.md +++ b/windows/client-management/mdm/maps-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md index 517d02109c..f450ff41ab 100644 --- a/windows/client-management/mdm/maps-ddf-file.md +++ b/windows/client-management/mdm/maps-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 6dbe747d92..980a229311 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp --- diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md index 69893ff362..6b9e0f7439 100644 --- a/windows/client-management/mdm/messaging-csp.md +++ b/windows/client-management/mdm/messaging-csp.md @@ -3,8 +3,8 @@ title: Messaging CSP description: Use the Messaging configuration service provider (CSP) to configure the ability to get text messages audited on a mobile device. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md index 22207f104b..b81850514b 100644 --- a/windows/client-management/mdm/messaging-ddf.md +++ b/windows/client-management/mdm/messaging-ddf.md @@ -3,8 +3,8 @@ title: Messaging DDF file description: Utilize the OMA DM device description framework (DDF) for the Messaging configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md index ceacdde6dd..ce2e37b5cf 100644 --- a/windows/client-management/mdm/mobile-device-enrollment.md +++ b/windows/client-management/mdm/mobile-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/11/2017 --- diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index 4436e52fc7..0aa2ecb314 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -3,8 +3,8 @@ title: MultiSIM CSP description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/22/2018 ms.reviewer: diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index cd958ba9e2..6f0dedf3ef 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -3,8 +3,8 @@ title: MultiSIM DDF file description: XML file containing the device description framework for the MultiSIM configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 02/27/2018 ms.reviewer: diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index 89d18c8eff..23566fafeb 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index 0b715c1a53..b55f9c2af8 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 4fa1f6289f..304fad34b7 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -3,8 +3,8 @@ title: NetworkProxy CSP description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/29/2018 ms.reviewer: diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index 226b6ca0ba..7d54fe0d70 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -3,8 +3,8 @@ title: NetworkProxy DDF file description: AppNetworkProxyLocker DDF file ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 19462512ee..cb6bce4145 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -3,8 +3,8 @@ title: NetworkQoSPolicy CSP description: he NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 04/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index c2d3ea4a5e..6d97971bc8 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 272489e4a8..20a0721462 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/20/2020 diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index ff47aa238d..cf3255abdd 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index 06a74f2979..1ba147e323 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 7516e3c411..8f7b8a0339 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -3,8 +3,8 @@ title: Office CSP description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/15/2018 ms.reviewer: diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index 88e2b4dee5..c05ac0e4f4 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index 5e8ad6957f..df99069206 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md index 2ff94e841f..ad57b91ada 100644 --- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 84ff8f5e34..43c92696a6 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/19/2019 --- diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index f5b345d7d6..6b41fd9681 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/29/2019 --- diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 7a1a41565d..e39f58865b 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -3,8 +3,8 @@ title: Personalization CSP description: Use the Personalization CSP to lock screen and desktop background images, prevent users from changing the image, and use the settings in a provisioning package. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index 5a9ac5cc69..a6b96e3513 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -3,8 +3,8 @@ title: Personalization DDF file description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 6256ffe15a..75602faa6d 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/08/2020 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index d7d340e2b5..6810fa8557 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md index 0c6853e5dd..2c29c2cfb0 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/17/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md index 564838b14a..eefbfd3f36 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index b312ee27f9..3a56c3ee59 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/11/2021 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md index bc1fef5bcc..1ca27243bd 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/16/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index 13c000e4f5..64ba21eb29 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 07/22/2020 diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md index 4fa3380c87..b8e94444fa 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md +++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 18c2823552..c35593115a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index c3d8c37963..0c6a3a0919 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -4,8 +4,8 @@ description: Learn the various AboveLock Policy configuration service provider ( ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index ed466fe64a..ac1c887b4d 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -4,8 +4,8 @@ description: Learn about the Policy configuration service provider (CSP). This a ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 95c9e7d80b..24c48fb672 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -4,8 +4,8 @@ description: Learn about various Policy configuration service provider (CSP) ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index c574952e31..24a507b648 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ActiveXInstallService ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index dfb1da857f..bd717b4f4c 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -3,8 +3,8 @@ title: Policy CSP - ADMX_AddRemovePrograms description: Policy CSP - ADMX_AddRemovePrograms ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 08/13/2020 diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md index 19b22053f4..a6c28668ec 100644 --- a/windows/client-management/mdm/policy-csp-admx-admpwd.md +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AdmPwd ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index 110c13b38f..62d8e5d724 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -3,8 +3,8 @@ title: Policy CSP - ADMX_AppCompat description: Policy CSP - ADMX_AppCompat ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 08/20/2020 diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 4e924cb2a7..34f70859b4 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AppxPackageManager ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 74860dbb38..014b6e900a 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AppXRuntime ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 9ddc5dc7bc..9599944abb 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AttachmentManager ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 5e4ce66ca3..dd12ea6895 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AuditSettings ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index db5b7fc71f..b2b6eb5b1a 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Bits ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/20/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 514efdce81..47645f0ff2 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CipherSuiteOrder ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index abac5580d8..7194265e4c 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_COM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index bdd6e7f313..4a29df9e09 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ControlPanel ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/05/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index d86682733e..6c296bb84e 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ControlPanelDisplay ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/05/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 71ba7fb9c0..a82e75291d 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Cpls ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 92d2b7cfc2..9f23032e63 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CredentialProviders ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/11/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 2c66db1203..1727b06582 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CredSsp ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index b6e48f936c..74ca43a15d 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CredUI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 0098e79df8..9f4a221879 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CtrlAltDel ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index 3955a74bc1..2516764fd8 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DataCollection ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index fa77b55d96..b9c172c279 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DCOM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 575e15bf06..373eb5993e 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Desktop ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md index 88df6490ae..4a166f819a 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md +++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceCompat ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 08/09/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index f8f4ce600e..da691af1d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceGuard ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index b8b64ce774..2fdf74c249 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceInstallation ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/19/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 17ee9b18a7..40535ec1ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceSetup ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/19/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index c025b09145..78b587bb3b 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DFS ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index e9379aa5be..4861b9361c 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DigitalLocker ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/31/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 7efb339a88..31344daab3 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DiskDiagnostic ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 2c19a0ace8..8c87c6a397 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DiskNVCache ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index 16ccbf1dce..a74427d575 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DiskQuota ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index ed55f58aa5..3667af8c3f 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DistributedLinkTracking ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index f1dc91e8d4..123c5d9397 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DnsClient ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index b8fc8128ce..81111e9698 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DWM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/31/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index f339803e93..67591920ee 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EAIME ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/19/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index c302a45683..85beacd4f0 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EncryptFilesonMove ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 2d325be21b..5227d2cf7e 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EnhancedStorage ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index ddb1aea9f8..28f9e8a040 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ErrorReporting ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 6c88919cf8..b4eb5d0846 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventForwarding ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index acc2191553..6915902bcc 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventLog ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index 84d624e398..983cdbe5e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventLogging ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/12/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md index 24b04c49de..26f2fa6a2c 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md +++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventViewer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/13/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index c7514101dd..7442e37060 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Explorer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index dba6105052..1ab631b4cf 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -3,8 +3,8 @@ title: Policy CSP - ADMX_ExternalBoot description: Policy CSP - ADMX_ExternalBoot ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.localizationpriority: medium ms.date: 09/13/2021 diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index aeb520d2ea..09887d489e 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileRecovery ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/24/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index 3f574460e8..03ad661e6f 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileRevocation ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/13/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 416b833dea..43ae28d39a 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileServerVSSProvider ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 54c474440a..965a2920fc 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileSys ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 9bdab22253..2e93610755 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FolderRedirection ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index 57354ebe62..5fba79297b 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FramePanes ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/14/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index 7d8f37dd58..4ff08618e2 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FTHSVC ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/15/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 812087e3a5..e4e5b92db9 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Globalization ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index dc63616394..922cdadcd9 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_GroupPolicy ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index c281c53d6b..044e7d1604 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Help ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index 8e79c571f5..b02ac3468d 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_HelpAndSupport ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index 23fdd62c9a..5b2c2c2661 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_HotSpotAuth ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/15/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 20e245b182..1a9adefa7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ICM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index 6cda2222f1..4f758838e7 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_IIS ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/17/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index f26e77cac0..d4c543becb 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_iSCSI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 1309460a63..cf9323f27b 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_kdc ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 0546f3e781..46a12ad222 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Kerberos ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 67a94e4f64..8a5e73d113 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LanmanServer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 73350f7d43..c3c9143667 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LanmanWorkstation ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index fbaa926485..d7dfbcd40b 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LeakDiagnostic ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/17/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index f14f7c780e..cc5b692c4e 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LinkLayerTopologyDiscovery ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/04/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index c1280d5f04..a1cd92bfab 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LocationProviderAdm ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 186c87c708..d9fa3eba6c 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Logon ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index e5b1bcf653..472e97e0dd 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MicrosoftDefenderAntivirus ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 00d29f8ddb..3fabf24629 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MMC ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 0a7761776b..7adda15df2 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MMCSnapins ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index ee4176f585..746c4fdeb0 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MobilePCMobilityCenter ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index afa84fef27..d09c9e9644 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MobilePCPresentationSettings ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index bbfc911a48..a29be63796 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MSAPolicy ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index ffe5ed4a17..a64d59a084 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_msched ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 68f48c21ea..cb9d34e0a7 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MSDT ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index b27f5623cc..0b9e078f08 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MSI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index ca757d87c6..4f1cbd30c2 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MsiFileRecovery ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 1ed67abd42..68c1113a9d 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_nca ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 9aff94fad5..c95af60111 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_NCSI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 60cfff66e4..211944a755 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Netlogon ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/15/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index e0e2c1610b..9554e5586c 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_NetworkConnections ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 27a8bd6ae6..6306f50618 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_OfflineFiles ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 1ec34c4edd..df7088e5da 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_pca ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index e3e5caf8a1..8cceff6fd1 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PeerToPeerCaching ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index 83f6c2e71a..5e7272c1fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PenTraining ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index c0586ccf19..08b4c76099 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PerformanceDiagnostics ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 46c9adf221..caf86878b4 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Power ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index d2d7e0d5b4..30033c752e 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PowerShellExecutionPolicy ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index 64a89c8ccf..bdca0b5b73 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PreviousVersions ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index fe3a0db756..4dfce7fe68 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Printing ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/15/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index be91226a5a..4b1406d7d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Printing2 ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/15/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index d6dcf488e4..323991c4dd 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Programs ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index 2dd314e5ca..d3b4f54bcd 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PushToInstall ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index f1161f6d53..19eb6c5f99 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Radar ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index d7e4ecc5bc..44f8aa9c7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Reliability ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index a6af07f6c6..a113720e2a 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_RemoteAssistance ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index da757e7ffe..b4702ea9a9 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_RemovableStorage ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 133c1cce4d..a7e9503b4d 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_RPC ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 101d934f48..3bdc0e45c4 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Scripts ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index e0423f69bb..52846fbf18 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_sdiageng ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index f19401826c..c7258fdefb 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_sdiagschd ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 20f174f66a..3c8bcf97f3 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Securitycenter ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 1287743ed4..cbc2c487c9 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Sensors ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 2bdd21ec6f..3e5ebef550 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ServerManager ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 0cb2e868e9..4143f53a1d 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Servicing ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 692583b4eb..d7e1a06c40 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SettingSync ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 19a24d2480..02710cdbc6 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SharedFolders ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index 27536d9679..daa021e258 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Sharing ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 1214046238..378c763b7e 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ShellCommandPromptRegEditTools ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index e2c62d296b..d998532027 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Smartcard ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 137707b5b7..1815ec5b71 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Snmp ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/24/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index 8e63a59f12..319ec75077 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SoundRec ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index ade211ea40..b4d896bd9a 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_srmfci ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 3fbbcf654d..eeec4fbe21 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_StartMenu ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/20/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index e15430f48b..45f2c78531 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SystemRestore ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index 53648b8f57..db213fb7c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TabletShell ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index ae6556aadf..453db3c5a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Taskbar ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index ef4dcccadd..9d80c0fee4 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_tcpip ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index ed42ebde3f..020a16e814 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TerminalServer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index bcfc9c477f..a91f4d4dbf 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Thumbnails ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/25/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index e5ddae159b..d8db861cd0 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TouchInput ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index f6a3adddd5..e72c9302d4 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TPM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/25/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 0d0a46df31..c5d8534a22 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_UserExperienceVirtualization ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/30/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index 65da2ac7ab..0e9b2915aa 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_UserProfiles ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/11/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index ceb56a9803..9e63436cad 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_W32Time ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/28/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index add85c7c05..edc97d7b99 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WCM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index 900905feee..deeb8aa9fd 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WDI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 763b758caf..defebeea7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WinCal ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/28/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index fe79bb59e1..b8f01b7acc 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsColorSystem ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/27/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 72c88fc9ca..f617ea7ac1 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsConnectNow ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/28/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index e1535033ad..8f4fcb6aee 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsExplorer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/29/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index dad60fc2d8..a91d37e363 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsMediaDRM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 2ec079bff6..93a0e791e6 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsMediaPlayer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index bb1d034198..d7d5be086b 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsRemoteManagement ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index dd62e87f17..2bfab9c4f9 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsStore ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 65f15edfe1..21db8f3eb7 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WinInit ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/29/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 8eaf9ca043..4815f22461 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WinLogon ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index d61e00df82..cc54ab10cf 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Winsrv ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 02/25/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 15c3769dc1..3b51a05223 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_wlansvc ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/27/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md index d66b03aaee..fe44845c50 100644 --- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WordWheel ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 35838e210e..5105429604 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WorkFoldersClient ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.date: 09/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 2cc6b9b072..892a854f3b 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WPN ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 2337443c82..e9271f85fa 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -3,8 +3,8 @@ title: Policy CSP - ApplicationDefaults description: Learn about various Policy configuration service providers (CSP) - ApplicationDefaults, including SyncML, for Windows 10. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 933d541866..6f4d1c0ab7 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -3,8 +3,8 @@ title: Policy CSP - ApplicationManagement description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 02/11/2020 diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 3d94d24363..2dceedd9e7 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -3,8 +3,8 @@ title: Policy CSP - AppRuntime description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index e21656192a..eab73f7973 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -3,8 +3,8 @@ title: Policy CSP - AppVirtualization description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 227cc1205e..2dfb909253 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - AttachmentManager description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 4be64f929b..2e230cb185 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -3,8 +3,8 @@ title: Policy CSP - Audit description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't sign in to a computer because the account is locked out. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 83bbd6d38f..e5d7482405 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -3,8 +3,8 @@ title: Policy CSP - Authentication description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign in screen. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.reviewer: bobgil diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 0223d28d59..d640d694de 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -3,8 +3,8 @@ title: Policy CSP - Autoplay description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index c629f2ed81..1d8732124d 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -3,8 +3,8 @@ title: Policy CSP - Bitlocker description: Use the Policy configuration service provider (CSP) - Bitlocker to manage encryption of PCs and devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 087a16f215..ba9f8f6faa 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -3,8 +3,8 @@ title: Policy CSP - BITS description: Use StartTime, EndTime and Transfer rate together to define the BITS bandwidth-throttling schedule and transfer rate. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index c209021556..e1f793c301 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -3,8 +3,8 @@ title: Policy CSP - Bluetooth description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 02/12/2020 diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index adb1bec8af..c9bfdba0ca 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -2,8 +2,8 @@ title: Policy CSP - Browser description: Learn how to use the Policy CSP - Browser settings so you can configure Microsoft Edge browser, version 45 and earlier. ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.author: dansimp ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 3ac207a7e5..5a5146d9c9 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -3,8 +3,8 @@ title: Policy CSP - Camera description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 17a6da62e3..bac4e6acd0 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -3,8 +3,8 @@ title: Policy CSP - Cellular description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 356d8123f7..92d7f99951 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -3,8 +3,8 @@ title: Policy CSP - Connectivity description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index f9aea239a4..754b6510fc 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -3,8 +3,8 @@ title: Policy CSP - ControlPolicyConflict description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.localizationpriority: medium ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index d4a0c57801..8bccfdc6c0 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -3,8 +3,8 @@ title: Policy CSP - CredentialProviders description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index a02c13b489..2703ba55b1 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -3,8 +3,8 @@ title: Policy CSP - CredentialsDelegation description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 0d294e4618..eeb8d5f01c 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -3,8 +3,8 @@ title: Policy CSP - CredentialsUI description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 66af935c69..4b324711ac 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -3,8 +3,8 @@ title: Policy CSP - Cryptography description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index ed9a1f87c4..2e026dc10d 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -3,8 +3,8 @@ title: Policy CSP - DataProtection description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 9fcd657539..5c6efed53f 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -3,8 +3,8 @@ title: Policy CSP - DataUsage description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index fddac52c0c..ca9cf858a7 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -3,8 +3,8 @@ title: Policy CSP - Defender description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 01/08/2020 diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index b889259061..f3e55339bd 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -3,8 +3,8 @@ title: Policy CSP - DeliveryOptimization description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 06/09/2020 diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 1c8ca1f094..3bfc6411da 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -3,8 +3,8 @@ title: Policy CSP - Desktop description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index a7b099ab6f..24122e6369 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -3,8 +3,8 @@ title: Policy CSP - DeviceGuard description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index 2d0bfe0011..8f4f64b674 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -3,8 +3,8 @@ title: Policy CSP - DeviceHealthMonitoring description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index c14144ccd7..526e8455ba 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,8 +6,8 @@ description: Use the Policy CSP - DeviceInstallation setting to specify a list o ms.author: dansimp ms.date: 09/27/2019 ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium --- diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 0288d5c9c7..3202cba348 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -3,8 +3,8 @@ title: Policy CSP - DeviceLock description: Learn how to use the Policy CSP - DeviceLock setting to specify whether the user must input a PIN or password when the device resumes from an idle state. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index d24d5b7075..4137123ca8 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -3,8 +3,8 @@ title: Policy CSP - Display description: Learn how to use the Policy CSP - Display setting to disable Per-Process System DPI for a semicolon-separated list of applications. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index e16f8e14e9..283d358e83 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -3,8 +3,8 @@ title: Policy CSP - DmaGuard description: Learn how to use the Policy CSP - DmaGuard setting to provide additional security against external DMA capable devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 42ade7935c..1b58f4f721 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -3,8 +3,8 @@ title: Policy CSP - Education description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index ab1ce55fca..5ee8ee2c38 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -3,8 +3,8 @@ title: Policy CSP - EnterpriseCloudPrint description: Use the Policy CSP - EnterpriseCloudPrint setting to define the maximum number of printers that should be queried from a discovery end point. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 9c470e1ddf..55b37761d8 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -3,8 +3,8 @@ title: Policy CSP - ErrorReporting description: Learn how to use the Policy CSP - ErrorReporting setting to determine the consent behavior of Windows Error Reporting for specific event types. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index be19cffdee..f92e2b8873 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -3,8 +3,8 @@ title: Policy CSP - EventLogService description: Learn how to use the Policy CSP - EventLogService settting to control Event Log behavior when the log file reaches its maximum size. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 79a75e5fb3..0ccced2ba2 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -3,8 +3,8 @@ title: Policy CSP - Experience description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 11/02/2020 diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 8e59c287d3..1a848006a9 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -3,8 +3,8 @@ title: Policy CSP - ExploitGuard description: Use the Policy CSP - ExploitGuard setting to push out the desired system configuration and application mitigation options to all the devices in the organization. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md index 0f683d9be9..b32629baa7 100644 --- a/windows/client-management/mdm/policy-csp-feeds.md +++ b/windows/client-management/mdm/policy-csp-feeds.md @@ -3,8 +3,8 @@ title: Policy CSP - Feeds description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device. ms.author: v-nsatapathy ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.localizationpriority: medium ms.date: 09/17/2021 diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 1c0625e677..c97dbe9c0f 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -3,8 +3,8 @@ title: Policy CSP - FileExplorer description: Use the Policy CSP - FileExplorer setting so you can allow certain legacy plug-in applications to function without terminating Explorer. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 8b0c46251d..5d0fe657bd 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -3,8 +3,8 @@ title: Policy CSP - Games description: Learn to use the Policy CSP - Games setting so that you can specify whether advanced gaming services can be used. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 1051831b08..c5a515ad26 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -3,8 +3,8 @@ title: Policy CSP - Handwriting description: Use the Policy CSP - Handwriting setting to allow an enterprise to configure the default mode for the handwriting panel. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index df389346d7..3b2be09af5 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -3,8 +3,8 @@ title: Policy CSP - InternetExplorer description: Use the Policy CSP - InternetExplorer setting to add a specific list of search providers to the user's default list of search providers. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.localizationpriority: medium ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index d51018a42a..0d7477c988 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -3,8 +3,8 @@ title: Policy CSP - Kerberos description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 76dcd8f06b..f8998a02ca 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -3,8 +3,8 @@ title: Policy CSP - KioskBrowser description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index fd3a136e36..2be1fe754d 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -3,8 +3,8 @@ title: Policy CSP - LanmanWorkstation description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest logons to an SMB server. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 518cd8ad84..6431ce85c6 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -3,8 +3,8 @@ title: Policy CSP - Licensing description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index c14e27b61c..60c34760ac 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -3,8 +3,8 @@ title: Policy CSP - LocalPoliciesSecurityOptions description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.localizationpriority: medium ms.date: 09/29/2021 diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 523f62fb82..76c2ac0a9f 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -3,8 +3,8 @@ title: Policy CSP - LocalUsersAndGroups description: Policy CSP - LocalUsersAndGroups ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/14/2020 diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 3300c86079..4e63e3a667 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -3,8 +3,8 @@ title: Policy CSP - LockDown description: Use the Policy CSP - LockDown setting to allow the user to invoke any system user interface by swiping in from any screen edge using touch. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 5804cac072..eb0909bc17 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -3,8 +3,8 @@ title: Policy CSP - Maps description: Use the Policy CSP - Maps setting to allow the download and update of map data over metered connections. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 76a0d00b63..b4bdbe04ff 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -3,8 +3,8 @@ title: Policy CSP - Messaging description: Enable, and disable, text message back up and restore as well as Messaging Everywhere by using the Policy CSP for messaging. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index d08161c676..c3a496e5af 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -4,8 +4,8 @@ description: Policy CSP - MixedReality ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/12/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 0cbb8cd1b3..0398ed0f7b 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -3,8 +3,8 @@ title: Policy CSP - MSSecurityGuide description: Learn how Policy CSP - MSSecurityGuide, an ADMX-backed policy, requires a special SyncML format to enable or disable. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index 00d3582526..c174f0d022 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -3,8 +3,8 @@ title: Policy CSP - MSSLegacy description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index 1fd89a2f03..94735d8079 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -3,8 +3,8 @@ title: Policy CSP - Multitasking description: Policy CSP - Multitasking ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/30/2020 diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 922e55784c..783b623eb6 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -3,8 +3,8 @@ title: Policy CSP - NetworkIsolation description: Learn how Policy CSP - NetworkIsolation contains a list of Enterprise resource domains hosted in the cloud that need to be protected. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 955af06501..202bd8f2d5 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - NetworkListManager description: The Policy CSP - NetworkListManager setting creates a new MDM policy that allows admins to configure a list of URIs of HTTPS endpoints that are considered secure. ms.author: v-nsatapathy ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: nimishasatapathy ms.localizationpriority: medium ms.date: 7/10/2021 diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 643ef3e681..04ae2fdad8 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -3,8 +3,8 @@ title: Policy CSP - Notifications description: Block applications from using the network to send tile, badge, toast, and raw notifications for Policy CSP - Notifications. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 367d969417..40608a9582 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -3,8 +3,8 @@ title: Policy CSP - Power description: Learn how the Policy CSP - Power setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 3902457217..dd98ee8b66 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -3,8 +3,8 @@ title: Policy CSP - Printers description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 2bd04dd32e..c42fd88b34 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -3,8 +3,8 @@ title: Policy CSP - Privacy description: Learn how the Policy CSP - Privacy setting allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index ae89315829..c77c405c7c 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteAssistance description: Learn how the Policy CSP - RemoteAssistance setting allows you to specify a custom message to display. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index ca8fb82fd6..e8d48691b8 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteDesktopServices description: Learn how the Policy CSP - RemoteDesktopServices setting allows you to configure remote access to computers by using Remote Desktop Services. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 9907ee6993..c21c176ea1 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteManagement description: Learn how the Policy CSP - RemoteManagement setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 97e1b5f232..7e1a2b17b8 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteProcedureCall description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they are making contains authentication information. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 0b5ec4947a..f20b3d40a5 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteShell description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 96c9e4ff03..4ad4d34258 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -3,8 +3,8 @@ title: Policy CSP - RestrictedGroups description: Learn how the Policy CSP - RestrictedGroups setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 04/07/2020 diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 8eb0dbe3ea..c8c759b537 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -3,8 +3,8 @@ title: Policy CSP - Search description: Learn how the Policy CSP - Search setting allows search and Cortana to search cloud sources like OneDrive and SharePoint. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 02/12/2021 diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index dc8d037b70..0d797d3aa8 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -3,8 +3,8 @@ title: Policy CSP - Security description: Learn how the Policy CSP - Security setting can specify whether to allow the runtime configuration agent to install provisioning packages. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index accdd88186..52d8f40a08 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - ServiceControlManager description: Learn how the Policy CSP - ServiceControlManager setting enables process mitigation options on svchost.exe processes. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: Heidilohr ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 908deebcb4..e8a9056514 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -3,8 +3,8 @@ title: Policy CSP - Settings description: Learn how to use the Policy CSP - Settings setting so that you can allow the user to change Auto Play settings. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index e7db6a71e2..968f13ee3d 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -3,8 +3,8 @@ title: Policy CSP - SmartScreen description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 40c0182de2..2901b2e7fa 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -3,8 +3,8 @@ title: Policy CSP - Speech description: Learn how the Policy CSP - Speech setting specifies whether the device will receive updates to the speech recognition and speech synthesis models. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index d4dcbc0b56..e10955c4e8 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -3,8 +3,8 @@ title: Policy CSP - Start description: Use the Policy CSP - Start setting to control the visibility of the Documents shortcut on the Start menu. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index d470d7977b..7e447cca39 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -3,8 +3,8 @@ title: Policy CSP - Storage description: Learn to use the Policy CSP - Storage settings to automatically clean some of the user’s files to free up disk space. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 04cccacbb5..5a1ac4c656 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -3,8 +3,8 @@ title: Policy CSP - System description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 08/26/2021 diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 016911d154..9f69fd9f49 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -3,8 +3,8 @@ title: Policy CSP - SystemServices description: Learn how to use the Policy CSP - SystemServices setting to determine whether the service's start type is Automatic(2), Manual(3), Disabled(4). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 2ad2b1c6d6..05350792d2 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - TaskManager description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index b76c0948ac..33503f668e 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -3,8 +3,8 @@ title: Policy CSP - TaskScheduler description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 77bf576304..b87c6ba25f 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -3,8 +3,8 @@ title: Policy CSP - TextInput description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 9d490b2202..44c93fa4d6 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -3,8 +3,8 @@ title: Policy CSP - TimeLanguageSettings description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/28/2021 diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index 41deff6293..c07ac0034e 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -3,8 +3,8 @@ title: Policy CSP - Troubleshooting description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: MariciaAlforque ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index b5378a0265..f2268b6826 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3,8 +3,8 @@ title: Policy CSP - Update description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 11/03/2020 diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 65fb6facfd..fc2cc3f8c0 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -3,8 +3,8 @@ title: Policy CSP - UserRights description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 77728974a0..9c8862d57d 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -3,8 +3,8 @@ title: Policy CSP - Wifi description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index a5e847a460..558874655b 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsConnectionManager description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 6b2e339e43..c8d97d320f 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsDefenderSecurityCenter description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index f463131d83..7b2ccdad41 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsInkWorkspace description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 94a49ce87c..c24d78a6aa 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsLogon description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index a67752e251..3b87148b96 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsPowerShell description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index f3fd70ab14..11523075ed 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsSandbox description: Policy CSP - WindowsSandbox ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/14/2020 diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 9d941ee024..db9b3db078 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -3,8 +3,8 @@ title: Policy CSP - WirelessDisplay description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index dde8b3089c..492cb2a9cd 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.localizationpriority: medium ms.date: 10/28/2020 diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md index 656e292b4e..9b7fb6c9c3 100644 --- a/windows/client-management/mdm/policymanager-csp.md +++ b/windows/client-management/mdm/policymanager-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/28/2017 --- diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index aad96d1dbf..19a77a2233 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 2a474b9321..3c5650efee 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index 92df20eba2..e5a9558b87 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index e2d40a822a..b3403aa213 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index dd1cfc4c3a..11c8abe4a7 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index 1cf001cffb..25b01da483 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index 3beb6993e3..bf62f0e902 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 05/05/2020 --- diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index 28e198aa1f..2d0db0e927 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 4978cc70e0..678f6bcaf6 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md index 6b6bc9c191..b832111b61 100644 --- a/windows/client-management/mdm/registry-ddf-file.md +++ b/windows/client-management/mdm/registry-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 0dc50af800..9edaac5fed 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index 211fd88e78..f4dc624420 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index 47ee3981e4..a5449b18b7 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md index d740994fc1..523420f496 100644 --- a/windows/client-management/mdm/remotelock-ddf-file.md +++ b/windows/client-management/mdm/remotelock-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index 8125620d66..245d720446 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md index 6ce26f1758..ae6cd812ee 100644 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ b/windows/client-management/mdm/remotering-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 67772b648f..e83d92dc86 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index 36a83bee33..01506c683d 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index c8bc78834a..29b37e7c8f 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index 5b16192077..0aba004b0f 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index ad6dd045e3..4c795f6020 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index c1e940ef69..8e308efdbd 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/06/2018 --- diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index 166dfc0d43..6777dfd188 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/07/2018 --- diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 57f3dfc283..7bc475097e 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index 383470060b..1f0a6e0996 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index 4ffdbad557..1dd7aadaf2 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md index 032469c901..bb85c4cf6a 100644 --- a/windows/client-management/mdm/server-requirements-windows-mdm.md +++ b/windows/client-management/mdm/server-requirements-windows-mdm.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 82731ed689..1f66c6f5b3 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 01/16/2019 --- diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index 61e26ea7a0..f844be5696 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index ea5aad60ca..b1754f157e 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index 17340fbf2d..fa2c0e8e78 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 2b482383bd..40a76e758a 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index e41a8c2374..de33c2021a 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/12/2019 --- diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 1fabc85e07..676807359f 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/03/2020 --- diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index ad67b668bb..5de6503748 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/28/2017 --- diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index d270254f30..c0d213fb5c 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index 3c062277a0..0b227fde7b 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -3,8 +3,8 @@ title: TenantLockdown CSP description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2018 ms.reviewer: diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index b064d57b68..1c82d32070 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -3,8 +3,8 @@ title: TenantLockdown DDF file description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/13/2018 ms.reviewer: diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 93e9c4a508..5eb1286835 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -3,8 +3,8 @@ title: TPMPolicy CSP description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/01/2017 ms.reviewer: diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md index fd463047e0..88b63b1c8f 100644 --- a/windows/client-management/mdm/tpmpolicy-ddf-file.md +++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md @@ -3,8 +3,8 @@ title: TPMPolicy DDF file description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index c6d416f858..d0422786fe 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -3,8 +3,8 @@ title: UEFI CSP description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/02/2018 ms.reviewer: diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md index 1432ef811a..e1504fc76c 100644 --- a/windows/client-management/mdm/uefi-ddf.md +++ b/windows/client-management/mdm/uefi-ddf.md @@ -3,8 +3,8 @@ title: UEFI DDF file description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/02/2018 ms.reviewer: diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index 4550b1717b..d590526ff8 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -3,8 +3,8 @@ title: Understanding ADMX policies description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 00d2b86cd5..cf221f1bbe 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index 2eb8bf1445..0bfe9fe945 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 3ad57bf759..7adde63055 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index 44f580cb4f..714022f5eb 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md index 37ff112671..04c6edb4d2 100644 --- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 42a6882673..41d401cfd1 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 04/02/2017 --- diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index 889a2f8f25..e6d4dadc9b 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 87588a2a0e..84ee2f2ad3 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -6,8 +6,8 @@ ms.reviewer: pesmith manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/21/2021 --- diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index ea97295698..7a458d237c 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: pesmith manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 10/30/2020 --- diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index ee3e5cfb4c..380918d178 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/14/2020 --- diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index e7321b1888..8caeb2ef6c 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 7aaa801796..0251786c1e 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index e867ae66ef..69fa3cba01 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/18/2019 --- diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index 8dff039754..f500e2effe 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/28/2018 --- diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index 2e285342fd..934405414e 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -3,8 +3,8 @@ title: Win32 and Desktop Bridge app ADMX policy Ingestion description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 03/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index c8c22786a1..1a31d2aff8 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index 1f20685d75..9de548701c 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index a3868db287..93c4245eda 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -3,8 +3,8 @@ title: Win32CompatibilityAppraiser CSP description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/19/2018 ms.reviewer: diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index ce4b0b3bf3..d4f1fe692d 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -3,8 +3,8 @@ title: Win32CompatibilityAppraiser DDF file description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/19/2018 ms.reviewer: diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index e5e7511669..bf253d24da 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 4f22b0b48c..c61631d50a 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index 5877c32e22..6abd7b2df8 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index ccd89eb916..5a92ef09c8 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -3,8 +3,8 @@ title: WindowsDefenderApplicationGuard CSP description: Configure the settings in Microsoft Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: dansimp ms.date: 10/11/2021 ms.reviewer: diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index 847d9d69c8..789ed32572 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -3,8 +3,8 @@ title: WindowsDefenderApplicationGuard DDF file description: learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 09/10/2018 ms.reviewer: diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 9c3bf1705a..fc9b76d5fb 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index baa67a10f6..679a8ba69c 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 07/16/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index 56f387cdc1..a7f488c96a 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md index c4710fae63..963a620809 100644 --- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md +++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index ed5591ef9b..77b5add034 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -3,8 +3,8 @@ title: WiredNetwork CSP description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/27/2018 ms.reviewer: diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md index 6ca631d6fe..c44db67ef5 100644 --- a/windows/client-management/mdm/wirednetwork-ddf-file.md +++ b/windows/client-management/mdm/wirednetwork-ddf-file.md @@ -3,8 +3,8 @@ title: WiredNetwork DDF file description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/28/2018 ms.reviewer: diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 2fe71b5e76..464f61bdd7 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: m365-security +ms.technology: windows-sec author: manikadhiman ms.date: 06/26/2017 --- From 8d336e6f54ec41eb00509ad140d85211722201de Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 21 Oct 2021 18:59:53 +0530 Subject: [PATCH 008/335] resolved suggestions and Acrolinx issues --- ...ure-ad-tenant-and-azure-ad-subscription.md | 16 +++--- .../mdm/browserfavorite-csp.md | 8 +-- ...a-structures-windows-store-for-business.md | 1 + .../mdm/diagnosticlog-csp.md | 5 +- ...dded-8-1-handheld-devices-to-windows-10.md | 38 +++++++------- .../mdm/mdm-enrollment-of-windows-devices.md | 50 +++++++++---------- ...ree-azure-active-directory-subscription.md | 4 +- 7 files changed, 63 insertions(+), 59 deletions(-) diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md index d594616006..9f78301001 100644 --- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md +++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md @@ -39,11 +39,11 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to the Office 356 portal at https://portal.office.com/, and then sign in using the admin account that you created in Step 4 (for example, user1@contosoltd.onmicrosoftcom). - ![login to office 365.](images/azure-ad-add-tenant4.png) + ![login to office 365](images/azure-ad-add-tenant4.png) 6. Select **Install software**. - ![login to office 365.](images/azure-ad-add-tenant5.png) + ![login to office 365 portal](images/azure-ad-add-tenant5.png) 7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation. @@ -69,27 +69,27 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent 1. Sign in to the Microsoft 365 admin center at using your organization's account. - ![register azuread.](images/azure-ad-add-tenant10.png) + ![register in azuread.](images/azure-ad-add-tenant10.png) 2. On the **Home** page, select on the Admin tools icon. - ![register azuread.](images/azure-ad-add-tenant11.png) + ![register in azure-ad.](images/azure-ad-add-tenant11.png) 3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information. - ![register azuread.](images/azure-ad-add-tenant12.png) + ![register azuread](images/azure-ad-add-tenant12.png) 4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**. - ![register azuread.](images/azure-ad-add-tenant13.png) + ![registration in azure-ad](images/azure-ad-add-tenant13.png) 5. It may take a few minutes to process the request. - ![register azuread.](images/azure-ad-add-tenant14.png) + ![registration in azuread.](images/azure-ad-add-tenant14.png) 6. You will see a welcome page when the process completes. - ![register azuread.](images/azure-ad-add-tenant15.png) + ![register screen of azuread](images/azure-ad-add-tenant15.png) diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index c35e8759ca..1a723bdeb1 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -78,19 +78,19 @@ The following table shows the Microsoft custom elements that this configuration -

parm-query

+

Parm-query

Yes

-

noparm

+

No parm

Yes

-

nocharacteristic

+

No characteristic

Yes

-

characteristic-query

+

Characteristic-query

Yes

Recursive query: Yes

Top-level query: Yes

diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index e24f4d1db6..dfe61e1400 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -1,5 +1,6 @@ --- title: Data structures for Microsoft Store for Business +description: Learn about the various data structures for Microsoft Store for Business. MS-HAID: - 'p\_phdevicemgmt.business\_store\_data\_structures' - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business' diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 9b59b27cb2..f178c17f64 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -246,7 +246,10 @@ la--- 1/4/2021 2:45 PM 1 la--- 1/4/2021 2:45 PM 2 la--- 12/2/2020 6:27 PM 2701 results.xml ``` -Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was HKLM\Software\Policies then folder `1` will contain the corresponding `export.reg` file. +Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. +For example, the first directive was: + HKLM\Software\Policies + then folder `1` will contain the corresponding `export.reg` file. The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed. diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index 9e21996a3e..b347051679 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -107,15 +107,15 @@ Trigger the device to check for updates either manually or using Microsoft Endpo 1. Remotely trigger a scan of the test device by deploying a Trigger Scan configuration baseline. - ![device scan using Configuration Manager.](images/windowsembedded-update2.png) + ![device scan using Configuration Manager](images/windowsembedded-update2.png) 2. Set the value of this OMA-URI by going to **Configuration Item**, and then selecting the newly created Trigger Scan settings from the previous step. - ![device scan using Configuration Manager.](images/windowsembedded-update3.png) + ![Configuration Manager enabling device scan](images/windowsembedded-update3.png) 3. Ensure that the value that is specified for this URI is greater than the value on the device(s), and that the **Remediate noncompliant rules when supported** option is selected. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value. - ![device scan using Configuration Manager.](images/windowsembedded-update4.png) + ![device scan through Configuration Manager](images/windowsembedded-update4.png) 4. Create a configuration baseline for Trigger Scan and Deploy. We recommend that this configuration baseline be deployed after the Controlled Updates baseline has been applied to the device. (The corresponding files are deployed on the device through a device sync session.) 5. Follow the prompts for downloading the updates, but do not install the updates on the device. @@ -216,11 +216,11 @@ The deployment process has three parts: 1. Create a configuration item. In the **Browse Settings** window, select **Device File** as a filter, and then select **Select**. - ![embedded device update.](images/windowsembedded-update18.png) + ![embedded device update](images/windowsembedded-update18.png) 2. Browse to the DUControlledUpdates.xml that was created from the test device, and then specify the file path and name on the device as `NonPersistent\DUControlledUpdates.xml`. - ![embedded device update.](images/windowsembedded-update19.png) + ![embedded updates of a device](images/windowsembedded-update19.png) 3. Select **Remediate noncompliant settings**, and then select **OK**. @@ -231,7 +231,7 @@ The deployment process has three parts: 1. Create a configuration item and specify the file path and name on the device as `NonPersistent\DUCustomContentURIs.xml` 2. Select **Remediate noncompliant settings**. - ![embedded device update.](images/windowsembedded-update21.png) + ![embedded updates pertaining to a device](images/windowsembedded-update21.png) 3. Select **OK**. @@ -242,11 +242,11 @@ The deployment process has three parts: 1. Create a configuration baseline item and give it a name (such as ControlledUpdates). 2. Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then select **OK**. - ![embedded device update.](images/windowsembedded-update22.png) + ![embedded updates of a specific device](images/windowsembedded-update22.png) 3. Deploy the configuration baseline to the appropriate device or device collection. - ![embedded device update.](images/windowsembedded-update23.png) + ![embedded updates regarding a specific device](images/windowsembedded-update23.png) 4. Select **OK**. @@ -472,14 +472,14 @@ Use this procedure for pre-GDR1 devices: 2. In Microsoft Endpoint Configuration Manager, under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Items**. 3. Select **Create Configuration Item**. - ![device update using Configuration Manager.](images/windowsembedded-update5.png) + ![device update using Configuration Manager](images/windowsembedded-update5.png) 4. Enter a filename (such as GetDUReport), and then select **Mobile Device**. 5. On the **Mobile Device Settings** page, select **Configure Additional Settings that are not in the default settings group**, and then select **Next**. - ![device update using Configuration Manager.](images/windowsembedded-update6.png) + ![device update through Configuration Manager](images/windowsembedded-update6.png) 6. On the **Additional Settings** page, select **Add**. - ![device update using Configuration Manager.](images/windowsembedded-update7.png) + ![device update with help of Configuration Manager](images/windowsembedded-update7.png) 7. On the **Browse Settings** page, select **Create Setting**. ![device update.](images/windowsembedded-update8.png) @@ -490,39 +490,39 @@ Use this procedure for pre-GDR1 devices: 10. On the **Browse Settings** page, select **Close**. 11. On the **Create Configuration Item Wizard** page, select **All Windows Embedded 8.1 Handheld** as the supported platform, and then select **Next**. - ![embedded device update.](images/windowsembedded-update10.png) + ![device update embedded](images/windowsembedded-update10.png) 12. Close the **Create Configuration Item Wizard** page. 13. Right-click on the newly create configuration item, and then select the **Compliance Rules** tab. 14. Select the new created mobile device setting (such as DUReport), and then select **Select**. 15. Enter a dummy value (such as zzz) that is different from the one on the device. - ![embedded device update.](images/windowsembedded-update11.png) + ![device update which is embedded](images/windowsembedded-update11.png) 16. Disable remediation by deselecting the **Remediate noncompliant rules when supported** option. 17. Select **OK** to close the **Edit Rule** page. 18. Create a new configuration baseline. Under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Baselines**. 19. Select **Create Configuration Item**. - ![embedded device update.](images/windowsembedded-update12.png) + ![device update that is embedded](images/windowsembedded-update12.png) 20. Enter a baseline name (such as RetrieveDUReport). 21. Add the configuration item that you just created. Select **Add**, and then select the configuration item that you just created (such as DUReport). - ![embedded device update.](images/windowsembedded-update13.png) + ![device update - embedded](images/windowsembedded-update13.png) 22. Select **OK**, and then select **OK** again to complete the configuration baseline. 23. Deploy the newly created configuration baseline to the appropriate device collection. Right-click on the configuration baseline that you created, and then select **Deploy**. - ![embedded device update.](images/windowsembedded-update14.png) + ![embedded updates of a device](images/windowsembedded-update14.png) 24. Select **Remediate noncompliant rules when supported**. 25. Select the appropriate device collection and define the schedule. - ![device update.](images/windowsembedded-update15.png) + ![A device's update](images/windowsembedded-update15.png) 26. To view the DUReport content, select the appropriate deployment for the configuration baseline that you created. Right-click on the deployment, and then select **View Status**. 27. Select **Run Summarization**, and then select **Refresh**. The test device(s) should be listed on the **Non-Compliant** tab. 28. Under **Asset Details**, right-click on the test device, and then select **Mode Details**. - ![device update.](images/windowsembedded-update16.png) + ![device's update](images/windowsembedded-update16.png) 29. On the **Non-compliant** tab, you can see the DUReport, but you cannot retrieve the content from here. - ![device update.](images/windowsembedded-update17.png) + ![update specific to a device](images/windowsembedded-update17.png) 30. To retrieve the DUReport, open C:\\Program Files\\SMS\_CCM\\SMS\_DM.log. 31. In the log file, search from the bottom for "./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml" RuleExression="Equals zzz," where zzz is the dummy value. Just above this, copy the information for UpdateData and use this information to create the DUControlledUpdates.xml. diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 980a229311..32c30f58a8 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -40,11 +40,11 @@ Joining your device to an Active Directory domain during the out-of-box-experien 1. On the **Who Owns this PC?** page, select **My work or school owns it**. - ![oobe local account creation.](images/unifiedenrollment-rs1-2.png) + ![oobe creation of a local account](images/unifiedenrollment-rs1-2.png) 2. Next, select **Join a domain**. - ![select domain or azure ad.](images/unifiedenrollment-rs1-3.png) + ![select domain or azure-ad](images/unifiedenrollment-rs1-3.png) 3. You'll see a prompt to set up a local account on the device. Enter your local account details, and then select **Next** to continue. @@ -56,19 +56,19 @@ To create a local account and connect the device: 1. Launch the Settings app. - ![windows settings page.](images/unifiedenrollment-rs1-5.png) + ![windows settings screen](images/unifiedenrollment-rs1-5.png) 2. Next, select **Accounts**. - ![windows settings accounts select.](images/unifiedenrollment-rs1-6.png) + ![windows settings accounts chosen](images/unifiedenrollment-rs1-6.png) 3. Navigate to **Access work or school**. - ![select access work or school.](images/unifiedenrollment-rs1-7.png) + ![choose access work or school](images/unifiedenrollment-rs1-7.png) 4. Select **Connect**. - ![connect to work or school.](images/unifiedenrollment-rs1-8.png) + ![connect to work or to school](images/unifiedenrollment-rs1-8.png) 5. Under **Alternate actions**, select **Join this device to a local Active Directory domain**. @@ -101,11 +101,11 @@ To join a domain: 1. Select **My work or school owns it**, then select **Next.** - ![oobe local account creation.](images/unifiedenrollment-rs1-11.png) + ![oobe - local account creation](images/unifiedenrollment-rs1-11.png) 2. Select **Join Azure AD**, and then select **Next.** - ![select domain or azure ad.](images/unifiedenrollment-rs1-12.png) + ![choose the domain or azure ad](images/unifiedenrollment-rs1-12.png) 3. Type in your Azure AD username. This is the email address you use to log into Microsoft Office 365 and similar services. @@ -121,23 +121,23 @@ To create a local account and connect the device: 1. Launch the Settings app. - ![windows settings page.](images/unifiedenrollment-rs1-14.png) + ![screen displaying windows settings](images/unifiedenrollment-rs1-14.png) 2. Next, navigate to **Accounts**. - ![windows settings accounts select.](images/unifiedenrollment-rs1-15.png) + ![choose windows settings accounts](images/unifiedenrollment-rs1-15.png) 3. Navigate to **Access work or school**. - ![select access work or school.](images/unifiedenrollment-rs1-16.png) + ![choose option of access work or school](images/unifiedenrollment-rs1-16.png) 4. Select **Connect**. - ![connect to work or school.](images/unifiedenrollment-rs1-17.png) + ![Option of connect to work or school](images/unifiedenrollment-rs1-17.png) 5. Under **Alternate Actions**, selct **Join this device to Azure Active Directory**. - ![join work or school account to azure ad.](images/unifiedenrollment-rs1-18.png) + ![option to join work or school account to azure ad](images/unifiedenrollment-rs1-18.png) 6. Type in your Azure AD username. This is the email address you use to log into Office 365 and similar services. @@ -151,7 +151,7 @@ To create a local account and connect the device: After you reach the end of the flow, your device should be connected to your organization’s Azure AD domain. You may now log out of your current account and sign in using your Azure AD username. - ![corporate sign in.](images/unifiedenrollment-rs1-20.png) + ![corporate sign in screen](images/unifiedenrollment-rs1-20.png) ### Help with connecting to an Azure AD domain @@ -183,19 +183,19 @@ To create a local account and connect the device: 1. Launch the Settings app, and then select **Accounts** >**Start** > **Settings** > **Accounts**. - ![windows settings page.](images/unifiedenrollment-rs1-21-b.png) + ![screen of windows settings](images/unifiedenrollment-rs1-21-b.png) 2. Navigate to **Access work or school**. - ![select access work or school.](images/unifiedenrollment-rs1-23-b.png) + ![user's option of access work or school](images/unifiedenrollment-rs1-23-b.png) 3. Select **Connect**. - ![connect to work or school.](images/unifiedenrollment-rs1-24-b.png) + ![connect button to access the option of work or school.](images/unifiedenrollment-rs1-24-b.png) 4. Type in your Azure AD username. This is the email address you use to log into Office 365 and similar services. - ![join work or school account to azure ad.](images/unifiedenrollment-rs1-25-b.png) + ![sync work or school account to azure ad.](images/unifiedenrollment-rs1-25-b.png) 5. If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and can enter your password directly into the page. If the tenant is part of a federated domain, you are redirected to the organization's on-premises federation server, such as AD FS, for authentication. @@ -205,7 +205,7 @@ To create a local account and connect the device: Starting in Windows 10, version 1709, you will see the status page that shows the progress of your device being set up. - ![corporate sign in.](images/unifiedenrollment-rs1-26.png) + ![corporate sign in - screen and option](images/unifiedenrollment-rs1-26.png) 6. After you complete the flow, your Microsoft account will be connected to your work or school account. @@ -221,7 +221,7 @@ To create a local account and connect the device: 1. Launch the Settings app. - ![windows settings page.](images/unifiedenrollment-rs1-28.png) + ![screen that displays windows settings](images/unifiedenrollment-rs1-28.png) 2. Next, navigate to **Accounts**. @@ -233,17 +233,17 @@ To create a local account and connect the device: 4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link). - ![connect to work or school.](images/unifiedenrollment-rs1-31.png) + ![connect to work or school screen](images/unifiedenrollment-rs1-31.png) 5. Type in your work email address. - ![set up work or school account.](images/unifiedenrollment-rs1-32.png) + ![set up work or school account screen](images/unifiedenrollment-rs1-32.png) 6. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. Starting in Windows 10, version 1709, you will see the enrollment progress on screen. - ![corporate sign in.](images/unifiedenrollment-rs1-33-b.png) + ![screen to set up your device](images/unifiedenrollment-rs1-33-b.png) After you complete the flow, your device will be connected to your organization’s MDM. @@ -308,13 +308,13 @@ To connect your devices to MDM using deep links: Type in your work email address. - ![set up work or school account.](images/deeplinkenrollment3.png) + ![set up a work or school account screen](images/deeplinkenrollment3.png) 3. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. After you complete the flow, your device will be connected to your organization's MDM. - ![corporate sign in.](images/deeplinkenrollment4.png) + ![corporate sign-in screen](images/deeplinkenrollment4.png) ## Manage connections diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index 2d0db0e927..0e30b811fd 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -23,11 +23,11 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent 1. Sign in to the Microsoft 365 admin center at using your organization's account. - ![register azuread.](images/azure-ad-add-tenant10.png) + ![screen to register azure-ad](images/azure-ad-add-tenant10.png) 2. On the **Home** page, click on the Admin tools icon. - ![register azuread.](images/azure-ad-add-tenant11.png) + ![screen for registering azure-ad](images/azure-ad-add-tenant11.png) 3. On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. This will take you to the Azure Active Directory portal. From 6e829897a9302914fa9b92da67dab17361d4870d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 22 Oct 2021 11:30:25 +0530 Subject: [PATCH 009/335] resolved issues --- .../mdm/data-structures-windows-store-for-business.md | 1 - windows/client-management/mdm/diagnosticlog-csp.md | 3 +-- ...for-windows-embedded-8-1-handheld-devices-to-windows-10.md | 4 ++-- .../credential-guard/credential-guard-manage.md | 2 +- .../security/identity-protection/password-support-policy.md | 2 +- .../bitlocker/troubleshoot-bitlocker.md | 2 +- .../bitlocker/ts-bitlocker-cannot-encrypt-issues.md | 2 +- .../bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md | 2 +- .../bitlocker/ts-bitlocker-config-issues.md | 2 +- .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md | 2 +- .../bitlocker/ts-bitlocker-intune-issues.md | 2 +- .../bitlocker/ts-bitlocker-network-unlock-issues.md | 2 +- .../bitlocker/ts-bitlocker-recovery-issues.md | 2 +- .../bitlocker/ts-bitlocker-tpm-issues.md | 2 +- 14 files changed, 14 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index dfe61e1400..a1c3221952 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -7,7 +7,6 @@ MS-HAID: ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B ms.reviewer: manager: dansimp -description: ms.author: dansimp ms.topic: article ms.prod: m365-security diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index f178c17f64..ef0c719086 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -247,8 +247,7 @@ la--- 1/4/2021 2:45 PM 2 la--- 12/2/2020 6:27 PM 2701 results.xml ``` Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. -For example, the first directive was: - HKLM\Software\Policies +For example, the first directive was:HKLM\Software\Policies then folder `1` will contain the corresponding `export.reg` file. The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed. diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index b347051679..6b189b1bd5 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -220,7 +220,7 @@ The deployment process has three parts: 2. Browse to the DUControlledUpdates.xml that was created from the test device, and then specify the file path and name on the device as `NonPersistent\DUControlledUpdates.xml`. - ![embedded updates of a device](images/windowsembedded-update19.png) + ![embedded updates related to a specific device](images/windowsembedded-update19.png) 3. Select **Remediate noncompliant settings**, and then select **OK**. @@ -510,7 +510,7 @@ Use this procedure for pre-GDR1 devices: 22. Select **OK**, and then select **OK** again to complete the configuration baseline. 23. Deploy the newly created configuration baseline to the appropriate device collection. Right-click on the configuration baseline that you created, and then select **Deploy**. - ![embedded updates of a device](images/windowsembedded-update14.png) + ![embedded updates related to a device](images/windowsembedded-update14.png) 24. Select **Remediate noncompliant rules when supported**. 25. Select the appropriate device collection and define the schedule. diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 20437d1219..5373efef4b 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: dansimp -ms.author: v-tea +ms.author: v-tappelgate manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md index 45d54643a7..88d73b87aa 100644 --- a/windows/security/identity-protection/password-support-policy.md +++ b/windows/security/identity-protection/password-support-policy.md @@ -6,7 +6,7 @@ manager: kaushika ms.custom: - CI ID 110060 - CSSTroubleshoot -ms.author: v-tea +ms.author: v-tappelgate ms.prod: m365-security ms.sitesec: library ms.pagetype: security diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index fdb74da056..89bcd638f5 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index f5e25880c6..975f5a78cf 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index d8bb7f6c91..bf8bc4bec3 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md index 57b7fbf0f7..8694e1f531 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index f066def4da..101da7a83b 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index a10219b03c..a62d3a6a2d 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md index 19bbdce535..f5f495064d 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index 11cd49e917..f1b8b6dc2b 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 898f3dcfbe..680cbb7c42 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -7,7 +7,7 @@ ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium author: Teresa-Motiv -ms.author: v-tea +ms.author: v-tappelgate manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker From 09cad8c3f4e9d417145ea3a944aa5bb3602163dd Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 22 Oct 2021 11:34:38 +0530 Subject: [PATCH 010/335] Update diagnosticlog-csp.md --- windows/client-management/mdm/diagnosticlog-csp.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index ef0c719086..4be05d3fad 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -247,8 +247,14 @@ la--- 1/4/2021 2:45 PM 2 la--- 12/2/2020 6:27 PM 2701 results.xml ``` Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. -For example, the first directive was:HKLM\Software\Policies - then folder `1` will contain the corresponding `export.reg` file. +For example, the first directive was: + +```xml + + HKLM\Software\Policies + +``` +then folder `1` will contain the corresponding `export.reg` file. The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed. From 519c41a228877cc226b3f9c33976d0bab6d93574 Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Mon, 25 Oct 2021 10:57:12 -0700 Subject: [PATCH 011/335] author update --- windows/client-management/mdm/applicationcontrol-csp-ddf.md | 2 +- windows/client-management/mdm/applicationcontrol-csp.md | 2 +- .../mdm/change-history-for-mdm-documentation.md | 2 +- windows/client-management/mdm/cleanpc-csp.md | 2 +- windows/client-management/mdm/cleanpc-ddf.md | 2 +- windows/client-management/mdm/clientcertificateinstall-csp.md | 2 +- .../client-management/mdm/clientcertificateinstall-ddf-file.md | 2 +- windows/client-management/mdm/cm-cellularentries-csp.md | 2 +- windows/client-management/mdm/cm-proxyentries-csp.md | 2 +- windows/client-management/mdm/cmpolicy-csp.md | 2 +- windows/client-management/mdm/cmpolicyenterprise-csp.md | 2 +- windows/client-management/mdm/cmpolicyenterprise-ddf-file.md | 2 +- .../mdm/configuration-service-provider-reference.md | 2 +- windows/client-management/mdm/customdeviceui-csp.md | 2 +- windows/client-management/mdm/customdeviceui-ddf.md | 2 +- .../mdm/data-structures-windows-store-for-business.md | 2 +- windows/client-management/mdm/defender-ddf.md | 2 +- windows/client-management/mdm/devdetail-csp.md | 2 +- windows/client-management/mdm/devdetail-ddf-file.md | 2 +- windows/client-management/mdm/developersetup-csp.md | 2 +- windows/client-management/mdm/developersetup-ddf.md | 2 +- windows/client-management/mdm/device-update-management.md | 2 +- windows/client-management/mdm/deviceinstanceservice-csp.md | 2 +- windows/client-management/mdm/devicelock-csp.md | 2 +- windows/client-management/mdm/devicelock-ddf-file.md | 2 +- windows/client-management/mdm/devicemanageability-csp.md | 2 +- windows/client-management/mdm/devicemanageability-ddf.md | 2 +- windows/client-management/mdm/devicestatus-csp.md | 2 +- windows/client-management/mdm/devicestatus-ddf.md | 2 +- windows/client-management/mdm/devinfo-csp.md | 2 +- windows/client-management/mdm/devinfo-ddf-file.md | 2 +- .../mdm/diagnose-mdm-failures-in-windows-10.md | 2 +- windows/client-management/mdm/diagnosticlog-csp.md | 2 +- windows/client-management/mdm/diagnosticlog-ddf.md | 2 +- .../mdm/disconnecting-from-mdm-unenrollment.md | 2 +- windows/client-management/mdm/dmacc-csp.md | 2 +- windows/client-management/mdm/dmacc-ddf-file.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 2 +- windows/client-management/mdm/dmclient-ddf-file.md | 2 +- windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 2 +- windows/client-management/mdm/dmsessionactions-csp.md | 2 +- windows/client-management/mdm/dmsessionactions-ddf.md | 2 +- windows/client-management/mdm/dynamicmanagement-csp.md | 2 +- windows/client-management/mdm/dynamicmanagement-ddf.md | 2 +- windows/client-management/mdm/eap-configuration.md | 2 +- windows/client-management/mdm/email2-csp.md | 2 +- windows/client-management/mdm/email2-ddf-file.md | 2 +- .../client-management/mdm/enable-admx-backed-policies-in-mdm.md | 2 +- ...s-for-windows-embedded-8-1-handheld-devices-to-windows-10.md | 2 +- .../client-management/mdm/enrollmentstatustracking-csp-ddf.md | 2 +- windows/client-management/mdm/enrollmentstatustracking-csp.md | 2 +- windows/client-management/mdm/enterpriseapn-csp.md | 2 +- windows/client-management/mdm/enterpriseapn-ddf.md | 2 +- windows/client-management/mdm/enterpriseappmanagement-csp.md | 2 +- windows/client-management/mdm/enterpriseappvmanagement-csp.md | 2 +- windows/client-management/mdm/enterpriseappvmanagement-ddf.md | 2 +- windows/client-management/mdm/enterpriseassignedaccess-csp.md | 2 +- windows/client-management/mdm/enterpriseassignedaccess-ddf.md | 2 +- windows/client-management/mdm/enterpriseassignedaccess-xsd.md | 2 +- windows/client-management/mdm/enterprisedataprotection-csp.md | 2 +- .../client-management/mdm/enterprisedataprotection-ddf-file.md | 2 +- .../client-management/mdm/enterprisedesktopappmanagement-csp.md | 2 +- .../mdm/enterprisedesktopappmanagement-ddf-file.md | 2 +- .../mdm/enterprisedesktopappmanagement2-xsd.md | 2 +- windows/client-management/mdm/enterpriseext-csp.md | 2 +- windows/client-management/mdm/enterpriseext-ddf.md | 2 +- windows/client-management/mdm/enterpriseextfilessystem-csp.md | 2 +- windows/client-management/mdm/enterpriseextfilesystem-ddf.md | 2 +- .../client-management/mdm/enterprisemodernappmanagement-csp.md | 2 +- .../client-management/mdm/enterprisemodernappmanagement-ddf.md | 2 +- .../client-management/mdm/enterprisemodernappmanagement-xsd.md | 2 +- windows/client-management/mdm/euiccs-csp.md | 2 +- windows/client-management/mdm/euiccs-ddf-file.md | 2 +- .../mdm/federated-authentication-device-enrollment.md | 2 +- windows/client-management/mdm/filesystem-csp.md | 2 +- windows/client-management/mdm/firewall-csp.md | 2 +- windows/client-management/mdm/firewall-ddf-file.md | 2 +- windows/client-management/mdm/get-inventory.md | 2 +- windows/client-management/mdm/get-localized-product-details.md | 2 +- windows/client-management/mdm/get-offline-license.md | 2 +- windows/client-management/mdm/get-product-details.md | 2 +- windows/client-management/mdm/get-product-package.md | 2 +- windows/client-management/mdm/get-product-packages.md | 2 +- windows/client-management/mdm/get-seat.md | 2 +- windows/client-management/mdm/get-seats-assigned-to-a-user.md | 2 +- windows/client-management/mdm/get-seats.md | 2 +- windows/client-management/mdm/healthattestation-ddf.md | 2 +- windows/client-management/mdm/hotspot-csp.md | 2 +- .../mdm/management-tool-for-windows-store-for-business.md | 2 +- windows/client-management/mdm/maps-csp.md | 2 +- windows/client-management/mdm/maps-ddf-file.md | 2 +- windows/client-management/mdm/messaging-csp.md | 2 +- windows/client-management/mdm/messaging-ddf.md | 2 +- windows/client-management/mdm/mobile-device-enrollment.md | 2 +- windows/client-management/mdm/multisim-csp.md | 2 +- windows/client-management/mdm/multisim-ddf.md | 2 +- windows/client-management/mdm/nap-csp.md | 2 +- windows/client-management/mdm/napdef-csp.md | 2 +- windows/client-management/mdm/networkproxy-csp.md | 2 +- windows/client-management/mdm/networkproxy-ddf.md | 2 +- windows/client-management/mdm/networkqospolicy-csp.md | 2 +- windows/client-management/mdm/networkqospolicy-ddf.md | 2 +- .../mdm/new-in-windows-mdm-enrollment-management.md | 2 +- windows/client-management/mdm/nodecache-csp.md | 2 +- windows/client-management/mdm/nodecache-ddf-file.md | 2 +- windows/client-management/mdm/office-csp.md | 2 +- windows/client-management/mdm/office-ddf.md | 2 +- windows/client-management/mdm/oma-dm-protocol-support.md | 2 +- .../mdm/on-premise-authentication-device-enrollment.md | 2 +- windows/client-management/mdm/passportforwork-csp.md | 2 +- windows/client-management/mdm/passportforwork-ddf.md | 2 +- windows/client-management/mdm/personalization-csp.md | 2 +- windows/client-management/mdm/personalization-ddf.md | 2 +- .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +- .../mdm/policies-in-policy-csp-supported-by-group-policy.md | 2 +- ...policy-csp-supported-by-hololens-1st-gen-commercial-suite.md | 2 +- ...icy-csp-supported-by-hololens-1st-gen-development-edition.md | 2 +- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 +- .../mdm/policies-in-policy-csp-supported-by-iot-core.md | 2 +- .../mdm/policies-in-policy-csp-supported-by-surface-hub.md | 2 +- .../mdm/policies-in-policy-csp-that-can-be-set-using-eas.md | 2 +- .../mdm/policy-configuration-service-provider.md | 2 +- windows/client-management/mdm/policy-csp-abovelock.md | 2 +- windows/client-management/mdm/policy-csp-accounts.md | 2 +- windows/client-management/mdm/policy-csp-activexcontrols.md | 2 +- .../mdm/policy-csp-admx-activexinstallservice.md | 2 +- .../client-management/mdm/policy-csp-admx-addremoveprograms.md | 2 +- windows/client-management/mdm/policy-csp-admx-admpwd.md | 2 +- windows/client-management/mdm/policy-csp-admx-appcompat.md | 2 +- .../client-management/mdm/policy-csp-admx-appxpackagemanager.md | 2 +- windows/client-management/mdm/policy-csp-admx-appxruntime.md | 2 +- .../client-management/mdm/policy-csp-admx-attachmentmanager.md | 2 +- windows/client-management/mdm/policy-csp-admx-auditsettings.md | 2 +- windows/client-management/mdm/policy-csp-admx-bits.md | 2 +- .../client-management/mdm/policy-csp-admx-ciphersuiteorder.md | 2 +- windows/client-management/mdm/policy-csp-admx-com.md | 2 +- windows/client-management/mdm/policy-csp-admx-controlpanel.md | 2 +- .../mdm/policy-csp-admx-controlpaneldisplay.md | 2 +- windows/client-management/mdm/policy-csp-admx-cpls.md | 2 +- .../mdm/policy-csp-admx-credentialproviders.md | 2 +- windows/client-management/mdm/policy-csp-admx-credssp.md | 2 +- windows/client-management/mdm/policy-csp-admx-credui.md | 2 +- windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md | 2 +- windows/client-management/mdm/policy-csp-admx-datacollection.md | 2 +- windows/client-management/mdm/policy-csp-admx-desktop.md | 2 +- windows/client-management/mdm/policy-csp-admx-deviceguard.md | 2 +- .../client-management/mdm/policy-csp-admx-deviceinstallation.md | 2 +- windows/client-management/mdm/policy-csp-admx-devicesetup.md | 2 +- windows/client-management/mdm/policy-csp-admx-digitallocker.md | 2 +- windows/client-management/mdm/policy-csp-admx-disknvcache.md | 2 +- windows/client-management/mdm/policy-csp-admx-diskquota.md | 2 +- .../mdm/policy-csp-admx-distributedlinktracking.md | 2 +- windows/client-management/mdm/policy-csp-admx-dnsclient.md | 2 +- windows/client-management/mdm/policy-csp-admx-dwm.md | 2 +- windows/client-management/mdm/policy-csp-admx-eaime.md | 2 +- .../client-management/mdm/policy-csp-admx-encryptfilesonmove.md | 2 +- .../client-management/mdm/policy-csp-admx-enhancedstorage.md | 2 +- windows/client-management/mdm/policy-csp-admx-errorreporting.md | 2 +- .../client-management/mdm/policy-csp-admx-eventforwarding.md | 2 +- windows/client-management/mdm/policy-csp-admx-eventlog.md | 2 +- windows/client-management/mdm/policy-csp-admx-explorer.md | 2 +- windows/client-management/mdm/policy-csp-admx-filerecovery.md | 2 +- .../mdm/policy-csp-admx-fileservervssprovider.md | 2 +- windows/client-management/mdm/policy-csp-admx-filesys.md | 2 +- .../client-management/mdm/policy-csp-admx-folderredirection.md | 2 +- windows/client-management/mdm/policy-csp-admx-globalization.md | 2 +- windows/client-management/mdm/policy-csp-admx-grouppolicy.md | 2 +- windows/client-management/mdm/policy-csp-admx-help.md | 2 +- windows/client-management/mdm/policy-csp-admx-helpandsupport.md | 2 +- windows/client-management/mdm/policy-csp-admx-icm.md | 2 +- windows/client-management/mdm/policy-csp-admx-iscsi.md | 2 +- windows/client-management/mdm/policy-csp-admx-kdc.md | 2 +- windows/client-management/mdm/policy-csp-admx-kerberos.md | 2 +- windows/client-management/mdm/policy-csp-admx-lanmanserver.md | 2 +- .../client-management/mdm/policy-csp-admx-lanmanworkstation.md | 2 +- .../mdm/policy-csp-admx-linklayertopologydiscovery.md | 2 +- windows/client-management/mdm/policy-csp-admx-logon.md | 2 +- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 2 +- windows/client-management/mdm/policy-csp-admx-mmc.md | 2 +- windows/client-management/mdm/policy-csp-admx-mmcsnapins.md | 2 +- windows/client-management/mdm/policy-csp-admx-msapolicy.md | 2 +- windows/client-management/mdm/policy-csp-admx-msched.md | 2 +- windows/client-management/mdm/policy-csp-admx-msdt.md | 2 +- windows/client-management/mdm/policy-csp-admx-msi.md | 2 +- windows/client-management/mdm/policy-csp-admx-nca.md | 2 +- windows/client-management/mdm/policy-csp-admx-ncsi.md | 2 +- windows/client-management/mdm/policy-csp-admx-netlogon.md | 2 +- .../client-management/mdm/policy-csp-admx-networkconnections.md | 2 +- windows/client-management/mdm/policy-csp-admx-offlinefiles.md | 2 +- .../client-management/mdm/policy-csp-admx-peertopeercaching.md | 2 +- windows/client-management/mdm/policy-csp-admx-pentraining.md | 2 +- .../mdm/policy-csp-admx-performancediagnostics.md | 2 +- windows/client-management/mdm/policy-csp-admx-power.md | 2 +- .../mdm/policy-csp-admx-powershellexecutionpolicy.md | 2 +- .../client-management/mdm/policy-csp-admx-previousversions.md | 2 +- windows/client-management/mdm/policy-csp-admx-printing.md | 2 +- windows/client-management/mdm/policy-csp-admx-printing2.md | 2 +- windows/client-management/mdm/policy-csp-admx-programs.md | 2 +- windows/client-management/mdm/policy-csp-admx-pushtoinstall.md | 2 +- windows/client-management/mdm/policy-csp-admx-radar.md | 2 +- windows/client-management/mdm/policy-csp-admx-reliability.md | 2 +- .../client-management/mdm/policy-csp-admx-remoteassistance.md | 2 +- .../client-management/mdm/policy-csp-admx-removablestorage.md | 2 +- windows/client-management/mdm/policy-csp-admx-rpc.md | 2 +- windows/client-management/mdm/policy-csp-admx-scripts.md | 2 +- windows/client-management/mdm/policy-csp-admx-sdiageng.md | 2 +- windows/client-management/mdm/policy-csp-admx-sdiagschd.md | 2 +- windows/client-management/mdm/policy-csp-admx-securitycenter.md | 2 +- windows/client-management/mdm/policy-csp-admx-sensors.md | 2 +- windows/client-management/mdm/policy-csp-admx-servermanager.md | 2 +- windows/client-management/mdm/policy-csp-admx-servicing.md | 2 +- windows/client-management/mdm/policy-csp-admx-settingsync.md | 2 +- windows/client-management/mdm/policy-csp-admx-sharedfolders.md | 2 +- windows/client-management/mdm/policy-csp-admx-sharing.md | 2 +- .../mdm/policy-csp-admx-shellcommandpromptregedittools.md | 2 +- windows/client-management/mdm/policy-csp-admx-smartcard.md | 2 +- windows/client-management/mdm/policy-csp-admx-snmp.md | 2 +- windows/client-management/mdm/policy-csp-admx-soundrec.md | 2 +- windows/client-management/mdm/policy-csp-admx-srmfci.md | 2 +- windows/client-management/mdm/policy-csp-admx-startmenu.md | 2 +- windows/client-management/mdm/policy-csp-admx-systemrestore.md | 2 +- windows/client-management/mdm/policy-csp-admx-tabletshell.md | 2 +- windows/client-management/mdm/policy-csp-admx-taskbar.md | 2 +- windows/client-management/mdm/policy-csp-admx-tcpip.md | 2 +- windows/client-management/mdm/policy-csp-admx-terminalserver.md | 2 +- windows/client-management/mdm/policy-csp-admx-thumbnails.md | 2 +- windows/client-management/mdm/policy-csp-admx-touchinput.md | 2 +- windows/client-management/mdm/policy-csp-admx-tpm.md | 2 +- .../mdm/policy-csp-admx-userexperiencevirtualization.md | 2 +- windows/client-management/mdm/policy-csp-admx-userprofiles.md | 2 +- windows/client-management/mdm/policy-csp-admx-w32time.md | 2 +- windows/client-management/mdm/policy-csp-admx-wcm.md | 2 +- windows/client-management/mdm/policy-csp-admx-wdi.md | 2 +- windows/client-management/mdm/policy-csp-admx-wincal.md | 2 +- .../client-management/mdm/policy-csp-admx-windowscolorsystem.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsconnectnow.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsexplorer.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsmediadrm.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsmediaplayer.md | 2 +- .../mdm/policy-csp-admx-windowsremotemanagement.md | 2 +- windows/client-management/mdm/policy-csp-admx-windowsstore.md | 2 +- windows/client-management/mdm/policy-csp-admx-wininit.md | 2 +- windows/client-management/mdm/policy-csp-admx-winlogon.md | 2 +- windows/client-management/mdm/policy-csp-admx-winsrv.md | 2 +- windows/client-management/mdm/policy-csp-admx-wlansvc.md | 2 +- windows/client-management/mdm/policy-csp-admx-wpn.md | 2 +- windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 +- .../client-management/mdm/policy-csp-applicationmanagement.md | 2 +- windows/client-management/mdm/policy-csp-appruntime.md | 2 +- windows/client-management/mdm/policy-csp-appvirtualization.md | 2 +- windows/client-management/mdm/policy-csp-attachmentmanager.md | 2 +- windows/client-management/mdm/policy-csp-audit.md | 2 +- windows/client-management/mdm/policy-csp-authentication.md | 2 +- windows/client-management/mdm/policy-csp-autoplay.md | 2 +- windows/client-management/mdm/policy-csp-bitlocker.md | 2 +- windows/client-management/mdm/policy-csp-bits.md | 2 +- windows/client-management/mdm/policy-csp-bluetooth.md | 2 +- windows/client-management/mdm/policy-csp-camera.md | 2 +- windows/client-management/mdm/policy-csp-cellular.md | 2 +- windows/client-management/mdm/policy-csp-connectivity.md | 2 +- windows/client-management/mdm/policy-csp-credentialproviders.md | 2 +- .../client-management/mdm/policy-csp-credentialsdelegation.md | 2 +- windows/client-management/mdm/policy-csp-credentialsui.md | 2 +- windows/client-management/mdm/policy-csp-cryptography.md | 2 +- windows/client-management/mdm/policy-csp-dataprotection.md | 2 +- windows/client-management/mdm/policy-csp-datausage.md | 2 +- windows/client-management/mdm/policy-csp-defender.md | 2 +- .../client-management/mdm/policy-csp-deliveryoptimization.md | 2 +- windows/client-management/mdm/policy-csp-desktop.md | 2 +- windows/client-management/mdm/policy-csp-deviceguard.md | 2 +- .../client-management/mdm/policy-csp-devicehealthmonitoring.md | 2 +- windows/client-management/mdm/policy-csp-deviceinstallation.md | 2 +- windows/client-management/mdm/policy-csp-devicelock.md | 2 +- windows/client-management/mdm/policy-csp-display.md | 2 +- windows/client-management/mdm/policy-csp-dmaguard.md | 2 +- windows/client-management/mdm/policy-csp-education.md | 2 +- .../client-management/mdm/policy-csp-enterprisecloudprint.md | 2 +- windows/client-management/mdm/policy-csp-errorreporting.md | 2 +- windows/client-management/mdm/policy-csp-eventlogservice.md | 2 +- windows/client-management/mdm/policy-csp-experience.md | 2 +- windows/client-management/mdm/policy-csp-exploitguard.md | 2 +- windows/client-management/mdm/policy-csp-fileexplorer.md | 2 +- windows/client-management/mdm/policy-csp-games.md | 2 +- windows/client-management/mdm/policy-csp-handwriting.md | 2 +- windows/client-management/mdm/policy-csp-kerberos.md | 2 +- windows/client-management/mdm/policy-csp-kioskbrowser.md | 2 +- windows/client-management/mdm/policy-csp-lanmanworkstation.md | 2 +- windows/client-management/mdm/policy-csp-licensing.md | 2 +- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- windows/client-management/mdm/policy-csp-lockdown.md | 2 +- windows/client-management/mdm/policy-csp-maps.md | 2 +- windows/client-management/mdm/policy-csp-messaging.md | 2 +- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- windows/client-management/mdm/policy-csp-mssecurityguide.md | 2 +- windows/client-management/mdm/policy-csp-msslegacy.md | 2 +- windows/client-management/mdm/policy-csp-multitasking.md | 2 +- windows/client-management/mdm/policy-csp-networkisolation.md | 2 +- windows/client-management/mdm/policy-csp-notifications.md | 2 +- windows/client-management/mdm/policy-csp-power.md | 2 +- windows/client-management/mdm/policy-csp-printers.md | 2 +- windows/client-management/mdm/policy-csp-privacy.md | 2 +- windows/client-management/mdm/policy-csp-remoteassistance.md | 2 +- .../client-management/mdm/policy-csp-remotedesktopservices.md | 2 +- windows/client-management/mdm/policy-csp-remotemanagement.md | 2 +- windows/client-management/mdm/policy-csp-remoteprocedurecall.md | 2 +- windows/client-management/mdm/policy-csp-remoteshell.md | 2 +- windows/client-management/mdm/policy-csp-restrictedgroups.md | 2 +- windows/client-management/mdm/policy-csp-search.md | 2 +- windows/client-management/mdm/policy-csp-security.md | 2 +- windows/client-management/mdm/policy-csp-settings.md | 2 +- windows/client-management/mdm/policy-csp-smartscreen.md | 2 +- windows/client-management/mdm/policy-csp-speech.md | 2 +- windows/client-management/mdm/policy-csp-start.md | 2 +- windows/client-management/mdm/policy-csp-storage.md | 2 +- windows/client-management/mdm/policy-csp-system.md | 2 +- windows/client-management/mdm/policy-csp-systemservices.md | 2 +- windows/client-management/mdm/policy-csp-taskmanager.md | 2 +- windows/client-management/mdm/policy-csp-taskscheduler.md | 2 +- windows/client-management/mdm/policy-csp-textinput.md | 2 +- .../client-management/mdm/policy-csp-timelanguagesettings.md | 2 +- windows/client-management/mdm/policy-csp-update.md | 2 +- windows/client-management/mdm/policy-csp-userrights.md | 2 +- windows/client-management/mdm/policy-csp-wifi.md | 2 +- .../mdm/policy-csp-windowsconnectionmanager.md | 2 +- .../mdm/policy-csp-windowsdefendersecuritycenter.md | 2 +- windows/client-management/mdm/policy-csp-windowsinkworkspace.md | 2 +- windows/client-management/mdm/policy-csp-windowslogon.md | 2 +- windows/client-management/mdm/policy-csp-windowspowershell.md | 2 +- windows/client-management/mdm/policy-csp-windowssandbox.md | 2 +- windows/client-management/mdm/policy-csp-wirelessdisplay.md | 2 +- windows/client-management/mdm/policy-ddf-file.md | 2 +- windows/client-management/mdm/policymanager-csp.md | 2 +- windows/client-management/mdm/provisioning-csp.md | 2 +- windows/client-management/mdm/proxy-csp.md | 2 +- windows/client-management/mdm/push-notification-windows-mdm.md | 2 +- windows/client-management/mdm/pxlogical-csp.md | 2 +- windows/client-management/mdm/reboot-csp.md | 2 +- windows/client-management/mdm/reboot-ddf-file.md | 2 +- windows/client-management/mdm/reclaim-seat-from-user.md | 2 +- .../register-your-free-azure-active-directory-subscription.md | 2 +- windows/client-management/mdm/registry-csp.md | 2 +- windows/client-management/mdm/registry-ddf-file.md | 2 +- windows/client-management/mdm/remotefind-csp.md | 2 +- windows/client-management/mdm/remotefind-ddf-file.md | 2 +- windows/client-management/mdm/remotelock-csp.md | 2 +- windows/client-management/mdm/remotelock-ddf-file.md | 2 +- windows/client-management/mdm/remotering-csp.md | 2 +- windows/client-management/mdm/remotering-ddf-file.md | 2 +- windows/client-management/mdm/remotewipe-csp.md | 2 +- windows/client-management/mdm/remotewipe-ddf-file.md | 2 +- windows/client-management/mdm/reporting-csp.md | 2 +- windows/client-management/mdm/reporting-ddf-file.md | 2 +- .../mdm/rest-api-reference-windows-store-for-business.md | 2 +- windows/client-management/mdm/rootcacertificates-csp.md | 2 +- windows/client-management/mdm/rootcacertificates-ddf-file.md | 2 +- windows/client-management/mdm/secureassessment-csp.md | 2 +- windows/client-management/mdm/secureassessment-ddf-file.md | 2 +- windows/client-management/mdm/securitypolicy-csp.md | 2 +- .../client-management/mdm/server-requirements-windows-mdm.md | 2 +- windows/client-management/mdm/sharedpc-csp.md | 2 +- windows/client-management/mdm/sharedpc-ddf-file.md | 2 +- windows/client-management/mdm/storage-csp.md | 2 +- windows/client-management/mdm/storage-ddf-file.md | 2 +- .../mdm/structure-of-oma-dm-provisioning-files.md | 2 +- windows/client-management/mdm/supl-csp.md | 2 +- windows/client-management/mdm/supl-ddf-file.md | 2 +- windows/client-management/mdm/surfacehub-csp.md | 2 +- windows/client-management/mdm/surfacehub-ddf-file.md | 2 +- windows/client-management/mdm/tenantlockdown-csp.md | 2 +- windows/client-management/mdm/tenantlockdown-ddf.md | 2 +- windows/client-management/mdm/tpmpolicy-csp.md | 2 +- windows/client-management/mdm/tpmpolicy-ddf-file.md | 2 +- windows/client-management/mdm/uefi-csp.md | 2 +- windows/client-management/mdm/uefi-ddf.md | 2 +- .../client-management/mdm/understanding-admx-backed-policies.md | 2 +- windows/client-management/mdm/unifiedwritefilter-csp.md | 2 +- windows/client-management/mdm/unifiedwritefilter-ddf.md | 2 +- windows/client-management/mdm/update-csp.md | 2 +- windows/client-management/mdm/update-ddf-file.md | 2 +- .../using-powershell-scripting-with-the-wmi-bridge-provider.md | 2 +- windows/client-management/mdm/vpn-csp.md | 2 +- windows/client-management/mdm/vpn-ddf-file.md | 2 +- windows/client-management/mdm/vpnv2-csp.md | 2 +- windows/client-management/mdm/vpnv2-ddf-file.md | 2 +- windows/client-management/mdm/vpnv2-profile-xsd.md | 2 +- windows/client-management/mdm/w4-application-csp.md | 2 +- windows/client-management/mdm/w7-application-csp.md | 2 +- windows/client-management/mdm/wifi-csp.md | 2 +- windows/client-management/mdm/wifi-ddf-file.md | 2 +- .../mdm/win32-and-centennial-app-policy-configuration.md | 2 +- windows/client-management/mdm/win32appinventory-csp.md | 2 +- windows/client-management/mdm/win32appinventory-ddf-file.md | 2 +- .../client-management/mdm/win32compatibilityappraiser-csp.md | 2 +- .../client-management/mdm/win32compatibilityappraiser-ddf.md | 2 +- .../client-management/mdm/windows-mdm-enterprise-settings.md | 2 +- .../mdm/windowsadvancedthreatprotection-csp.md | 2 +- .../mdm/windowsadvancedthreatprotection-ddf.md | 2 +- .../mdm/windowsdefenderapplicationguard-ddf-file.md | 2 +- windows/client-management/mdm/windowslicensing-csp.md | 2 +- windows/client-management/mdm/windowslicensing-ddf-file.md | 2 +- windows/client-management/mdm/windowssecurityauditing-csp.md | 2 +- .../client-management/mdm/windowssecurityauditing-ddf-file.md | 2 +- windows/client-management/mdm/wirednetwork-csp.md | 2 +- windows/client-management/mdm/wirednetwork-ddf-file.md | 2 +- .../client-management/mdm/wmi-providers-supported-in-windows.md | 2 +- 405 files changed, 405 insertions(+), 405 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index ff1a795031..2e205ff597 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: ManikaDhiman +author: dansimp ms.date: 07/10/2019 --- diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index ec3c19a568..f30bf1a37b 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -6,7 +6,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: ManikaDhiman +author: dansimp ms.reviewer: jsuther1974 ms.date: 09/10/2020 --- diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index bef6ad59ae..65249592e4 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/19/2020 --- diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index ea014bc83f..8a0175d5c7 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 3e01db80af..3d51e2242a 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 394340d101..618d0e992b 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/30/2021 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index b1e928dab2..6de4b2db7f 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index a2255c65ad..6fb876a9ef 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/02/2017 --- diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index 526e8194ac..b2de30efbe 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 158c447a9c..d3fa9cd287 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 2ec112f762..c59953d4c8 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index 214599045d..ef69c3172a 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 7531d8f6e2..d0805b88c8 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 --- diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 41ee326400..2405034726 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index a949e65d81..e66f875de4 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index a1c3221952..6e4d77d0e9 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 4ae84e1bab..3f37557638 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 07/23/2021 --- diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 30bf4dcaf7..421b6e794e 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/27/2020 --- diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 7abd7ff13e..fd5d1b65bf 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/03/2020 --- diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index 0091f4281a..a16a244d6f 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2018 --- diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index d8a024cf05..ff781e795b 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 44563f27f2..96728e1cf1 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/15/2017 --- diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md index 46280b0e0d..8514c7faf3 100644 --- a/windows/client-management/mdm/deviceinstanceservice-csp.md +++ b/windows/client-management/mdm/deviceinstanceservice-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index 4a28ab77f5..d76af99d37 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index 1408091172..fcc1f0a8e1 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 2f7cb9c748..e4ea1dfb9e 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index f137a5a2b4..3a78d54b4a 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 5282e5b15e..389830eebf 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/25/2021 --- diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 1507a0af81..06c40e8b1f 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/12/2018 --- diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index cc20902d98..760657a9ab 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index 63eb03e1bb..9b67950320 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index f61abce9ef..8ded6bad79 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/25/2018 --- diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 4be05d3fad..bc807b554d 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/19/2019 --- diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index adbe226978..4c7aa1da2e 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index 5cafbe183f..06bf54d96f 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index aa1152b77b..973955e073 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index c156622561..5dbeb9c0cd 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 896e0079e4..a1d070eedf 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 529d2e5984..c5615a37ff 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index 37d0a59b08..f49c1634b9 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -18,7 +18,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md index 8ca8faf4b0..3685b53c7f 100644 --- a/windows/client-management/mdm/dmsessionactions-csp.md +++ b/windows/client-management/mdm/dmsessionactions-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md index e0a6ffd44a..b3216363fe 100644 --- a/windows/client-management/mdm/dmsessionactions-ddf.md +++ b/windows/client-management/mdm/dmsessionactions-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 38187f2fe7..92395a6a48 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index 611754bacc..dbdec53e5f 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index f59c08c034..fd56c44b72 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index 0d128db89e..8bd6dc68c9 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index 6632a4864f..927665515a 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index 764585a83f..3e6626c547 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 11/01/2017 ms.reviewer: diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index 6b189b1bd5..ee3f4f4deb 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md index 7bc0818e3c..c13f5a7bca 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: ManikaDhiman +author: dansimp ms.date: 05/17/2019 --- diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md index 53c25eb42f..782e5fd968 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: ManikaDhiman +author: dansimp ms.date: 05/21/2019 --- diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index c04026eeed..e0938ded56 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index 4252e97e84..79aba7696f 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index 88a199e103..7cea8eb95b 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index b7d9bceaca..90c75f7797 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md index cd1a2c34c7..8b8c46d5d6 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index f5831c333f..9a80cd7419 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/12/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md index 0c052b582b..fd84f5628f 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md index db62544ad2..afcb4abeb4 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index ea688b39e4..fa824ab557 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/09/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index e65600f65e..f3f75b02b8 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index dad80ab697..756efa9433 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/11/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index 57735eb2a0..185aaff749 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 933a067ca4..944a5e7700 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md index bc97d705cd..3f80902e75 100644 --- a/windows/client-management/mdm/enterpriseext-csp.md +++ b/windows/client-management/mdm/enterpriseext-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md index 0d104bcb5f..1eaff1c2be 100644 --- a/windows/client-management/mdm/enterpriseext-ddf.md +++ b/windows/client-management/mdm/enterpriseext-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilessystem-csp.md b/windows/client-management/mdm/enterpriseextfilessystem-csp.md index 45cfa899fa..10e6185c86 100644 --- a/windows/client-management/mdm/enterpriseextfilessystem-csp.md +++ b/windows/client-management/mdm/enterpriseextfilessystem-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md index bcf7449405..5ba036b46f 100644 --- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md +++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index c7135a9887..6da20c0ec6 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/27/2019 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 9ab3f032fe..4220b8a7cb 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/01/2019 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index a17ca152c3..d8f4b9a7aa 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 51d4c6963e..722eab0bbb 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/02/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index c026f24d99..df25c69f74 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/02/2018 --- diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index ac15ddb5f4..20f41cf789 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/28/2017 --- diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md index 93f4ac0754..77e3f3c6aa 100644 --- a/windows/client-management/mdm/filesystem-csp.md +++ b/windows/client-management/mdm/filesystem-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 9ec61e7f3e..0c1850580c 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 01/26/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index d73070a8cd..6a44d17fb6 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index 75bf5449df..ea3ec8c560 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 6eddfc998b..09d579ab79 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/07/2020 --- diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 03a6236d85..61ebfd7682 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index 725ac1fbfb..8532bbf07a 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index dfca16bc90..347709bd57 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 7cbef1f724..34ec801669 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 87856507dc..8359ed42f5 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index aefc12eace..1f5e8d33c8 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index b6d539d7a8..2ac228376e 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index ba2239107a..116bdf9eeb 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md index b16afaeeac..4d8a2f9efd 100644 --- a/windows/client-management/mdm/hotspot-csp.md +++ b/windows/client-management/mdm/hotspot-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index 6b06321ab7..d17ca6923f 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/27/2017 --- diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md index 62f433fb19..b601c8de59 100644 --- a/windows/client-management/mdm/maps-csp.md +++ b/windows/client-management/mdm/maps-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md index f450ff41ab..35b55d0541 100644 --- a/windows/client-management/mdm/maps-ddf-file.md +++ b/windows/client-management/mdm/maps-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md index 6b9e0f7439..ec5c670d94 100644 --- a/windows/client-management/mdm/messaging-csp.md +++ b/windows/client-management/mdm/messaging-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md index b81850514b..53ca2ffa62 100644 --- a/windows/client-management/mdm/messaging-ddf.md +++ b/windows/client-management/mdm/messaging-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md index ce2e37b5cf..d51714272e 100644 --- a/windows/client-management/mdm/mobile-device-enrollment.md +++ b/windows/client-management/mdm/mobile-device-enrollment.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/11/2017 --- diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index 0aa2ecb314..a3c728cedf 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/22/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index 6f0dedf3ef..a2a15b7270 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 02/27/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index 23566fafeb..851bb15498 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index b55f9c2af8..ecc411e74c 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 304fad34b7..34b7bd5a29 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/29/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index 7d54fe0d70..ad85325f3d 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index cb6bce4145..16f73ee265 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 04/22/2021 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 6d97971bc8..4a5a4f7c73 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index e622980450..f251959e71 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/20/2020 --- diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index cf3255abdd..fb90ab38bf 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index 1ba147e323..a2a932cf3c 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 8f7b8a0339..a27648894f 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/15/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index c05ac0e4f4..bf80dd8d38 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index df99069206..f6748fc8cf 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md index ad57b91ada..281e6a417c 100644 --- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 43c92696a6..3104efbb91 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/19/2019 --- diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 6b41fd9681..2a3c658341 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/29/2019 --- diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index e39f58865b..70a0e8e468 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index a6b96e3513..37810076b7 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 75602faa6d..9001dfc01d 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/08/2020 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 6810fa8557..09128a9411 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md index 2c29c2cfb0..f793fee9c0 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/17/2019 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md index eefbfd3f36..744468664a 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 3a56c3ee59..931bac4d55 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/11/2021 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md index 1ca27243bd..1b38215155 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/16/2019 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index 64ba21eb29..bcfd5e7688 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 07/22/2020 --- diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md index b8e94444fa..3622a69d69 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md +++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 --- diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index c35593115a..9cc2d60fb4 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 --- diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 0c6a3a0919..6f87ece50a 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/27/2019 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index ac1c887b4d..61cf60f3e2 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/27/2019 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 24c48fb672..f1193559b0 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/27/2019 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index 24a507b648..b230bafa37 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index bd717b4f4c..f33d67d795 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md index a6c28668ec..bbdf162b96 100644 --- a/windows/client-management/mdm/policy-csp-admx-admpwd.md +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index 62d8e5d724..f72ca58f9e 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 08/20/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 34f70859b4..d8f406da87 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/10/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 014b6e900a..b576ac05ef 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/10/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 9599944abb..7464079b65 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/10/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index dd12ea6895..bb170ebdab 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index b2b6eb5b1a..4b9879101a 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/20/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 47645f0ff2..670e7c578f 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/17/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index 7194265e4c..f5e37d2bc5 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 4a29df9e09..1bcd8be9e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/05/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index 6c296bb84e..f9300d4161 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/05/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index a82e75291d..6b86b9df05 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/26/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 9f23032e63..f51e026348 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/11/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 1727b06582..f46cf81e91 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/12/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index 74ca43a15d..ac2e35856f 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 9f4a221879..97cc95cbb2 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/26/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index 2516764fd8..c000bba436 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 373eb5993e..2eabaaeae1 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/02/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index da691af1d2..5fb3b1ab0d 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/08/2021 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index 2fdf74c249..a3134467f0 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/19/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 40535ec1ad..b10baa9f1f 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/19/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 4861b9361c..f0e0a8c94b 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/31/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 8c87c6a397..fc78b3e067 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/12/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index a74427d575..1454ba448e 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/12/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 3667af8c3f..9c0df6db20 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/22/2021 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 123c5d9397..b232d9d0d1 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/12/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 81111e9698..9811c29121 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/31/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 67591920ee..91cb030ac3 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/19/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 85beacd4f0..a7ff7d4d68 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/02/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 5227d2cf7e..a692e4fcb6 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 28f9e8a040..6c20f1ec4f 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index b4eb5d0846..a921c26306 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/17/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 6915902bcc..8b72a00ae5 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index 7442e37060..ee681f3950 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/08/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index 09887d489e..17a19242ab 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/24/2021 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 43ae28d39a..3e70ab2db6 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/02/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 965a2920fc..0c331c52ac 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/02/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 2e93610755..1c7cdd35b3 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/02/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index e4e5b92db9..59277faada 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/14/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 922cdadcd9..689bd456e8 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/21/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 044e7d1604..0a6efc8504 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/03/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index b02ac3468d..efecd9ba90 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/03/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 1a9adefa7a..d66680774a 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/17/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index d4c543becb..81bbae3e7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/17/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index cf9323f27b..0c1cd5e5c1 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 46a12ad222..4bab0e260f 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/12/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 8a5e73d113..119bebf9a2 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index c3c9143667..92f095b1b3 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/08/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index cc5b692c4e..9bbf28b095 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/04/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index d9fa3eba6c..b3eb5daa6c 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/21/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 472e97e0dd..b99af194f0 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/02/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 3fabf24629..484a50f29c 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/03/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 7adda15df2..5e6ed7ab8f 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index a29be63796..2c60d94cb6 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/14/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index a64d59a084..431ea56c91 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/08/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index cb9d34e0a7..5c8853de78 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 0b9e078f08..8c1b404e98 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/16/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 68c1113a9d..1f94a79c74 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/14/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index c95af60111..975b877da8 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/14/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 211944a755..30b35011e4 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/15/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 9554e5586c..8f15ec2637 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/21/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 6306f50618..a8a77637c2 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/21/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index 8cceff6fd1..10a0691b43 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/16/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index 5e7272c1fa..81f940edb7 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/22/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 08b4c76099..a9c0eb4eeb 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/16/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index caf86878b4..4b33f249f2 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/22/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 30033c752e..1812912a63 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/26/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index bdca0b5b73..f874baf165 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 4dfce7fe68..65b6dea578 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/15/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 4b1406d7d8..d143b2db00 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/15/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index 323991c4dd..e50c514004 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index d3b4f54bcd..f61cc0beed 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index 19eb6c5f99..e8f7c72b68 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/08/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 44f8aa9c7a..0aba32f919 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index a113720e2a..061e6dbdaa 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/14/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index b4702ea9a9..1fa70e6de3 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/10/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index a7e9503b4d..99ffd49896 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/08/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 3bdc0e45c4..18f1dd991d 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/17/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 52846fbf18..cf9c39a4e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index c7258fdefb..fde7dbd784 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/17/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 3c8bcf97f3..a72cbd7f8b 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index cbc2c487c9..ba2edb8544 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/22/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 3e5ebef550..dda7e742bc 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 4143f53a1d..e016737ad9 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index d7e1a06c40..2cf1f3058c 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 02710cdbc6..f66b8da2e0 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/21/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index daa021e258..bcf6ecac2a 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/21/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 378c763b7e..eedeff30a9 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index d998532027..b0422c380f 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 1815ec5b71..2a7ccc21a9 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/24/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index 319ec75077..2d3b3f2438 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/01/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index b4d896bd9a..de2231cdc5 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index eeec4fbe21..26372c41d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/20/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 45f2c78531..aa45e18469 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index db213fb7c6..fa707d47fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 453db3c5a5..3ded2647d5 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/26/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 9d80c0fee4..39eec8cfbc 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 020a16e814..c49ec2e57e 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index a91f4d4dbf..3e13e605d4 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/25/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index d8db861cd0..54c44ce833 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index e72c9302d4..3642c86136 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/25/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index c5d8534a22..efaab4d897 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/30/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index 0e9b2915aa..3e8bffc257 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/11/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 9e63436cad..ea68d694af 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/28/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index edc97d7b99..dc3eca8ea1 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/22/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index deeb8aa9fd..a88dc2a7a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index defebeea7a..24bd7480ee 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/28/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index b8f01b7acc..22382849ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/27/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index f617ea7ac1..cd88b47a11 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/28/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 8f4fcb6aee..02566d04f8 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/29/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index a91d37e363..9272c9674a 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 93a0e791e6..445182e875 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index d7d5be086b..d9eabbe87e 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/16/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index 2bfab9c4f9..ec73e46f1f 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/26/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 21db8f3eb7..1fd0f316e0 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/29/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 4815f22461..7472277fad 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/09/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index cc54ab10cf..4ea30adbcc 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 02/25/2021 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 3b51a05223..6a9a269b22 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/27/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 892a854f3b..ca2942f661 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/13/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index e9271f85fa..fd97c5209c 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 6f4d1c0ab7..cc10a876df 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 02/11/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 2dceedd9e7..22b203b808 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index eab73f7973..81acc11f99 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 2dfb909253..2c9bc1ffaa 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 2e230cb185..a676ade4a4 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 --- diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 4e97a918dd..e2f6e46337 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.reviewer: bobgil manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index d640d694de..af9c1637c7 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 1d8732124d..b93f270728 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index ba9f8f6faa..87c89649e7 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index e1f793c301..b8bf07d53e 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 02/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 5a5146d9c9..72b2422370 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index bac4e6acd0..4d3b0273fc 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 92d7f99951..e47faa64e4 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 8bccfdc6c0..2d476345c1 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 2703ba55b1..f7fd75c449 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index eeb8d5f01c..9d74d8dbfe 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 4b324711ac..bd5f94a030 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 2e026dc10d..3287e3c42b 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 5c6efed53f..d5258e4c21 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index ca9cf858a7..c78ddfc8e2 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 01/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index f3e55339bd..1e785fcf05 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 06/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 3bfc6411da..910e88d4db 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 24122e6369..54e318a75b 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index 8f4f64b674..8b8c9d71b8 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 526e8455ba..e5b9038a9d 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -8,7 +8,7 @@ ms.date: 09/27/2019 ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium --- diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 3202cba348..06fd224de3 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 4137123ca8..d160e2befa 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 283d358e83..eac4efa9b1 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 1b58f4f721..d8f65eca55 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 5ee8ee2c38..a4d0b77658 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 55b37761d8..0343891164 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index f92e2b8873..2c119d726c 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 0ccced2ba2..b59a08e6bd 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 11/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 1a848006a9..48f49f243c 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index c97dbe9c0f..c923c5d948 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 5d0fe657bd..76dd5be77e 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index c5a515ad26..0195d9d2b9 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 0d7477c988..4c2acf2f1f 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index f8998a02ca..797c959695 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 2be1fe754d..9a8bf1b3de 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 6431ce85c6..e952a31698 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 76c2ac0a9f..e0917ea90a 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 4e63e3a667..e2524364e2 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index eb0909bc17..a2b20f4e9a 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index b4bdbe04ff..a2322e315e 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index c3a496e5af..4ddb8420c4 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/12/2021 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 0398ed0f7b..c6c9f4dc6c 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index c174f0d022..75e878dfcd 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index 94735d8079..724c915cd2 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/30/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 783b623eb6..0d1ded35d6 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 04ae2fdad8..e6c8b94e2e 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 40608a9582..e3a90c8d49 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index dd98ee8b66..31838c3e8d 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index c42fd88b34..ed6b992d77 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index c77c405c7c..a5d1734ebe 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index e8d48691b8..60313b8a8b 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index c21c176ea1..2c3f55e5c6 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 7e1a2b17b8..324f83e65c 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index f20b3d40a5..f6298cfc0e 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 4ad4d34258..6a1f2a4c55 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 04/07/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index c8c759b537..cf795c1d08 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 02/12/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 0d797d3aa8..8046000b1b 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index e8a9056514..dbac92048d 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 968f13ee3d..24e3616a8b 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 2901b2e7fa..8f5a27a6be 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index e10955c4e8..f9c4600794 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 7e447cca39..609c56d0fb 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 5a1ac4c656..74910d2bde 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 08/26/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 9f69fd9f49..f3735f4e4f 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 05350792d2..0ac548d25d 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 33503f668e..3daaf92f03 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index b87c6ba25f..d0b1ebce9b 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 44c93fa4d6..452ebac7a5 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/28/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index f2268b6826..287df81471 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 11/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index fc2cc3f8c0..d6399b3c29 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 9c8862d57d..35c501cd84 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 558874655b..5b53b17711 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index c8d97d320f..96802ce5ed 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 7b2ccdad41..02a676f201 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index c24d78a6aa..2712c5ecf7 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 3b87148b96..2c288f1fc9 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 11523075ed..7be90f4bd3 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/14/2020 --- diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index db9b3db078..ed39e72d22 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 492cb2a9cd..df9e380d5d 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.localizationpriority: medium ms.date: 10/28/2020 --- diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md index 9b7fb6c9c3..bf8030439e 100644 --- a/windows/client-management/mdm/policymanager-csp.md +++ b/windows/client-management/mdm/policymanager-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/28/2017 --- diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 19a77a2233..374211baf5 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 3c5650efee..c3f6a1425a 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index e5a9558b87..58191d9e4c 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index b3403aa213..0c2cc36ac1 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 11c8abe4a7..29f60b6588 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index 25b01da483..e59a647a46 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index bf62f0e902..25bb833d31 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 05/05/2020 --- diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index 0e30b811fd..d4711e38f5 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 678f6bcaf6..1b24fb4c81 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md index b832111b61..50b76045c8 100644 --- a/windows/client-management/mdm/registry-ddf-file.md +++ b/windows/client-management/mdm/registry-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 9edaac5fed..0bf2d3475e 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index f4dc624420..1e69edaddd 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index a5449b18b7..691c1b0048 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md index 523420f496..1bb82217f8 100644 --- a/windows/client-management/mdm/remotelock-ddf-file.md +++ b/windows/client-management/mdm/remotelock-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index 245d720446..b6eaee7239 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md index ae6cd812ee..63f37480f6 100644 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ b/windows/client-management/mdm/remotering-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index e83d92dc86..dae5086aec 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index 01506c683d..29eac57387 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 29b37e7c8f..05132f0e72 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index 0aba004b0f..ef1a7cc4f2 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index 4c795f6020..03f641e9be 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 8e308efdbd..fcea6590a8 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/06/2018 --- diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index 6777dfd188..2adb099684 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/07/2018 --- diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 7bc475097e..722cf2fdbd 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index 1f0a6e0996..f44718905c 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index 1dd7aadaf2..caf23e9c0f 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md index bb85c4cf6a..aab509a511 100644 --- a/windows/client-management/mdm/server-requirements-windows-mdm.md +++ b/windows/client-management/mdm/server-requirements-windows-mdm.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 1f66c6f5b3..dcab040062 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 01/16/2019 --- diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index f844be5696..fd63786a4b 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index b1754f157e..4282089740 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index fa2c0e8e78..368533e5a3 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 40a76e758a..985a5622d9 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index de33c2021a..4b83c206dd 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/12/2019 --- diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 676807359f..b662129f03 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/03/2020 --- diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 5de6503748..8366db3150 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/28/2017 --- diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index c0d213fb5c..c70e8a7fbb 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index 0b227fde7b..ca020a26a0 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index 1c82d32070..2ca340d369 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/13/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 5eb1286835..6e2dc12df3 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/01/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md index 88b63b1c8f..91674dd95b 100644 --- a/windows/client-management/mdm/tpmpolicy-ddf-file.md +++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index d0422786fe..dc6d399c07 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/02/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md index e1504fc76c..07fcfcd80f 100644 --- a/windows/client-management/mdm/uefi-ddf.md +++ b/windows/client-management/mdm/uefi-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/02/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index d590526ff8..682192c818 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index cf221f1bbe..ac12b7db2e 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index 0bfe9fe945..fdec714579 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 7adde63055..7580ff8e22 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index 714022f5eb..877ac7fd2b 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md index 04c6edb4d2..be2b945e86 100644 --- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 41d401cfd1..3cecc2a632 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 04/02/2017 --- diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index e6d4dadc9b..4a9221185b 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 84ee2f2ad3..ae8aef55a6 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/21/2021 --- diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index 7a458d237c..b9863e74f7 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 10/30/2020 --- diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index 380918d178..72af62ee25 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/14/2020 --- diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 8caeb2ef6c..080d7049c2 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 0251786c1e..9015b2a89c 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 69fa3cba01..61dfd124af 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/18/2019 --- diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index f500e2effe..455974c278 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/28/2018 --- diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index 934405414e..c625ec3a7c 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 03/23/2020 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 1a31d2aff8..945fe8163d 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index 9de548701c..41cc1f1b27 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index 93c4245eda..ec9dd82b89 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/19/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index d4f1fe692d..80c0540587 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/19/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index bf253d24da..02d21910b6 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index c61631d50a..edb1043e75 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index 6abd7b2df8..053fd5728b 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index 789ed32572..90567d9146 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 09/10/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index fc9b76d5fb..a41598722c 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index 679a8ba69c..a21bff7acb 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 07/16/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index a7f488c96a..dd3fac5c64 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md index 963a620809..183ae45f91 100644 --- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md +++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index 77b5add034..38e2446372 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/27/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md index c44db67ef5..0d66b60510 100644 --- a/windows/client-management/mdm/wirednetwork-ddf-file.md +++ b/windows/client-management/mdm/wirednetwork-ddf-file.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/28/2018 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 464f61bdd7..5167384668 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -11,7 +11,7 @@ ms.author: dansimp ms.topic: article ms.prod: m365-security ms.technology: windows-sec -author: manikadhiman +author: dansimp ms.date: 06/26/2017 --- From 2091f4399d998867f3a036fd81218bcf6516b342 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 29 Oct 2021 10:26:33 +0530 Subject: [PATCH 012/335] reverted changes --- .../client-management/mdm/Language-pack-management-csp.md | 4 ++-- windows/client-management/mdm/accountmanagement-csp.md | 4 ++-- windows/client-management/mdm/accountmanagement-ddf.md | 4 ++-- windows/client-management/mdm/accounts-csp.md | 4 ++-- windows/client-management/mdm/accounts-ddf-file.md | 4 ++-- windows/client-management/mdm/activesync-csp.md | 4 ++-- windows/client-management/mdm/activesync-ddf-file.md | 4 ++-- .../mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md | 4 ++-- windows/client-management/mdm/alljoynmanagement-csp.md | 4 ++-- windows/client-management/mdm/alljoynmanagement-ddf.md | 4 ++-- windows/client-management/mdm/application-csp.md | 4 ++-- windows/client-management/mdm/applicationcontrol-csp-ddf.md | 4 ++-- windows/client-management/mdm/applicationcontrol-csp.md | 4 ++-- windows/client-management/mdm/applocker-csp.md | 4 ++-- windows/client-management/mdm/applocker-ddf-file.md | 4 ++-- windows/client-management/mdm/applocker-xsd.md | 4 ++-- windows/client-management/mdm/appv-deploy-and-config.md | 4 ++-- windows/client-management/mdm/assign-seats.md | 4 ++-- windows/client-management/mdm/assignedaccess-csp.md | 4 ++-- windows/client-management/mdm/assignedaccess-ddf.md | 4 ++-- .../mdm/azure-active-directory-integration-with-mdm.md | 4 ++-- ...oft-intune-automatic-mdm-enrollment-in-the-new-portal.md | 4 ++-- windows/client-management/mdm/bitlocker-csp.md | 4 ++-- windows/client-management/mdm/bitlocker-ddf-file.md | 4 ++-- windows/client-management/mdm/bootstrap-csp.md | 4 ++-- windows/client-management/mdm/browserfavorite-csp.md | 4 ++-- .../mdm/bulk-assign-and-reclaim-seats-from-user.md | 4 ++-- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 4 ++-- windows/client-management/mdm/cellularsettings-csp.md | 4 ++-- .../mdm/certificate-authentication-device-enrollment.md | 4 ++-- .../mdm/certificate-renewal-windows-mdm.md | 4 ++-- windows/client-management/mdm/certificatestore-csp.md | 4 ++-- windows/client-management/mdm/certificatestore-ddf-file.md | 4 ++-- .../mdm/change-history-for-mdm-documentation.md | 4 ++-- windows/client-management/mdm/cleanpc-csp.md | 4 ++-- windows/client-management/mdm/cleanpc-ddf.md | 4 ++-- .../client-management/mdm/clientcertificateinstall-csp.md | 4 ++-- .../mdm/clientcertificateinstall-ddf-file.md | 4 ++-- windows/client-management/mdm/cm-cellularentries-csp.md | 4 ++-- windows/client-management/mdm/cm-proxyentries-csp.md | 4 ++-- windows/client-management/mdm/cmpolicy-csp.md | 4 ++-- windows/client-management/mdm/cmpolicyenterprise-csp.md | 4 ++-- .../client-management/mdm/cmpolicyenterprise-ddf-file.md | 4 ++-- .../mdm/configuration-service-provider-reference.md | 4 ++-- windows/client-management/mdm/customdeviceui-csp.md | 4 ++-- windows/client-management/mdm/customdeviceui-ddf.md | 4 ++-- .../mdm/data-structures-windows-store-for-business.md | 4 ++-- windows/client-management/mdm/defender-csp.md | 4 ++-- windows/client-management/mdm/defender-ddf.md | 4 ++-- windows/client-management/mdm/devdetail-csp.md | 4 ++-- windows/client-management/mdm/devdetail-ddf-file.md | 4 ++-- windows/client-management/mdm/developersetup-csp.md | 4 ++-- windows/client-management/mdm/developersetup-ddf.md | 4 ++-- windows/client-management/mdm/device-update-management.md | 4 ++-- windows/client-management/mdm/deviceinstanceservice-csp.md | 4 ++-- windows/client-management/mdm/devicelock-csp.md | 4 ++-- windows/client-management/mdm/devicelock-ddf-file.md | 4 ++-- windows/client-management/mdm/devicemanageability-csp.md | 4 ++-- windows/client-management/mdm/devicemanageability-ddf.md | 4 ++-- windows/client-management/mdm/devicestatus-csp.md | 4 ++-- windows/client-management/mdm/devicestatus-ddf.md | 4 ++-- windows/client-management/mdm/devinfo-csp.md | 4 ++-- windows/client-management/mdm/devinfo-ddf-file.md | 4 ++-- .../mdm/diagnose-mdm-failures-in-windows-10.md | 4 ++-- windows/client-management/mdm/diagnosticlog-csp.md | 4 ++-- windows/client-management/mdm/diagnosticlog-ddf.md | 4 ++-- .../mdm/disconnecting-from-mdm-unenrollment.md | 4 ++-- windows/client-management/mdm/dmacc-csp.md | 4 ++-- windows/client-management/mdm/dmacc-ddf-file.md | 4 ++-- windows/client-management/mdm/dmclient-csp.md | 4 ++-- windows/client-management/mdm/dmclient-ddf-file.md | 4 ++-- windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 4 ++-- windows/client-management/mdm/dmsessionactions-csp.md | 4 ++-- windows/client-management/mdm/dmsessionactions-ddf.md | 4 ++-- windows/client-management/mdm/dynamicmanagement-csp.md | 4 ++-- windows/client-management/mdm/dynamicmanagement-ddf.md | 4 ++-- windows/client-management/mdm/eap-configuration.md | 4 ++-- windows/client-management/mdm/email2-csp.md | 4 ++-- windows/client-management/mdm/email2-ddf-file.md | 4 ++-- .../mdm/enable-admx-backed-policies-in-mdm.md | 4 ++-- ...r-windows-embedded-8-1-handheld-devices-to-windows-10.md | 4 ++-- ...-a-windows-10-device-automatically-using-group-policy.md | 6 +++--- .../mdm/enrollmentstatustracking-csp-ddf.md | 4 ++-- .../client-management/mdm/enrollmentstatustracking-csp.md | 4 ++-- windows/client-management/mdm/enterprise-app-management.md | 4 ++-- windows/client-management/mdm/enterpriseapn-csp.md | 4 ++-- windows/client-management/mdm/enterpriseapn-ddf.md | 4 ++-- .../client-management/mdm/enterpriseappmanagement-csp.md | 4 ++-- .../client-management/mdm/enterpriseappvmanagement-csp.md | 4 ++-- .../client-management/mdm/enterpriseappvmanagement-ddf.md | 4 ++-- .../client-management/mdm/enterpriseassignedaccess-csp.md | 4 ++-- .../client-management/mdm/enterpriseassignedaccess-ddf.md | 4 ++-- .../client-management/mdm/enterpriseassignedaccess-xsd.md | 4 ++-- .../client-management/mdm/enterprisedataprotection-csp.md | 4 ++-- .../mdm/enterprisedataprotection-ddf-file.md | 4 ++-- .../mdm/enterprisedesktopappmanagement-csp.md | 4 ++-- .../mdm/enterprisedesktopappmanagement-ddf-file.md | 4 ++-- .../mdm/enterprisedesktopappmanagement2-xsd.md | 4 ++-- windows/client-management/mdm/enterpriseext-csp.md | 4 ++-- windows/client-management/mdm/enterpriseext-ddf.md | 4 ++-- .../client-management/mdm/enterpriseextfilessystem-csp.md | 4 ++-- .../client-management/mdm/enterpriseextfilesystem-ddf.md | 4 ++-- .../mdm/enterprisemodernappmanagement-csp.md | 4 ++-- .../mdm/enterprisemodernappmanagement-ddf.md | 4 ++-- .../mdm/enterprisemodernappmanagement-xsd.md | 4 ++-- windows/client-management/mdm/euiccs-csp.md | 4 ++-- windows/client-management/mdm/euiccs-ddf-file.md | 4 ++-- .../mdm/federated-authentication-device-enrollment.md | 4 ++-- windows/client-management/mdm/filesystem-csp.md | 4 ++-- windows/client-management/mdm/firewall-csp.md | 4 ++-- windows/client-management/mdm/firewall-ddf-file.md | 4 ++-- windows/client-management/mdm/get-inventory.md | 4 ++-- .../client-management/mdm/get-localized-product-details.md | 4 ++-- windows/client-management/mdm/get-offline-license.md | 4 ++-- windows/client-management/mdm/get-product-details.md | 4 ++-- windows/client-management/mdm/get-product-package.md | 4 ++-- windows/client-management/mdm/get-product-packages.md | 4 ++-- windows/client-management/mdm/get-seat.md | 4 ++-- .../client-management/mdm/get-seats-assigned-to-a-user.md | 4 ++-- windows/client-management/mdm/get-seats.md | 4 ++-- windows/client-management/mdm/healthattestation-csp.md | 4 ++-- windows/client-management/mdm/healthattestation-ddf.md | 4 ++-- windows/client-management/mdm/hotspot-csp.md | 4 ++-- .../implement-server-side-mobile-application-management.md | 4 ++-- windows/client-management/mdm/index.md | 4 ++-- .../mdm/management-tool-for-windows-store-for-business.md | 4 ++-- windows/client-management/mdm/maps-csp.md | 4 ++-- windows/client-management/mdm/maps-ddf-file.md | 4 ++-- .../mdm/mdm-enrollment-of-windows-devices.md | 4 ++-- windows/client-management/mdm/messaging-csp.md | 4 ++-- windows/client-management/mdm/messaging-ddf.md | 4 ++-- windows/client-management/mdm/mobile-device-enrollment.md | 4 ++-- windows/client-management/mdm/multisim-csp.md | 4 ++-- windows/client-management/mdm/multisim-ddf.md | 4 ++-- windows/client-management/mdm/nap-csp.md | 4 ++-- windows/client-management/mdm/napdef-csp.md | 4 ++-- windows/client-management/mdm/networkproxy-csp.md | 4 ++-- windows/client-management/mdm/networkproxy-ddf.md | 4 ++-- windows/client-management/mdm/networkqospolicy-csp.md | 4 ++-- windows/client-management/mdm/networkqospolicy-ddf.md | 4 ++-- .../mdm/new-in-windows-mdm-enrollment-management.md | 4 ++-- windows/client-management/mdm/nodecache-csp.md | 4 ++-- windows/client-management/mdm/nodecache-ddf-file.md | 4 ++-- windows/client-management/mdm/office-csp.md | 4 ++-- windows/client-management/mdm/office-ddf.md | 4 ++-- windows/client-management/mdm/oma-dm-protocol-support.md | 4 ++-- .../mdm/on-premise-authentication-device-enrollment.md | 4 ++-- windows/client-management/mdm/passportforwork-csp.md | 4 ++-- windows/client-management/mdm/passportforwork-ddf.md | 4 ++-- windows/client-management/mdm/personalization-csp.md | 4 ++-- windows/client-management/mdm/personalization-ddf.md | 4 ++-- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-group-policy.md | 4 ++-- ...cy-csp-supported-by-hololens-1st-gen-commercial-suite.md | 4 ++-- ...csp-supported-by-hololens-1st-gen-development-edition.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-iot-core.md | 4 ++-- .../mdm/policies-in-policy-csp-supported-by-surface-hub.md | 4 ++-- .../mdm/policies-in-policy-csp-that-can-be-set-using-eas.md | 4 ++-- .../mdm/policy-configuration-service-provider.md | 4 ++-- windows/client-management/mdm/policy-csp-abovelock.md | 4 ++-- windows/client-management/mdm/policy-csp-accounts.md | 4 ++-- windows/client-management/mdm/policy-csp-activexcontrols.md | 4 ++-- .../mdm/policy-csp-admx-activexinstallservice.md | 4 ++-- .../mdm/policy-csp-admx-addremoveprograms.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-admpwd.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-appcompat.md | 4 ++-- .../mdm/policy-csp-admx-appxpackagemanager.md | 4 ++-- .../client-management/mdm/policy-csp-admx-appxruntime.md | 4 ++-- .../mdm/policy-csp-admx-attachmentmanager.md | 4 ++-- .../client-management/mdm/policy-csp-admx-auditsettings.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-bits.md | 4 ++-- .../mdm/policy-csp-admx-ciphersuiteorder.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-com.md | 4 ++-- .../client-management/mdm/policy-csp-admx-controlpanel.md | 4 ++-- .../mdm/policy-csp-admx-controlpaneldisplay.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-cpls.md | 4 ++-- .../mdm/policy-csp-admx-credentialproviders.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-credssp.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-credui.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md | 4 ++-- .../client-management/mdm/policy-csp-admx-datacollection.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dcom.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-desktop.md | 4 ++-- .../client-management/mdm/policy-csp-admx-devicecompat.md | 4 ++-- .../client-management/mdm/policy-csp-admx-deviceguard.md | 4 ++-- .../mdm/policy-csp-admx-deviceinstallation.md | 4 ++-- .../client-management/mdm/policy-csp-admx-devicesetup.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dfs.md | 4 ++-- .../client-management/mdm/policy-csp-admx-digitallocker.md | 4 ++-- .../client-management/mdm/policy-csp-admx-diskdiagnostic.md | 4 ++-- .../client-management/mdm/policy-csp-admx-disknvcache.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-diskquota.md | 4 ++-- .../mdm/policy-csp-admx-distributedlinktracking.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dnsclient.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-dwm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-eaime.md | 4 ++-- .../mdm/policy-csp-admx-encryptfilesonmove.md | 4 ++-- .../mdm/policy-csp-admx-enhancedstorage.md | 4 ++-- .../client-management/mdm/policy-csp-admx-errorreporting.md | 4 ++-- .../mdm/policy-csp-admx-eventforwarding.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-eventlog.md | 4 ++-- .../client-management/mdm/policy-csp-admx-eventlogging.md | 4 ++-- .../client-management/mdm/policy-csp-admx-eventviewer.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-explorer.md | 4 ++-- .../client-management/mdm/policy-csp-admx-externalboot.md | 4 ++-- .../client-management/mdm/policy-csp-admx-filerecovery.md | 4 ++-- .../client-management/mdm/policy-csp-admx-filerevocation.md | 4 ++-- .../mdm/policy-csp-admx-fileservervssprovider.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-filesys.md | 4 ++-- .../mdm/policy-csp-admx-folderredirection.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-framepanes.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-fthsvc.md | 4 ++-- .../client-management/mdm/policy-csp-admx-globalization.md | 4 ++-- .../client-management/mdm/policy-csp-admx-grouppolicy.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-help.md | 4 ++-- .../client-management/mdm/policy-csp-admx-helpandsupport.md | 4 ++-- .../client-management/mdm/policy-csp-admx-hotspotauth.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-icm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-iis.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-iscsi.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-kdc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-kerberos.md | 4 ++-- .../client-management/mdm/policy-csp-admx-lanmanserver.md | 4 ++-- .../mdm/policy-csp-admx-lanmanworkstation.md | 4 ++-- .../client-management/mdm/policy-csp-admx-leakdiagnostic.md | 4 ++-- .../mdm/policy-csp-admx-linklayertopologydiscovery.md | 4 ++-- .../mdm/policy-csp-admx-locationprovideradm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-logon.md | 4 ++-- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-mmc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-mmcsnapins.md | 4 ++-- .../mdm/policy-csp-admx-mobilepcmobilitycenter.md | 4 ++-- .../mdm/policy-csp-admx-mobilepcpresentationsettings.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msapolicy.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msched.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msdt.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-msi.md | 4 ++-- .../mdm/policy-csp-admx-msifilerecovery.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-nca.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-ncsi.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-netlogon.md | 4 ++-- .../mdm/policy-csp-admx-networkconnections.md | 4 ++-- .../client-management/mdm/policy-csp-admx-offlinefiles.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-pca.md | 4 ++-- .../mdm/policy-csp-admx-peertopeercaching.md | 4 ++-- .../client-management/mdm/policy-csp-admx-pentraining.md | 4 ++-- .../mdm/policy-csp-admx-performancediagnostics.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-power.md | 4 ++-- .../mdm/policy-csp-admx-powershellexecutionpolicy.md | 4 ++-- .../mdm/policy-csp-admx-previousversions.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-printing.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-printing2.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-programs.md | 4 ++-- .../client-management/mdm/policy-csp-admx-pushtoinstall.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-radar.md | 4 ++-- .../client-management/mdm/policy-csp-admx-reliability.md | 4 ++-- .../mdm/policy-csp-admx-remoteassistance.md | 4 ++-- .../mdm/policy-csp-admx-removablestorage.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-rpc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-scripts.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sdiageng.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sdiagschd.md | 4 ++-- .../client-management/mdm/policy-csp-admx-securitycenter.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sensors.md | 4 ++-- .../client-management/mdm/policy-csp-admx-servermanager.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-servicing.md | 4 ++-- .../client-management/mdm/policy-csp-admx-settingsync.md | 4 ++-- .../client-management/mdm/policy-csp-admx-sharedfolders.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-sharing.md | 4 ++-- .../mdm/policy-csp-admx-shellcommandpromptregedittools.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-smartcard.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-snmp.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-soundrec.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-srmfci.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-startmenu.md | 4 ++-- .../client-management/mdm/policy-csp-admx-systemrestore.md | 4 ++-- .../client-management/mdm/policy-csp-admx-tabletshell.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-taskbar.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-tcpip.md | 4 ++-- .../client-management/mdm/policy-csp-admx-terminalserver.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-thumbnails.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-touchinput.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-tpm.md | 4 ++-- .../mdm/policy-csp-admx-userexperiencevirtualization.md | 4 ++-- .../client-management/mdm/policy-csp-admx-userprofiles.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-w32time.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wcm.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wdi.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wincal.md | 4 ++-- .../mdm/policy-csp-admx-windowscolorsystem.md | 4 ++-- .../mdm/policy-csp-admx-windowsconnectnow.md | 4 ++-- .../mdm/policy-csp-admx-windowsexplorer.md | 4 ++-- .../mdm/policy-csp-admx-windowsmediadrm.md | 4 ++-- .../mdm/policy-csp-admx-windowsmediaplayer.md | 4 ++-- .../mdm/policy-csp-admx-windowsremotemanagement.md | 4 ++-- .../client-management/mdm/policy-csp-admx-windowsstore.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wininit.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-winlogon.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-winsrv.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wlansvc.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wordwheel.md | 4 ++-- .../mdm/policy-csp-admx-workfoldersclient.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-wpn.md | 4 ++-- .../client-management/mdm/policy-csp-applicationdefaults.md | 4 ++-- .../mdm/policy-csp-applicationmanagement.md | 4 ++-- windows/client-management/mdm/policy-csp-appruntime.md | 4 ++-- .../client-management/mdm/policy-csp-appvirtualization.md | 4 ++-- .../client-management/mdm/policy-csp-attachmentmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-audit.md | 4 ++-- windows/client-management/mdm/policy-csp-authentication.md | 4 ++-- windows/client-management/mdm/policy-csp-autoplay.md | 4 ++-- windows/client-management/mdm/policy-csp-bitlocker.md | 4 ++-- windows/client-management/mdm/policy-csp-bits.md | 4 ++-- windows/client-management/mdm/policy-csp-bluetooth.md | 4 ++-- windows/client-management/mdm/policy-csp-browser.md | 4 ++-- windows/client-management/mdm/policy-csp-camera.md | 4 ++-- windows/client-management/mdm/policy-csp-cellular.md | 4 ++-- windows/client-management/mdm/policy-csp-connectivity.md | 4 ++-- .../mdm/policy-csp-controlpolicyconflict.md | 4 ++-- .../client-management/mdm/policy-csp-credentialproviders.md | 4 ++-- .../mdm/policy-csp-credentialsdelegation.md | 4 ++-- windows/client-management/mdm/policy-csp-credentialsui.md | 4 ++-- windows/client-management/mdm/policy-csp-cryptography.md | 4 ++-- windows/client-management/mdm/policy-csp-dataprotection.md | 4 ++-- windows/client-management/mdm/policy-csp-datausage.md | 4 ++-- windows/client-management/mdm/policy-csp-defender.md | 4 ++-- .../mdm/policy-csp-deliveryoptimization.md | 4 ++-- windows/client-management/mdm/policy-csp-desktop.md | 4 ++-- windows/client-management/mdm/policy-csp-deviceguard.md | 4 ++-- .../mdm/policy-csp-devicehealthmonitoring.md | 4 ++-- .../client-management/mdm/policy-csp-deviceinstallation.md | 4 ++-- windows/client-management/mdm/policy-csp-devicelock.md | 4 ++-- windows/client-management/mdm/policy-csp-display.md | 4 ++-- windows/client-management/mdm/policy-csp-dmaguard.md | 4 ++-- windows/client-management/mdm/policy-csp-education.md | 4 ++-- .../mdm/policy-csp-enterprisecloudprint.md | 4 ++-- windows/client-management/mdm/policy-csp-errorreporting.md | 4 ++-- windows/client-management/mdm/policy-csp-eventlogservice.md | 4 ++-- windows/client-management/mdm/policy-csp-experience.md | 4 ++-- windows/client-management/mdm/policy-csp-exploitguard.md | 4 ++-- windows/client-management/mdm/policy-csp-feeds.md | 4 ++-- windows/client-management/mdm/policy-csp-fileexplorer.md | 4 ++-- windows/client-management/mdm/policy-csp-games.md | 4 ++-- windows/client-management/mdm/policy-csp-handwriting.md | 4 ++-- .../client-management/mdm/policy-csp-internetexplorer.md | 4 ++-- windows/client-management/mdm/policy-csp-kerberos.md | 4 ++-- windows/client-management/mdm/policy-csp-kioskbrowser.md | 4 ++-- .../client-management/mdm/policy-csp-lanmanworkstation.md | 4 ++-- windows/client-management/mdm/policy-csp-licensing.md | 4 ++-- .../mdm/policy-csp-localpoliciessecurityoptions.md | 4 ++-- .../client-management/mdm/policy-csp-localusersandgroups.md | 4 ++-- windows/client-management/mdm/policy-csp-lockdown.md | 4 ++-- windows/client-management/mdm/policy-csp-maps.md | 4 ++-- windows/client-management/mdm/policy-csp-messaging.md | 4 ++-- windows/client-management/mdm/policy-csp-mixedreality.md | 4 ++-- windows/client-management/mdm/policy-csp-mssecurityguide.md | 4 ++-- windows/client-management/mdm/policy-csp-msslegacy.md | 4 ++-- windows/client-management/mdm/policy-csp-multitasking.md | 4 ++-- .../client-management/mdm/policy-csp-networkisolation.md | 4 ++-- .../client-management/mdm/policy-csp-networklistmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-notifications.md | 4 ++-- windows/client-management/mdm/policy-csp-power.md | 4 ++-- windows/client-management/mdm/policy-csp-printers.md | 4 ++-- windows/client-management/mdm/policy-csp-privacy.md | 4 ++-- .../client-management/mdm/policy-csp-remoteassistance.md | 4 ++-- .../mdm/policy-csp-remotedesktopservices.md | 4 ++-- .../client-management/mdm/policy-csp-remotemanagement.md | 4 ++-- .../client-management/mdm/policy-csp-remoteprocedurecall.md | 4 ++-- windows/client-management/mdm/policy-csp-remoteshell.md | 4 ++-- .../client-management/mdm/policy-csp-restrictedgroups.md | 4 ++-- windows/client-management/mdm/policy-csp-search.md | 4 ++-- windows/client-management/mdm/policy-csp-security.md | 4 ++-- .../mdm/policy-csp-servicecontrolmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-settings.md | 4 ++-- windows/client-management/mdm/policy-csp-smartscreen.md | 4 ++-- windows/client-management/mdm/policy-csp-speech.md | 4 ++-- windows/client-management/mdm/policy-csp-start.md | 4 ++-- windows/client-management/mdm/policy-csp-storage.md | 4 ++-- windows/client-management/mdm/policy-csp-system.md | 4 ++-- windows/client-management/mdm/policy-csp-systemservices.md | 4 ++-- windows/client-management/mdm/policy-csp-taskmanager.md | 4 ++-- windows/client-management/mdm/policy-csp-taskscheduler.md | 4 ++-- windows/client-management/mdm/policy-csp-textinput.md | 4 ++-- .../mdm/policy-csp-timelanguagesettings.md | 4 ++-- windows/client-management/mdm/policy-csp-troubleshooting.md | 4 ++-- windows/client-management/mdm/policy-csp-update.md | 4 ++-- windows/client-management/mdm/policy-csp-userrights.md | 4 ++-- windows/client-management/mdm/policy-csp-wifi.md | 4 ++-- .../mdm/policy-csp-windowsconnectionmanager.md | 4 ++-- .../mdm/policy-csp-windowsdefendersecuritycenter.md | 4 ++-- .../client-management/mdm/policy-csp-windowsinkworkspace.md | 4 ++-- windows/client-management/mdm/policy-csp-windowslogon.md | 4 ++-- .../client-management/mdm/policy-csp-windowspowershell.md | 4 ++-- windows/client-management/mdm/policy-csp-windowssandbox.md | 4 ++-- windows/client-management/mdm/policy-csp-wirelessdisplay.md | 4 ++-- windows/client-management/mdm/policy-ddf-file.md | 4 ++-- windows/client-management/mdm/policymanager-csp.md | 4 ++-- windows/client-management/mdm/provisioning-csp.md | 4 ++-- windows/client-management/mdm/proxy-csp.md | 4 ++-- .../client-management/mdm/push-notification-windows-mdm.md | 4 ++-- windows/client-management/mdm/pxlogical-csp.md | 4 ++-- windows/client-management/mdm/reboot-csp.md | 4 ++-- windows/client-management/mdm/reboot-ddf-file.md | 4 ++-- windows/client-management/mdm/reclaim-seat-from-user.md | 4 ++-- ...egister-your-free-azure-active-directory-subscription.md | 4 ++-- windows/client-management/mdm/registry-csp.md | 4 ++-- windows/client-management/mdm/registry-ddf-file.md | 4 ++-- windows/client-management/mdm/remotefind-csp.md | 4 ++-- windows/client-management/mdm/remotefind-ddf-file.md | 4 ++-- windows/client-management/mdm/remotelock-csp.md | 4 ++-- windows/client-management/mdm/remotelock-ddf-file.md | 4 ++-- windows/client-management/mdm/remotering-csp.md | 4 ++-- windows/client-management/mdm/remotering-ddf-file.md | 4 ++-- windows/client-management/mdm/remotewipe-csp.md | 4 ++-- windows/client-management/mdm/remotewipe-ddf-file.md | 4 ++-- windows/client-management/mdm/reporting-csp.md | 4 ++-- windows/client-management/mdm/reporting-ddf-file.md | 4 ++-- .../mdm/rest-api-reference-windows-store-for-business.md | 4 ++-- windows/client-management/mdm/rootcacertificates-csp.md | 4 ++-- .../client-management/mdm/rootcacertificates-ddf-file.md | 4 ++-- windows/client-management/mdm/secureassessment-csp.md | 4 ++-- windows/client-management/mdm/secureassessment-ddf-file.md | 4 ++-- windows/client-management/mdm/securitypolicy-csp.md | 4 ++-- .../mdm/server-requirements-windows-mdm.md | 4 ++-- windows/client-management/mdm/sharedpc-csp.md | 4 ++-- windows/client-management/mdm/sharedpc-ddf-file.md | 4 ++-- windows/client-management/mdm/storage-csp.md | 4 ++-- windows/client-management/mdm/storage-ddf-file.md | 4 ++-- .../mdm/structure-of-oma-dm-provisioning-files.md | 4 ++-- windows/client-management/mdm/supl-csp.md | 4 ++-- windows/client-management/mdm/supl-ddf-file.md | 4 ++-- windows/client-management/mdm/surfacehub-csp.md | 4 ++-- windows/client-management/mdm/surfacehub-ddf-file.md | 4 ++-- windows/client-management/mdm/tenantlockdown-csp.md | 4 ++-- windows/client-management/mdm/tenantlockdown-ddf.md | 4 ++-- windows/client-management/mdm/tpmpolicy-csp.md | 4 ++-- windows/client-management/mdm/tpmpolicy-ddf-file.md | 4 ++-- windows/client-management/mdm/uefi-csp.md | 4 ++-- windows/client-management/mdm/uefi-ddf.md | 4 ++-- .../mdm/understanding-admx-backed-policies.md | 4 ++-- windows/client-management/mdm/unifiedwritefilter-csp.md | 4 ++-- windows/client-management/mdm/unifiedwritefilter-ddf.md | 4 ++-- windows/client-management/mdm/update-csp.md | 4 ++-- windows/client-management/mdm/update-ddf-file.md | 4 ++-- ...ing-powershell-scripting-with-the-wmi-bridge-provider.md | 4 ++-- windows/client-management/mdm/vpn-csp.md | 4 ++-- windows/client-management/mdm/vpn-ddf-file.md | 4 ++-- windows/client-management/mdm/vpnv2-csp.md | 4 ++-- windows/client-management/mdm/vpnv2-ddf-file.md | 4 ++-- windows/client-management/mdm/vpnv2-profile-xsd.md | 4 ++-- windows/client-management/mdm/w4-application-csp.md | 4 ++-- windows/client-management/mdm/w7-application-csp.md | 4 ++-- windows/client-management/mdm/wifi-csp.md | 4 ++-- windows/client-management/mdm/wifi-ddf-file.md | 4 ++-- .../mdm/win32-and-centennial-app-policy-configuration.md | 4 ++-- windows/client-management/mdm/win32appinventory-csp.md | 4 ++-- windows/client-management/mdm/win32appinventory-ddf-file.md | 4 ++-- .../mdm/win32compatibilityappraiser-csp.md | 4 ++-- .../mdm/win32compatibilityappraiser-ddf.md | 4 ++-- .../mdm/windows-mdm-enterprise-settings.md | 4 ++-- .../mdm/windowsadvancedthreatprotection-csp.md | 4 ++-- .../mdm/windowsadvancedthreatprotection-ddf.md | 4 ++-- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- .../mdm/windowsdefenderapplicationguard-ddf-file.md | 4 ++-- windows/client-management/mdm/windowslicensing-csp.md | 4 ++-- windows/client-management/mdm/windowslicensing-ddf-file.md | 4 ++-- .../client-management/mdm/windowssecurityauditing-csp.md | 4 ++-- .../mdm/windowssecurityauditing-ddf-file.md | 4 ++-- windows/client-management/mdm/wirednetwork-csp.md | 4 ++-- windows/client-management/mdm/wirednetwork-ddf-file.md | 4 ++-- .../mdm/wmi-providers-supported-in-windows.md | 4 ++-- 472 files changed, 945 insertions(+), 945 deletions(-) diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md index 2064d3d2b5..0a1e9f72a4 100644 --- a/windows/client-management/mdm/Language-pack-management-csp.md +++ b/windows/client-management/mdm/Language-pack-management-csp.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: v-nsatapathy ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 06/22/2021 --- diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 1019f10f52..5f2a7ff230 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -3,8 +3,8 @@ title: AccountManagement CSP description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/23/2018 ms.reviewer: diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md index cee08b95b0..c4c26237bc 100644 --- a/windows/client-management/mdm/accountmanagement-ddf.md +++ b/windows/client-management/mdm/accountmanagement-ddf.md @@ -3,8 +3,8 @@ title: AccountManagement DDF file description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/23/2018 ms.reviewer: diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 6861848d69..1269c2797e 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -3,8 +3,8 @@ title: Accounts CSP description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, as well as create local Windows accounts & joint them to a group. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/27/2020 ms.reviewer: diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index 0b092e2454..9d91061818 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -3,8 +3,8 @@ title: Accounts DDF file description: XML file containing the device description framework (DDF) for the Accounts configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 04/17/2018 ms.reviewer: diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index 997b74ce7b..e69eef0c44 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index 12db701db4..dae70c2133 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md index 9f78301001..740ad8289d 100644 --- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md +++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index 69dc5d3b65..26bcc2dda6 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md index fe768004be..77494eaf9f 100644 --- a/windows/client-management/mdm/alljoynmanagement-ddf.md +++ b/windows/client-management/mdm/alljoynmanagement-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md index 241c434f87..728e4dcda3 100644 --- a/windows/client-management/mdm/application-csp.md +++ b/windows/client-management/mdm/application-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index 2e205ff597..5c44ba2dc1 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -3,8 +3,8 @@ title: ApplicationControl CSP DDF description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/10/2019 --- diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index f30bf1a37b..648d9c245f 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -4,8 +4,8 @@ description: The ApplicationControl CSP allows you to manage multiple Windows De keywords: security, malware ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.reviewer: jsuther1974 ms.date: 09/10/2020 diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 7a36dce3e0..5669fcf0f8 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/19/2019 --- diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index 75a140ce62..7bde68650f 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md index 10387f8304..bf80bc1d61 100644 --- a/windows/client-management/mdm/applocker-xsd.md +++ b/windows/client-management/mdm/applocker-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index a1b5850442..ac7cb56c39 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -3,8 +3,8 @@ title: Deploy and configure App-V apps using MDM description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index 05d9380f93..74ea36df77 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 2ab139b4f3..15f4ca1e01 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2018 --- diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 385ab86816..1adb451c1c 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 02/22/2018 --- diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index dad5176518..5cdeeeac16 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp --- diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md index 2eb1dd2dee..ce25592491 100644 --- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md +++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md @@ -3,8 +3,8 @@ title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Porta description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 7bd8ee01a9..e3f6b2bd85 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -3,8 +3,8 @@ title: BitLocker CSP description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 04/16/2020 diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index df14ac7483..06e6fdd613 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -3,8 +3,8 @@ title: BitLocker DDF file description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/30/2019 diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md index 457c87e1ac..7c66f6b36e 100644 --- a/windows/client-management/mdm/bootstrap-csp.md +++ b/windows/client-management/mdm/bootstrap-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index 889eab27e9..2b8c9bbeb2 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/25/2021 --- diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index 9cb6765d7e..03804b98b6 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 1da5a31a00..d1db6d514e 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index f847b41729..38f858db4d 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md index 5cb26cdf54..1d2eebc12f 100644 --- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md +++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md index 6eddeaade7..a2df800805 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index caa3d07a7b..aa562a1b58 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 02/28/2020 --- diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index fd13e13391..da503f9902 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index 65249592e4..5b9a29b8fe 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/19/2020 diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 8a0175d5c7..9f6ac68165 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -3,8 +3,8 @@ title: CleanPC CSP description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 3d51e2242a..05259b7621 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 618d0e992b..ba1e38a584 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/30/2021 --- diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index 6de4b2db7f..ad299e4113 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index e0eef687f1..86249500e8 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/02/2017 --- diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index b2de30efbe..e80738a3a6 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index d3fa9cd287..915cebffad 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index c59953d4c8..fa38c9cc33 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index ef69c3172a..d0ca95bb1d 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 03c8464977..5afaaf3964 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 --- diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 2405034726..7a4eb3b5e1 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index e66f875de4..40621f8a86 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 6e4d77d0e9..08bbde9554 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 7278050a4f..88a8764d74 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/04/2021 diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 3f37557638..0857903bb8 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 07/23/2021 diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 6bc0c0180c..f112f4abe8 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/27/2020 --- diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index fd5d1b65bf..29a697c6d8 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/03/2020 --- diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index a16a244d6f..b27c178d3c 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2018 --- diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index ff781e795b..13d4a19b6a 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index dc5e40a6eb..1111764674 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -7,8 +7,8 @@ manager: dansimp keywords: mdm,management,administrator ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/15/2017 --- diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md index 1410a7983d..e3e30bf041 100644 --- a/windows/client-management/mdm/deviceinstanceservice-csp.md +++ b/windows/client-management/mdm/deviceinstanceservice-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index e8e34b65cc..c913b4dff5 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index fcc1f0a8e1..32da74c5a2 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index e4ea1dfb9e..c964ed065c 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index 3a78d54b4a..ca69075d3a 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 389830eebf..677d631acb 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/25/2021 --- diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 06c40e8b1f..4b820066f6 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/12/2018 --- diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index 760657a9ab..670c0d736e 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index 9b67950320..3cf4154682 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 8ded6bad79..b928eeec72 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/25/2018 --- diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index bc807b554d..fb9c555681 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/19/2019 --- diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 4c7aa1da2e..0f25053a37 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index 06bf54d96f..a9e4996ee9 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 973955e073..9b4f0785ff 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 5dbeb9c0cd..2d1d256133 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index a1d070eedf..7700e96c04 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index c5615a37ff..9121cdc2b4 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index f49c1634b9..1e95f549b9 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -16,8 +16,8 @@ api_type: - DllExport ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md index 3685b53c7f..e37075e180 100644 --- a/windows/client-management/mdm/dmsessionactions-csp.md +++ b/windows/client-management/mdm/dmsessionactions-csp.md @@ -3,8 +3,8 @@ title: DMSessionActions CSP description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low-power state. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md index b3216363fe..7cebc030ce 100644 --- a/windows/client-management/mdm/dmsessionactions-ddf.md +++ b/windows/client-management/mdm/dmsessionactions-ddf.md @@ -3,8 +3,8 @@ title: DMSessionActions DDF file description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 92395a6a48..bbf84c8105 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -3,8 +3,8 @@ title: DynamicManagement CSP description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index dbdec53e5f..5bf20a535b 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index fd56c44b72..37f0269edb 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index 8bd6dc68c9..d0a213f372 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index 927665515a..11c6ba0946 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index 3e6626c547..2ab4830667 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -3,8 +3,8 @@ title: Enable ADMX policies in MDM description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 11/01/2017 diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md index ee3f4f4deb..9bc5d3ad58 100644 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index b847d1b9a3..404bb322bd 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -3,8 +3,8 @@ title: Enroll a Windows 10 device automatically using Group Policy description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/14/2021 ms.reviewer: @@ -289,7 +289,7 @@ To collect Event Viewer logs: - [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11)) - [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11)) - [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) -- [Getting started with Cloud Native Windows Endpoints](https://docs.microsoft.com/mem/cloud-native-windows-endpoints) +- [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints) - [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684) - [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353) diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md index c13f5a7bca..75870e43e0 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -3,8 +3,8 @@ title: EnrollmentStatusTracking DDF description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 05/17/2019 --- diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md index 782e5fd968..3b4e865ccb 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -3,8 +3,8 @@ title: EnrollmentStatusTracking CSP description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 05/21/2019 --- diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index b44572b247..0f51e05177 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/04/2021 --- diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index e0938ded56..2b50af966e 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index 79aba7696f..60e6f5ba4a 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index cc3969ec26..4ee1bec98a 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index 90c75f7797..5833aa9062 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -3,8 +3,8 @@ title: EnterpriseAppVManagement CSP description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md index 8b8c46d5d6..1c18aff981 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md @@ -3,8 +3,8 @@ title: EnterpriseAppVManagement DDF file description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 6fa05c72c8..0cb5263329 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/12/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md index fd84f5628f..07c553f82a 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md index afcb4abeb4..e92dc7393a 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index fa824ab557..e4ccd8c930 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/09/2017 --- diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index f3f75b02b8..88a7fa3127 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 756efa9433..e50f790c21 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/11/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index 185aaff749..329d5cb253 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 944a5e7700..097a08b4f8 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md index 3f80902e75..7f3b2f1e9e 100644 --- a/windows/client-management/mdm/enterpriseext-csp.md +++ b/windows/client-management/mdm/enterpriseext-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md index 1eaff1c2be..a5f3dfb274 100644 --- a/windows/client-management/mdm/enterpriseext-ddf.md +++ b/windows/client-management/mdm/enterpriseext-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilessystem-csp.md b/windows/client-management/mdm/enterpriseextfilessystem-csp.md index 10e6185c86..335caebb7d 100644 --- a/windows/client-management/mdm/enterpriseextfilessystem-csp.md +++ b/windows/client-management/mdm/enterpriseextfilessystem-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md index 5ba036b46f..f910743b9b 100644 --- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md +++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 6da20c0ec6..a34adf1f35 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/27/2019 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 4220b8a7cb..4ffad48863 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/01/2019 --- diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index d8f4b9a7aa..53de7e899e 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 722eab0bbb..3ac910ac33 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -3,8 +3,8 @@ title: eUICCs CSP description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/02/2018 ms.reviewer: diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index df25c69f74..1649e9b5ca 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/02/2018 --- diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 20f41cf789..10f6379ffd 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/28/2017 --- diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md index f8abd8bdf4..5c9fd56269 100644 --- a/windows/client-management/mdm/filesystem-csp.md +++ b/windows/client-management/mdm/filesystem-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 0c1850580c..25d07c386f 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -3,8 +3,8 @@ title: Firewall CSP description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 01/26/2018 ms.reviewer: diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index 6a44d17fb6..fa54a62a29 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -3,8 +3,8 @@ title: Firewall DDF file description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index ea3ec8c560..c2563f5a56 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 09d579ab79..54d1029e0a 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/07/2020 --- diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 61ebfd7682..d936dd4d33 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index 8532bbf07a..b38de9d339 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 347709bd57..7b902b2563 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 34ec801669..25e2ff504d 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 8359ed42f5..cc24fe17fd 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 1f5e8d33c8..1b04f9477c 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index 2ac228376e..1b38a322c1 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 5932097759..32bdbb1eca 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: --- diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index 116bdf9eeb..6272e91bf1 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md index 1f25898cba..8096ca3c4a 100644 --- a/windows/client-management/mdm/hotspot-csp.md +++ b/windows/client-management/mdm/hotspot-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index 2411905da6..68633b48af 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -3,8 +3,8 @@ title: Implement server-side support for mobile application management on Window description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 896d8a0262..792bdcb30c 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -7,8 +7,8 @@ MS-HAID: ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp --- diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index d17ca6923f..b72d83f803 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/27/2017 --- diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md index b601c8de59..aa5eed4990 100644 --- a/windows/client-management/mdm/maps-csp.md +++ b/windows/client-management/mdm/maps-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md index 35b55d0541..0db7720713 100644 --- a/windows/client-management/mdm/maps-ddf-file.md +++ b/windows/client-management/mdm/maps-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md index 32c30f58a8..ab72e127bc 100644 --- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md +++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp --- diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md index 07e1e0a427..b50647fabd 100644 --- a/windows/client-management/mdm/messaging-csp.md +++ b/windows/client-management/mdm/messaging-csp.md @@ -3,8 +3,8 @@ title: Messaging CSP description: Use the Messaging configuration service provider (CSP) to configure the ability to get text messages audited on a mobile device. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md index 53ca2ffa62..efdad0e72a 100644 --- a/windows/client-management/mdm/messaging-ddf.md +++ b/windows/client-management/mdm/messaging-ddf.md @@ -3,8 +3,8 @@ title: Messaging DDF file description: Utilize the OMA DM device description framework (DDF) for the Messaging configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md index 36aacd527b..7b69d2664e 100644 --- a/windows/client-management/mdm/mobile-device-enrollment.md +++ b/windows/client-management/mdm/mobile-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/11/2017 --- diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index a3c728cedf..aa2284255f 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -3,8 +3,8 @@ title: MultiSIM CSP description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/22/2018 ms.reviewer: diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index a2a15b7270..18b9586283 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -3,8 +3,8 @@ title: MultiSIM DDF file description: XML file containing the device description framework for the MultiSIM configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 02/27/2018 ms.reviewer: diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index 851bb15498..c73315fd7b 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index 17956e7b14..1eeab0c919 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 34b7bd5a29..b27fb3fd10 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -3,8 +3,8 @@ title: NetworkProxy CSP description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/29/2018 ms.reviewer: diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index ad85325f3d..2b5f2798f2 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -3,8 +3,8 @@ title: NetworkProxy DDF file description: AppNetworkProxyLocker DDF file ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 16f73ee265..4bb48606e7 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -3,8 +3,8 @@ title: NetworkQoSPolicy CSP description: he NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 04/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 4a5a4f7c73..379f5051ca 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index f251959e71..a982810497 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/20/2020 diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index fb90ab38bf..4ac44047b0 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index a2a932cf3c..0e15800f30 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index a27648894f..7467fc2259 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -3,8 +3,8 @@ title: Office CSP description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/15/2018 ms.reviewer: diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index bf80dd8d38..dedda7070e 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index f6748fc8cf..603391cae0 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md index 281e6a417c..97f5528a43 100644 --- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 3a51fc5175..bea182054a 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/19/2019 --- diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 2a3c658341..c8bf22bdf1 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/29/2019 --- diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 70a0e8e468..67b7f88ce5 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -3,8 +3,8 @@ title: Personalization CSP description: Use the Personalization CSP to lock screen and desktop background images, prevent users from changing the image, and use the settings in a provisioning package. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 ms.reviewer: diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index 37810076b7..bc7605048f 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -3,8 +3,8 @@ title: Personalization DDF file description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 9001dfc01d..deb8e8e4aa 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/08/2020 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 09128a9411..86d72e7cfe 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md index f793fee9c0..c4bd9e3c6b 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/17/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md index 744468664a..f2ee79c529 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 931bac4d55..debcf03dc5 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/11/2021 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md index 1b38215155..c06fa67c0e 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/16/2019 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index bcfd5e7688..9bd0f0dee9 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 07/22/2020 diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md index 3622a69d69..774b575293 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md +++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md @@ -5,8 +5,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 8f7499e34a..b64391c88d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 07/18/2019 diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 6f87ece50a..e09e5efa8a 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -4,8 +4,8 @@ description: Learn the various AboveLock Policy configuration service provider ( ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 61cf60f3e2..1385874829 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -4,8 +4,8 @@ description: Learn about the Policy configuration service provider (CSP). This a ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index f1193559b0..7bc65e334c 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -4,8 +4,8 @@ description: Learn about various Policy configuration service provider (CSP) ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/27/2019 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index b230bafa37..ebe473f593 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ActiveXInstallService ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index f33d67d795..7143f8ad61 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -3,8 +3,8 @@ title: Policy CSP - ADMX_AddRemovePrograms description: Policy CSP - ADMX_AddRemovePrograms ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 08/13/2020 diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md index bbdf162b96..4d4264cc9b 100644 --- a/windows/client-management/mdm/policy-csp-admx-admpwd.md +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AdmPwd ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index f72ca58f9e..2338cbd63e 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -3,8 +3,8 @@ title: Policy CSP - ADMX_AppCompat description: Policy CSP - ADMX_AppCompat ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 08/20/2020 diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index d8f406da87..d889eb4ea7 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AppxPackageManager ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index b576ac05ef..49ff8eace1 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AppXRuntime ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 7464079b65..0b71855d04 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AttachmentManager ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index bb170ebdab..7d40b2632b 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_AuditSettings ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 4b9879101a..aec2fe0ffa 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Bits ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/20/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 670e7c578f..a4b456c682 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CipherSuiteOrder ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index f5e37d2bc5..b0094983e9 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_COM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 1bcd8be9e3..0425047778 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ControlPanel ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/05/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index 7ae17f37e8..517218e581 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ControlPanelDisplay ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/05/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 6b86b9df05..a6924984ac 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Cpls ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index f51e026348..81dd512aaa 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CredentialProviders ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/11/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index f46cf81e91..2ecf1715b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CredSsp ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index ac2e35856f..b8a1ab0bae 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CredUI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 97cc95cbb2..395d2738e7 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_CtrlAltDel ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index c000bba436..28d8fe5439 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DataCollection ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index b9c172c279..fa77b55d96 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DCOM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 2eabaaeae1..68bbd701c0 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Desktop ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md index 4a166f819a..88df6490ae 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md +++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceCompat ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 08/09/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 5fb3b1ab0d..74afda486a 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceGuard ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index a3134467f0..559c9ff320 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceInstallation ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/19/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index b10baa9f1f..1e5a2c0ce4 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DeviceSetup ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/19/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index 78b587bb3b..c025b09145 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DFS ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index f0e0a8c94b..eb6926ccef 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DigitalLocker ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/31/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 31344daab3..7efb339a88 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DiskDiagnostic ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/08/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index fc78b3e067..5bb3a895e1 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DiskNVCache ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index 1454ba448e..6b395eec68 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DiskQuota ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 9c0df6db20..f4194701bf 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DistributedLinkTracking ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index b232d9d0d1..3cae285cc1 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DnsClient ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 9811c29121..d25621ab65 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_DWM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/31/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 91cb030ac3..23ee2a90c8 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EAIME ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/19/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index a7ff7d4d68..974ace23ee 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EncryptFilesonMove ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index a692e4fcb6..35ae7ac109 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EnhancedStorage ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 6c20f1ec4f..1d3ce2e001 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ErrorReporting ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index a921c26306..d23ef68b4a 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventForwarding ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 8b72a00ae5..6617ac4a11 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventLog ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index 983cdbe5e3..84d624e398 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventLogging ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/12/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md index 26f2fa6a2c..24b04c49de 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md +++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_EventViewer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/13/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index ee681f3950..f2f97e6a80 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Explorer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index 1ab631b4cf..dba6105052 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -3,8 +3,8 @@ title: Policy CSP - ADMX_ExternalBoot description: Policy CSP - ADMX_ExternalBoot ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.localizationpriority: medium ms.date: 09/13/2021 diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index 17a19242ab..22f06afcb7 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileRecovery ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/24/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index 03ad661e6f..3f574460e8 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileRevocation ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/13/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 3e70ab2db6..8916150926 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileServerVSSProvider ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 0c331c52ac..675e79f6bc 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FileSys ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 1c7cdd35b3..ead6b00caf 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FolderRedirection ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index 5fba79297b..57354ebe62 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FramePanes ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/14/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index 4ff08618e2..7d8f37dd58 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_FTHSVC ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/15/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 59277faada..ec01b9bb08 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Globalization ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 689bd456e8..a67a64de4b 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_GroupPolicy ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 0a6efc8504..65c3afcfd6 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Help ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index efecd9ba90..06e3a0f448 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_HelpAndSupport ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index 5b2c2c2661..23fdd62c9a 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_HotSpotAuth ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/15/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index d66680774a..5ac862b290 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ICM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index 4f758838e7..6cda2222f1 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_IIS ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/17/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index 81bbae3e7a..744c21d1e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_iSCSI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 0c1cd5e5c1..f268548866 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_kdc ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 4bab0e260f..d30ae69c99 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Kerberos ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/12/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 119bebf9a2..c9ef3bb1dc 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LanmanServer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 92f095b1b3..8d1856a2a0 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LanmanWorkstation ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index d7dfbcd40b..fbaa926485 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LeakDiagnostic ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/17/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index 9bbf28b095..497ca00e0a 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LinkLayerTopologyDiscovery ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/04/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index a1cd92bfab..c1280d5f04 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_LocationProviderAdm ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index b3eb5daa6c..95484c89f5 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Logon ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index b99af194f0..ef9f443b50 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MicrosoftDefenderAntivirus ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/02/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 484a50f29c..28c6fc0959 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MMC ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/03/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 5e6ed7ab8f..46a44141fc 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MMCSnapins ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index 746c4fdeb0..ee4176f585 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MobilePCMobilityCenter ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index d09c9e9644..afa84fef27 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MobilePCPresentationSettings ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index 2c60d94cb6..29b1313201 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MSAPolicy ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index 431ea56c91..84eddef0f4 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_msched ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 5c8853de78..261bd49b2b 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MSDT ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 8c1b404e98..b42a72ea2c 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MSI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index 4f1cbd30c2..ca757d87c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_MsiFileRecovery ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 1f94a79c74..e8d1f0f26a 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_nca ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 975b877da8..5c19447ee1 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_NCSI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 30b35011e4..0b58689b39 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Netlogon ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/15/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 8f15ec2637..279dd0bc72 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_NetworkConnections ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index a8a77637c2..cf0d856520 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_OfflineFiles ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index df7088e5da..1ec34c4edd 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_pca ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/20/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index 10a0691b43..66dd12db0f 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PeerToPeerCaching ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index 81f940edb7..ac2ff604c8 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PenTraining ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index a9c0eb4eeb..8775d15a71 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PerformanceDiagnostics ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 4b33f249f2..83edc7b5b7 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Power ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 1812912a63..79ea073654 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PowerShellExecutionPolicy ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index f874baf165..874094fcf9 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PreviousVersions ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 65b6dea578..3a9121e625 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Printing ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/15/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index d143b2db00..1fc6a32e78 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Printing2 ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/15/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index e50c514004..b3c0e189c5 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Programs ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index f61cc0beed..39dcc522ce 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PushToInstall ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index e8f7c72b68..5d2321cb9e 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Radar ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 0aba32f919..dbbf31c1fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Reliability ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 061e6dbdaa..bf8a8fac47 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_RemoteAssistance ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/14/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 1fa70e6de3..d8b13a375d 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_RemovableStorage ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/10/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 99ffd49896..1d16436565 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_RPC ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/08/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 18f1dd991d..af8a99b535 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Scripts ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index cf9c39a4e3..dd9eca0c63 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_sdiageng ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index fde7dbd784..8ec585a089 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_sdiagschd ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/17/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index a72cbd7f8b..61fddbb09a 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Securitycenter ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index ba2edb8544..a19d3fbbaa 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Sensors ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index dda7e742bc..32c49431ec 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ServerManager ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index e016737ad9..23c0487f49 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Servicing ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 2cf1f3058c..f169e06c6b 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SettingSync ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index f66b8da2e0..087cf9f451 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SharedFolders ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index bcf6ecac2a..1338ba9640 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Sharing ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/21/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index eedeff30a9..be22c7fb52 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_ShellCommandPromptRegEditTools ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index b0422c380f..6a2f4d8e7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Smartcard ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 2a7ccc21a9..9dfa7edca6 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Snmp ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/24/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index 2d3b3f2438..d99666f6dd 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SoundRec ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/01/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index de2231cdc5..e3cb25205c 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_srmfci ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 26372c41d2..1e6b14aa5d 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_StartMenu ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/20/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index aa45e18469..5b2d5ebf21 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_SystemRestore ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index fa707d47fe..f5c070a342 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TabletShell ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 3ded2647d5..a436d488ba 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Taskbar ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 39eec8cfbc..c6981e4f94 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_tcpip ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index c49ec2e57e..9d55f3670c 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TerminalServer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 3e13e605d4..0aeb4000b8 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Thumbnails ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/25/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index 54c44ce833..bbe89f0517 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TouchInput ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index 3642c86136..8cbacd8f82 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_TPM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/25/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index efaab4d897..e0e28f1fb9 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_UserExperienceVirtualization ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/30/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index 3e8bffc257..b54a789396 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_UserProfiles ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/11/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index ea68d694af..43bb4b5cde 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_W32Time ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/28/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index dc3eca8ea1..d56579d95f 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WCM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/22/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index a88dc2a7a5..06ca4ce469 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WDI ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 24bd7480ee..19c7e15bb6 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WinCal ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/28/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index 22382849ad..cf45ef1a9c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsColorSystem ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/27/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index cd88b47a11..304e791dbe 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsConnectNow ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/28/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 02566d04f8..01aecdf708 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsExplorer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/29/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 9272c9674a..aa63ba37fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsMediaDRM ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 445182e875..863a330b12 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsMediaPlayer ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index d9eabbe87e..b23cbda586 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsRemoteManagement ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/16/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index ec73e46f1f..17e88d1e8d 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WindowsStore ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/26/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 1fd0f316e0..f87d860032 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WinInit ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/29/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 7472277fad..b7bbda4fd5 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WinLogon ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/09/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index 4ea30adbcc..1dd89acdba 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Winsrv ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 02/25/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 6a9a269b22..6a57035db2 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_wlansvc ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/27/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md index fe44845c50..d66b03aaee 100644 --- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WordWheel ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 5105429604..35838e210e 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WorkFoldersClient ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.date: 09/22/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index ca2942f661..d64eeea4aa 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -4,8 +4,8 @@ description: Policy CSP - ADMX_WPN ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/13/2020 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index fd97c5209c..d4418037aa 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -3,8 +3,8 @@ title: Policy CSP - ApplicationDefaults description: Learn about various Policy configuration service providers (CSP) - ApplicationDefaults, including SyncML, for Windows 10. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index cc10a876df..c392fb5644 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -3,8 +3,8 @@ title: Policy CSP - ApplicationManagement description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 02/11/2020 diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 22b203b808..71d58cebd9 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -3,8 +3,8 @@ title: Policy CSP - AppRuntime description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 81acc11f99..571d7da1ef 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -3,8 +3,8 @@ title: Policy CSP - AppVirtualization description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 2c9bc1ffaa..62733de30b 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - AttachmentManager description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index a676ade4a4..a07c85d08b 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -3,8 +3,8 @@ title: Policy CSP - Audit description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't sign in to a computer because the account is locked out. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index e2f6e46337..0b22776f4d 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -3,8 +3,8 @@ title: Policy CSP - Authentication description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign in screen. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.reviewer: bobgil diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index af9c1637c7..87f04d8005 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -3,8 +3,8 @@ title: Policy CSP - Autoplay description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index b93f270728..2f3a18ab46 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -3,8 +3,8 @@ title: Policy CSP - Bitlocker description: Use the Policy configuration service provider (CSP) - Bitlocker to manage encryption of PCs and devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 87c89649e7..4bbf8770ba 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -3,8 +3,8 @@ title: Policy CSP - BITS description: Use StartTime, EndTime and Transfer rate together to define the BITS bandwidth-throttling schedule and transfer rate. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index b8bf07d53e..4e6b1b838e 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -3,8 +3,8 @@ title: Policy CSP - Bluetooth description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 02/12/2020 diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index c9bfdba0ca..adb1bec8af 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -2,8 +2,8 @@ title: Policy CSP - Browser description: Learn how to use the Policy CSP - Browser settings so you can configure Microsoft Edge browser, version 45 and earlier. ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.author: dansimp ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 72b2422370..3254751b45 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -3,8 +3,8 @@ title: Policy CSP - Camera description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 4d3b0273fc..544b5c8877 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -3,8 +3,8 @@ title: Policy CSP - Cellular description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index e47faa64e4..b8f16c731f 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -3,8 +3,8 @@ title: Policy CSP - Connectivity description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 754b6510fc..f9aea239a4 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -3,8 +3,8 @@ title: Policy CSP - ControlPolicyConflict description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 2d476345c1..13af8d37f1 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -3,8 +3,8 @@ title: Policy CSP - CredentialProviders description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index f7fd75c449..451d5ed1c7 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -3,8 +3,8 @@ title: Policy CSP - CredentialsDelegation description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 9d74d8dbfe..51a987db86 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -3,8 +3,8 @@ title: Policy CSP - CredentialsUI description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index bd5f94a030..7ac77e2790 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -3,8 +3,8 @@ title: Policy CSP - Cryptography description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 3287e3c42b..e96e2c6a85 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -3,8 +3,8 @@ title: Policy CSP - DataProtection description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index d5258e4c21..9a935b0e93 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -3,8 +3,8 @@ title: Policy CSP - DataUsage description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index c78ddfc8e2..67ba791737 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -3,8 +3,8 @@ title: Policy CSP - Defender description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 01/08/2020 diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 1e785fcf05..f8bafceef9 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -3,8 +3,8 @@ title: Policy CSP - DeliveryOptimization description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 06/09/2020 diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 910e88d4db..3ba8de7a3c 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -3,8 +3,8 @@ title: Policy CSP - Desktop description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 54e318a75b..5611eda6bf 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -3,8 +3,8 @@ title: Policy CSP - DeviceGuard description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index 8b8c9d71b8..d239e3927f 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -3,8 +3,8 @@ title: Policy CSP - DeviceHealthMonitoring description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index e5b9038a9d..e2666d017c 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,8 +6,8 @@ description: Use the Policy CSP - DeviceInstallation setting to specify a list o ms.author: dansimp ms.date: 09/27/2019 ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium --- diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 06fd224de3..074c4b278c 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -3,8 +3,8 @@ title: Policy CSP - DeviceLock description: Learn how to use the Policy CSP - DeviceLock setting to specify whether the user must input a PIN or password when the device resumes from an idle state. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index d160e2befa..3d55b9fa5e 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -3,8 +3,8 @@ title: Policy CSP - Display description: Learn how to use the Policy CSP - Display setting to disable Per-Process System DPI for a semicolon-separated list of applications. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index eac4efa9b1..3366eaab90 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -3,8 +3,8 @@ title: Policy CSP - DmaGuard description: Learn how to use the Policy CSP - DmaGuard setting to provide additional security against external DMA capable devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index d8f65eca55..aa95761efc 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -3,8 +3,8 @@ title: Policy CSP - Education description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index a4d0b77658..a095795bed 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -3,8 +3,8 @@ title: Policy CSP - EnterpriseCloudPrint description: Use the Policy CSP - EnterpriseCloudPrint setting to define the maximum number of printers that should be queried from a discovery end point. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 0343891164..da6acbd4c5 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -3,8 +3,8 @@ title: Policy CSP - ErrorReporting description: Learn how to use the Policy CSP - ErrorReporting setting to determine the consent behavior of Windows Error Reporting for specific event types. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 2c119d726c..eb0173d688 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -3,8 +3,8 @@ title: Policy CSP - EventLogService description: Learn how to use the Policy CSP - EventLogService settting to control Event Log behavior when the log file reaches its maximum size. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index b59a08e6bd..e890756f9c 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -3,8 +3,8 @@ title: Policy CSP - Experience description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 11/02/2020 diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 48f49f243c..9ccc806bac 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -3,8 +3,8 @@ title: Policy CSP - ExploitGuard description: Use the Policy CSP - ExploitGuard setting to push out the desired system configuration and application mitigation options to all the devices in the organization. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md index b32629baa7..0f683d9be9 100644 --- a/windows/client-management/mdm/policy-csp-feeds.md +++ b/windows/client-management/mdm/policy-csp-feeds.md @@ -3,8 +3,8 @@ title: Policy CSP - Feeds description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device. ms.author: v-nsatapathy ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.localizationpriority: medium ms.date: 09/17/2021 diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index c923c5d948..37afbaf0e3 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -3,8 +3,8 @@ title: Policy CSP - FileExplorer description: Use the Policy CSP - FileExplorer setting so you can allow certain legacy plug-in applications to function without terminating Explorer. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 76dd5be77e..f589197c32 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -3,8 +3,8 @@ title: Policy CSP - Games description: Learn to use the Policy CSP - Games setting so that you can specify whether advanced gaming services can be used. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 0195d9d2b9..c45e41de1d 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -3,8 +3,8 @@ title: Policy CSP - Handwriting description: Use the Policy CSP - Handwriting setting to allow an enterprise to configure the default mode for the handwriting panel. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 3b2be09af5..df389346d7 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -3,8 +3,8 @@ title: Policy CSP - InternetExplorer description: Use the Policy CSP - InternetExplorer setting to add a specific list of search providers to the user's default list of search providers. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 4c2acf2f1f..89eb1f7b20 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -3,8 +3,8 @@ title: Policy CSP - Kerberos description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 797c959695..a6bdce7291 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -3,8 +3,8 @@ title: Policy CSP - KioskBrowser description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 9a8bf1b3de..7f386b9cc3 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -3,8 +3,8 @@ title: Policy CSP - LanmanWorkstation description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest logons to an SMB server. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index e952a31698..af9e87216f 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -3,8 +3,8 @@ title: Policy CSP - Licensing description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 60c34760ac..c14e27b61c 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -3,8 +3,8 @@ title: Policy CSP - LocalPoliciesSecurityOptions description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/29/2021 diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index e0917ea90a..a2698420c0 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -3,8 +3,8 @@ title: Policy CSP - LocalUsersAndGroups description: Policy CSP - LocalUsersAndGroups ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/14/2020 diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index e2524364e2..3ed99b5df4 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -3,8 +3,8 @@ title: Policy CSP - LockDown description: Use the Policy CSP - LockDown setting to allow the user to invoke any system user interface by swiping in from any screen edge using touch. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index a2b20f4e9a..8ff192350f 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -3,8 +3,8 @@ title: Policy CSP - Maps description: Use the Policy CSP - Maps setting to allow the download and update of map data over metered connections. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index a2322e315e..343c7c84c8 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -3,8 +3,8 @@ title: Policy CSP - Messaging description: Enable, and disable, text message back up and restore as well as Messaging Everywhere by using the Policy CSP for messaging. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 4ddb8420c4..4c3f4a6914 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -4,8 +4,8 @@ description: Policy CSP - MixedReality ms.author: dansimp ms.localizationpriority: medium ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/12/2021 ms.reviewer: diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index c6c9f4dc6c..1839ed3348 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -3,8 +3,8 @@ title: Policy CSP - MSSecurityGuide description: Learn how Policy CSP - MSSecurityGuide, an ADMX-backed policy, requires a special SyncML format to enable or disable. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index 75e878dfcd..a675cc8f7d 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -3,8 +3,8 @@ title: Policy CSP - MSSLegacy description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index 724c915cd2..3b9094954e 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -3,8 +3,8 @@ title: Policy CSP - Multitasking description: Policy CSP - Multitasking ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/30/2020 diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 0d1ded35d6..f008ad3229 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -3,8 +3,8 @@ title: Policy CSP - NetworkIsolation description: Learn how Policy CSP - NetworkIsolation contains a list of Enterprise resource domains hosted in the cloud that need to be protected. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 202bd8f2d5..955af06501 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - NetworkListManager description: The Policy CSP - NetworkListManager setting creates a new MDM policy that allows admins to configure a list of URIs of HTTPS endpoints that are considered secure. ms.author: v-nsatapathy ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: nimishasatapathy ms.localizationpriority: medium ms.date: 7/10/2021 diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index e6c8b94e2e..df1cca2b63 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -3,8 +3,8 @@ title: Policy CSP - Notifications description: Block applications from using the network to send tile, badge, toast, and raw notifications for Policy CSP - Notifications. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index e3a90c8d49..57604b4112 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -3,8 +3,8 @@ title: Policy CSP - Power description: Learn how the Policy CSP - Power setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 31838c3e8d..ea6e927fc0 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -3,8 +3,8 @@ title: Policy CSP - Printers description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index ed6b992d77..feb8c89376 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -3,8 +3,8 @@ title: Policy CSP - Privacy description: Learn how the Policy CSP - Privacy setting allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index a5d1734ebe..ba51be6110 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteAssistance description: Learn how the Policy CSP - RemoteAssistance setting allows you to specify a custom message to display. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 60313b8a8b..926af5a6f6 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteDesktopServices description: Learn how the Policy CSP - RemoteDesktopServices setting allows you to configure remote access to computers by using Remote Desktop Services. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 2c3f55e5c6..6b48c69941 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteManagement description: Learn how the Policy CSP - RemoteManagement setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 324f83e65c..b11c852eb4 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteProcedureCall description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they are making contains authentication information. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index f6298cfc0e..9c77e7f33a 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -3,8 +3,8 @@ title: Policy CSP - RemoteShell description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 6a1f2a4c55..bb29332e78 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -3,8 +3,8 @@ title: Policy CSP - RestrictedGroups description: Learn how the Policy CSP - RestrictedGroups setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 04/07/2020 diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index cf795c1d08..3dd9e4c714 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -3,8 +3,8 @@ title: Policy CSP - Search description: Learn how the Policy CSP - Search setting allows search and Cortana to search cloud sources like OneDrive and SharePoint. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 02/12/2021 diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 8046000b1b..c37aba43be 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -3,8 +3,8 @@ title: Policy CSP - Security description: Learn how the Policy CSP - Security setting can specify whether to allow the runtime configuration agent to install provisioning packages. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index 52d8f40a08..accdd88186 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - ServiceControlManager description: Learn how the Policy CSP - ServiceControlManager setting enables process mitigation options on svchost.exe processes. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: Heidilohr ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index bb6639afa9..5aa70f3723 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -3,8 +3,8 @@ title: Policy CSP - Settings description: Learn how to use the Policy CSP - Settings setting so that you can allow the user to change Auto Play settings. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 24e3616a8b..638b9ebbfd 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -3,8 +3,8 @@ title: Policy CSP - SmartScreen description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 8f5a27a6be..744be7bf54 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -3,8 +3,8 @@ title: Policy CSP - Speech description: Learn how the Policy CSP - Speech setting specifies whether the device will receive updates to the speech recognition and speech synthesis models. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index f9c4600794..1b32d03efe 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -3,8 +3,8 @@ title: Policy CSP - Start description: Use the Policy CSP - Start setting to control the visibility of the Documents shortcut on the Start menu. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 609c56d0fb..3ec22d5869 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -3,8 +3,8 @@ title: Policy CSP - Storage description: Learn to use the Policy CSP - Storage settings to automatically clean some of the user’s files to free up disk space. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 74910d2bde..afabf967e9 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -3,8 +3,8 @@ title: Policy CSP - System description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 08/26/2021 diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index f3735f4e4f..5b735c14ae 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -3,8 +3,8 @@ title: Policy CSP - SystemServices description: Learn how to use the Policy CSP - SystemServices setting to determine whether the service's start type is Automatic(2), Manual(3), Disabled(4). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 0ac548d25d..eae7a796b8 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - TaskManager description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 3daaf92f03..174061d4ca 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -3,8 +3,8 @@ title: Policy CSP - TaskScheduler description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index d0b1ebce9b..2663fdd7bb 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -3,8 +3,8 @@ title: Policy CSP - TextInput description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 452ebac7a5..56745874f3 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -3,8 +3,8 @@ title: Policy CSP - TimeLanguageSettings description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/28/2021 diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index c07ac0034e..41deff6293 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -3,8 +3,8 @@ title: Policy CSP - Troubleshooting description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: MariciaAlforque ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 287df81471..75db120a5c 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3,8 +3,8 @@ title: Policy CSP - Update description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 11/03/2020 diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index d6399b3c29..aa4b8348eb 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -3,8 +3,8 @@ title: Policy CSP - UserRights description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 35c501cd84..1e1d6de1e3 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -3,8 +3,8 @@ title: Policy CSP - Wifi description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 5b53b17711..8a5ecb52d6 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsConnectionManager description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 96802ce5ed..66671ccfdf 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsDefenderSecurityCenter description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 02a676f201..68fcca362e 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsInkWorkspace description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 2712c5ecf7..f00cec5360 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsLogon description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index 2c288f1fc9..c0fc6439e6 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsPowerShell description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 7be90f4bd3..cb7e9c71ec 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -3,8 +3,8 @@ title: Policy CSP - WindowsSandbox description: Policy CSP - WindowsSandbox ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/14/2020 diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index ed39e72d22..f9519ffd03 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -3,8 +3,8 @@ title: Policy CSP - WirelessDisplay description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 09/27/2019 diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index df9e380d5d..4294786148 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.localizationpriority: medium ms.date: 10/28/2020 diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md index bf8030439e..903e9b2279 100644 --- a/windows/client-management/mdm/policymanager-csp.md +++ b/windows/client-management/mdm/policymanager-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/28/2017 --- diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 374211baf5..6e19fc3072 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index c3f6a1425a..8cea583448 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index 58191d9e4c..13294f3ce5 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/22/2017 --- diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index 304f68e218..b8824c990b 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 29f60b6588..95d4d915de 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index e59a647a46..aa6d711c71 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index 25bb833d31..32cf3603c3 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 05/05/2020 --- diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index d4711e38f5..f799b48992 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 1b24fb4c81..b4871a4406 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md index 50b76045c8..61b54cc6cb 100644 --- a/windows/client-management/mdm/registry-ddf-file.md +++ b/windows/client-management/mdm/registry-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 0bf2d3475e..c559340720 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index 1e69edaddd..e6b61e9477 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index 691c1b0048..9c556c1906 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md index 1bb82217f8..ade9d84d3e 100644 --- a/windows/client-management/mdm/remotelock-ddf-file.md +++ b/windows/client-management/mdm/remotelock-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index b6eaee7239..548923b5fe 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md index 63f37480f6..763d8b6a90 100644 --- a/windows/client-management/mdm/remotering-ddf-file.md +++ b/windows/client-management/mdm/remotering-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index dae5086aec..3b2af238ea 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index 29eac57387..b423d893d9 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2018 --- diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 05132f0e72..bd1d4ec925 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index ef1a7cc4f2..d5d716e6bb 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index 03f641e9be..db7f1cc835 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/18/2017 --- diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index fcea6590a8..643e41cb54 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/06/2018 --- diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index 2adb099684..78f3e0b69e 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/07/2018 --- diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 722cf2fdbd..1911fa064d 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index f44718905c..76fa3dcb8b 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index f2f20d3168..fa892a8598 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md index aab509a511..3880906b71 100644 --- a/windows/client-management/mdm/server-requirements-windows-mdm.md +++ b/windows/client-management/mdm/server-requirements-windows-mdm.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index dcab040062..fb2d0fb906 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 01/16/2019 --- diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index fd63786a4b..362f24ac59 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index 4282089740..2bb326151e 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index 368533e5a3..16d67a7431 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 985a5622d9..98f8dfc9e3 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 4b83c206dd..4456b5cc57 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/12/2019 --- diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index b662129f03..dec54b3f0a 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/03/2020 --- diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 8366db3150..dd095c6665 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/28/2017 --- diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index c70e8a7fbb..70ed2fa2a4 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index ca020a26a0..52db501db8 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -3,8 +3,8 @@ title: TenantLockdown CSP description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2018 ms.reviewer: diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index 2ca340d369..af4f245a6e 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -3,8 +3,8 @@ title: TenantLockdown DDF file description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/13/2018 ms.reviewer: diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 6e2dc12df3..6c01205868 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -3,8 +3,8 @@ title: TPMPolicy CSP description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/01/2017 ms.reviewer: diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md index 91674dd95b..5cd81b56b7 100644 --- a/windows/client-management/mdm/tpmpolicy-ddf-file.md +++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md @@ -3,8 +3,8 @@ title: TPMPolicy DDF file description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 ms.reviewer: diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index dc6d399c07..8a3a6d1f58 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -3,8 +3,8 @@ title: UEFI CSP description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/02/2018 ms.reviewer: diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md index 07fcfcd80f..0124a0a281 100644 --- a/windows/client-management/mdm/uefi-ddf.md +++ b/windows/client-management/mdm/uefi-ddf.md @@ -3,8 +3,8 @@ title: UEFI DDF file description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/02/2018 ms.reviewer: diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index 682192c818..917529400c 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -3,8 +3,8 @@ title: Understanding ADMX policies description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index ac12b7db2e..186d8823ae 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index fdec714579..f91c0ba659 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 7580ff8e22..1d11592519 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index 877ac7fd2b..fa91e9823e 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 02/23/2018 --- diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md index be2b945e86..dc580c2252 100644 --- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 6df84e5ee9..0190c77520 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 04/02/2017 --- diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index 4a9221185b..a3c1b08789 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index ae8aef55a6..add96c2ec0 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -6,8 +6,8 @@ ms.reviewer: pesmith manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/21/2021 --- diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index b9863e74f7..7ac4734a65 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: pesmith manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/30/2020 --- diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index 72af62ee25..d318a8734b 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/14/2020 --- diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index ee97bcaf9b..643381e5ac 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 6da450c6ce..c69b5612ca 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 275a2f7d19..e3e4ad6b7e 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/18/2019 --- diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index 455974c278..2b315c6b15 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/28/2018 --- diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index c625ec3a7c..f822a664d9 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -3,8 +3,8 @@ title: Win32 and Desktop Bridge app ADMX policy Ingestion description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 03/23/2020 ms.reviewer: diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 945fe8163d..428ed3f3cf 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index 41cc1f1b27..a70763abb9 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index ec9dd82b89..015e95075d 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -3,8 +3,8 @@ title: Win32CompatibilityAppraiser CSP description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/19/2018 ms.reviewer: diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index 80c0540587..05237311f1 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -3,8 +3,8 @@ title: Win32CompatibilityAppraiser DDF file description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/19/2018 ms.reviewer: diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index 02d21910b6..579d50e4c2 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 68a3ca3f5f..c8bd5266d0 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 11/01/2017 --- diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index 053fd5728b..93b378c6f0 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 5a92ef09c8..ccd89eb916 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -3,8 +3,8 @@ title: WindowsDefenderApplicationGuard CSP description: Configure the settings in Microsoft Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 10/11/2021 ms.reviewer: diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index 90567d9146..c4c0409389 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -3,8 +3,8 @@ title: WindowsDefenderApplicationGuard DDF file description: learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP). ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 09/10/2018 ms.reviewer: diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index a41598722c..a44bc79b01 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 08/15/2018 --- diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index a21bff7acb..d31c057de5 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 07/16/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index dd3fac5c64..f34aa9ceac 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md index 183ae45f91..0777a525d9 100644 --- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md +++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md @@ -6,8 +6,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 12/05/2017 --- diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index 38e2446372..fc6a7c7176 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -3,8 +3,8 @@ title: WiredNetwork CSP description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/27/2018 ms.reviewer: diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md index 0d66b60510..bc61e8f7d0 100644 --- a/windows/client-management/mdm/wirednetwork-ddf-file.md +++ b/windows/client-management/mdm/wirednetwork-ddf-file.md @@ -3,8 +3,8 @@ title: WiredNetwork DDF file description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/28/2018 ms.reviewer: diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 88137f9ab7..bc19985a6a 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -9,8 +9,8 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: w10 +ms.technology: windows author: dansimp ms.date: 06/26/2017 --- From 77fe9aecf9e9ec0a01f2ea631e5072a1932b1765 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 29 Oct 2021 11:02:59 +0530 Subject: [PATCH 013/335] resolved Acrolinx --- windows/client-management/mdm/cm-proxyentries-csp.md | 8 ++++---- .../mdm/data-structures-windows-store-for-business.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index e80738a3a6..97f580f139 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -150,18 +150,18 @@ The following table shows the Microsoft custom elements that this configuration -

parm-query

+

Parm-query

Yes

-

nocharacteristic

+

No characteristic

Yes

-

characteristic-query

+

Characteristic-query

Yes

Recursive query: Yes

-

Top level query: Yes

+

Top-level query: Yes

diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 08bbde9554..56b02397a2 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -263,7 +263,7 @@ Specifies the properties of the alternate identifier.

productKey

ProductKey

-

Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.

+

Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.

seatCapacity

@@ -589,7 +589,7 @@ Specifies the properties of the localized product.

productKey

ProductKey

-

Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.

+

Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.

productType

@@ -658,7 +658,7 @@ Specifies the properties of the product image.

purpose

string

-

Tag for the purpose of the image, e.g. "screenshot" or "logo".

+

Tag for the image, for example "screenshot" or "logo".

height

From 57629525777f4722e6c4de73465456c5af398b4b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 29 Oct 2021 11:07:57 +0530 Subject: [PATCH 014/335] Update data-structures-windows-store-for-business.md --- .../mdm/data-structures-windows-store-for-business.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 56b02397a2..39f686490b 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -278,7 +278,7 @@ Specifies the properties of the alternate identifier.

lastModified

dateTime

-

Specifies the last modified date for an application. Modifications for an application includes updated product details, updates to an application, and updates to the quantity of an application.

+

Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.

licenseType

From 23673d3d7e431c7eaf462e4d52df4e0bf9275e6f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 29 Oct 2021 11:12:12 +0530 Subject: [PATCH 015/335] Update data-structures-windows-store-for-business.md --- .../mdm/data-structures-windows-store-for-business.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 39f686490b..43f427ef70 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -100,11 +100,11 @@ Specifies the properties of the alternate identifier.

seatDetails

-

collection of SeatDetails

+

Collection of SeatDetails

failedSeatOperations

-

collection of FailedSeatRequest

+

Collection of FailedSeatRequest

From f0e8de6463b07ceec9973814fb6843c259188829 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 29 Oct 2021 11:14:59 +0530 Subject: [PATCH 016/335] Update data-structures-windows-store-for-business.md --- .../mdm/data-structures-windows-store-for-business.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 43f427ef70..39f686490b 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -100,11 +100,11 @@ Specifies the properties of the alternate identifier.

seatDetails

-

Collection of SeatDetails

+

collection of SeatDetails

failedSeatOperations

-

Collection of FailedSeatRequest

+

collection of FailedSeatRequest

From ea2b7b49f1ade6c716337155869509e06ab01010 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 31 Oct 2021 14:09:51 +0500 Subject: [PATCH 017/335] Update update-compliance-using.md --- windows/deployment/update/update-compliance-using.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index d27fd0af96..8fb4f00faf 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -56,7 +56,6 @@ When you select this tile, you will be redirected to the Update Compliance works Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items: * Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows client. * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. -* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Microsoft Defender Antivirus. The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency). @@ -66,7 +65,6 @@ The following is a breakdown of the different sections available in Update Compl * [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows client in your environment. * [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types. - ## Update Compliance data latency Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. @@ -93,4 +91,4 @@ See below for a few topics related to Log Analytics: ## Related topics -[Get started with Update Compliance](update-compliance-get-started.md) \ No newline at end of file +[Get started with Update Compliance](update-compliance-get-started.md) From a4d8ac7e34690842c5bd41ffed6ad41f22aff6e2 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 31 Oct 2021 14:11:24 +0500 Subject: [PATCH 018/335] Delete UC_workspace_overview_blade.PNG --- .../images/UC_workspace_overview_blade.PNG | Bin 25858 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/deployment/update/images/UC_workspace_overview_blade.PNG diff --git a/windows/deployment/update/images/UC_workspace_overview_blade.PNG b/windows/deployment/update/images/UC_workspace_overview_blade.PNG deleted file mode 100644 index beb04cdc18268b912194ad492c6a28329bd4aaac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25858 zcmdqJcT`hhvo{JVU;|VXkgB2}(z_rK5v3-CBE3qGYCy!$NfZ@Dng~b-5eS4(M0yu# z(pvx_6eSc1280kG34t%5?|a_!o^#i|>)dtM{qFt4y~!@~%ri63JoB5GZMdO$UUuhi^bS)rd8eT=nlF%b+ZuQM?FbFDGX9Z()lP&ov3o}a@r9;glAt1b z`4q(a@ee)5A7>a(2!(#Ucl*KzqFNAne}B z(67<=!_6TdKQ6a&-qtdKF}wE$jxLv(0j7co4b-#-@ak$F-dbg%1lb08c;@>#nPaVgotT zLV~aEE_7VUg5Ryt22s=qdx>661($wu$B%D8Q#YmjQ0AIemSFhsSo7V~5*}-;XWp1E zN=mrHW8&Nfl#~N_hmveeP)(3cZzS`NnPo)}7^t-Ovw%fngobDI0O_|TbLvSU^NUl_ z!}#m3a8+84e4o@yeHZ6n_>17gx?(sorJ_^o?TuA=XJgY&G}@ZVj=J~7NNMwpWr1Y8 ztc2wSdHOJI8r{OLQXf|wzAn>}1Xfu~ko}VL>9EU36(0OX2rkT8PB#cNkiVdgeC-CZ z&00wbKQkK(9u-%w2LO!)zo-`tOkd8B0f;JHDk*=^{QMR+z{Wf#LN!DZ&jm9fr{Dr zjqcj5eYnF45OrAQ=>%e`|RP?(9S;X68Pfcwa7NF1wyamw3tA^3=buxGArPhS%;ZI$Y4!a z*ywlUw8xz{{QY3pZ){}TbDg_sO-(Al=G=?rHk#uXnNjMSIih2%qlKC9huw$A*dI$a z=a;WHa+lU}_F>AB$cj$uq&e7KT&%$+Qjv)Xr+aSwx8e&Q3G`6^ubt$OHmyVfG~d>| z;kacoX^pe%9`@|wMv_A%XzeR?bYQGJYUmrO1CLGJ0KZni)N=M~ucix$PW**V)Up60n*6l`RbuBy=SrPEiB z`LRjBNaxu~V)&Rje=qFqEj2B;bbIj9E_}ZGwD4;O#o*byy;lhOp2r)6?^o2P(B2+% z)`PTTZ+1->$qrKGpSjOuU!$GwDvr2gOPPScQ#%U0gSF;Eeq+7U79bz#O8kVMNZQK# z)WmM$g4Ny2@xNK*anxk&xJaY(M^okpHVQcbIw;Xxa!xqsa5vJ(n6446!kA!b;r2F) zD4VmC`MVOa_#a&$5v|dt0X6{25daEk7GLjlA6|sbL*pXFH(r3Z51D`+&19YyD7Oas zTO~$MaCCJ?zMPxj=(p!gOxdWXEh#U@+KXibjS7q|zUg1>c05N#Uy0&)C#=+&12Rqv zqRT1wELQqm&ZBjrTSArj>umY<_nQi7DBiZXjsza)UA_VGktpGJ5zH^HU&sm1F*SY( znz702<)9{Rpv|KPh zgs?f*NJgDi5}KMxf$XH^yv3J9KcnmzfCwbFV5~djy+S0)qm4Mqhkhf)=LgA^tOP*~ zoR)jB9%minkxS>TU9VO+;0?vr<4&NH0=Uc~g$&^`PZvPaFxNxp%okvpSF;q)nUgJY z`PW9BcvzSkDn-qyN5o5%4ZJ1)Yc5Tk&i1X=7wy;Jz}~ z@fPeuk|%M97*x;Fcgx5#>yXa88V5WB!$+MbsKX35U($~QpU<lS^384rP%6mCKb#{Nh~-}-Un?ELyi0AhREfDgG3qY9WK&kJx}s%0(wu?IJ(;A! zz^W5wpyw(J^E??&mOdkd=CN(tR<%@@y)qsBEVaaVd315%eXon0T-v~B0G;(SxNiow zO`a~Unm^+dI=?C2OWhJ0aKbyK9Z8tq>+9@N2u3xgK$h1jrCn zv&R@W=1_%wLs(b>^ssD|b7$v5LN# z6S9~dKu+p>T8Gs>Jn^1MQ}@lu^wy)u1?)2Q?hSPm0OZ>wXS z7KC{2>eCr;ylvt`bKZXJ;nOXb@fu@Rq3sD=8ZR83?&JpF^qK%$W$KPhl} zk#XNh=;n}fMD{|ZN+i1Ui*8DC*<-L;!;9IkAjwIeQPTQIfjtwiEb%0IC;Y*>6!omg*g*t&^mUrGI*$M8mor83y@?(p!5~O}Z7ktWP$x`s)WEG>c zLg_I8+Lw--zNfzn+slv)!P7I3=teGo;k?SRv-^i0vA-fZa-1%wBMayLn$aO9I@v?S zJFtamo zLxg)UxZ^g8uv!VtD*MT6=|{Pq%AMWeV~}0}#-oPSe7t(p%<;P!H`6k(P^86fsHI?lG&7&yf^DvTFf69R1#QiB%ye&^=d_jn^p z_#@TcS|%QU($>|QqViMy&);;FJm%~y)Mxta$b@85iEtXtrIS8n!jgVRcG;Nmqs3Fy zv%X8oFcgDD;b)A7OKeZ=T?TP82mJf8zhgXj2)?jeFuTg^TZ;cmZxo(x7tAFxe?%o2W)B3f}O#V(s;Q*Z$!TXB(qvUyD1}b%I_4w8> zf5OQ1WEI3Yum2)rIu9g)t&X<6$cg!8#M{#CH~%5l-~BPrzgO9S4R>;yE&l50j}<9PlQ?6UA%D&3 zFPEP&*0*^g|6223D?DuCb^3oFfG%PpS=1P0X$C*40cO& z#jhyTxg>D~mxf4_?u7rxeKs@vA($8`fJR?}^aXzEpQd{ynraNqV<)%pgU8Ldk#e2X|E8Vl~Q%>Ms+@J5iz351Ha<}QuM=#Rn zzZp@6KHE!lKX|3R<}L^GU!(d5tNR2G1abyvQ*i9?pEaLwo$j{&LGVDH;og$_f;zA% zJwCdv{e$2?xZ9WWfe-nogy{tTOpDIlz8HgUm7M;#>fjZ4hv6dK|NI|LO<*9Ren-qN zr~z(HH|jGie>FfyUXVy~+b|jn=Ity~ zst%Wb_wyLw_go)beDqLUh-6Au<;+dTscxzetrD_J6}Pbwe$}Z6OL;idnP;kbKliH{ zSG-7aVGr@l`Gn(zQu#gPLEPO^?QQ3kYx%*~%1bwG2|3MR! zss-I}n^0(Negm|17n*Uwz1d7i=g{MK)LU!R(9e^*@rkIX%e_DRL)<$`7w(<7-POtw zxM7pn2|iBqYc1`c+m+fEm>UR=3(HQWmDF|b9}~K63O_;}@x!>Ad2;i_M{hYAx04>2 zi0pKp6p-x{vbbnT?o)KpqNyM~tyl(X0J{fT;saBi)rX0DaGa7lxmcaVJ zQTW-V^Isb_^PY7MKe!xxh`eJ-wFm?RMB4D!G25&0TsaqWXezOg6$S-vriQ3yxIKUX z0}8LQifM`|Wp%1^!Q?x7JH(@6fYL64BAim1kJj>)GYk3e*WQ^k4nUM{q;()Xh^PN{W&}?@O;@u_84|rrY}p#g z!g)ZcVudM*VK#A!|@tq8)Zpons{Tqw?)=ZMRT5u z2b@F9;B3k}Z zEPItBzKJ@uis_bWdT{*tg`=TbLhJVqQUZY~l+HL2kjCQ|PyX{|de-_>x&Pm^^=lvv z5j2N*y8noHXQt0VmYOsCGNO-ZKd)_d`R$G}*M3slHCAVR(MBSbvN%G_L!dJd1}cgM zDT}_l*#3A5&33(1abwcNeU$bEm=4#QIvZ`&Gzsr5ML+`TZ(&!AJ8V=g<>cbd6_f^U zZ%KmR?z-Uby%Sb83x5e+{uPu7-kjN(_OcDbm-;$U)7!&3ir_YenQFSb6GWr9ulg<|)$J#~tc&(iDN(oN#jZy87gB#jU%Eryp zcB}F%_J(CSbVIT}rHiWV*f|?a7rvzwxdjT9x6`a)zqTxc<5XFp1sooUk0(>s`yV%; zM2XzOAr7)oPKY%^{mgx+e%COp4^O-_AC%-Mze;4Z5r5!s}! z*TxUbZB^%JXA>XiF1JRa&)m2u+%R-^Vn#pNdsI{+5twYhlcTQGTDckAT0RSJgmw*Z zrRMNoo>EL-2!Q??@i`3oKo@z1G}7R35~ptT<68k&1?T-zZ?`>JKlZh1YDQjz?_A68 z9Xs&ZQG=BCj7oz&de^=$>tMO4&0EWlX1aw{%pu}Kn;j6NkrPodjI`AD3`*PZXo~k4 zZDDthTtSTaMTzk9Hf?WwOoj_K+FIKaZHI-=01_MfE4+)Yxup&i7u++)&SLEl>W)^~ z^#Y9qd?&=YyHV^sdcaAauJ{v8#xBolR4(d(?$2?Ac@58`INU1l6;Tx%P71YQ$+U2z zuKTvtih>Kr&If;U?!q=>ld3W&l9E|bowxJ(*ODZprZ{`F#Cj7~N|GSbwGR+OTo=7O z-K}QHN{eA{`oVYV)o$^>eOq}f;LDn!uYzwQ0kkNzGTepNbzE829omj?X-*3j)}kxl zO4=k(gU|cfH0V3#dJ40*`n_#mT5ERTP+CR+<6T#Omh8?P@xF(5cIRdu z;X6#81k#hr#X)zHcUwQ3E!>(?58*-h0;P3oJFJzJ7F3Z?{#K0JjrOQnt1-nO@$cQ| z@Ne!uz~8ec*=$!TWwIk5L|(xOMRF-h=7!X(x?Z|M_9d9zK1}dg-QC2y;~i! zL$%rYge=y(UZVmk0uWPE_h7RTRg5_*%1XDVjJOcrJ~rBk6W)>_G%YO}A~Qx>Iu6qa z6DHv&{e2JNd|ON5 zegH>K$B1h1tT60~ef+wj$M9^-cyg!yZx!yW-ry$5s-+0yX*lRXHngcod%{`I@zk;| zHEE@vb%fhhOJ1l`$JKs1LtG#%DW*zWRz)RarN12vIvMwf#Qn85{Y8iZNytzCJkQjgpIl=R|4CIv)+?G@zT$L1|9n zjP7pQiT%10Ml2phb0mxF?%yXd*(7~`_!%HI)r3M zRqSxN6!NN_2|n8|p3=AXpwfPCZRT|VWl*gut>_&v))}MLSt>H3Rko)`nt}IhRpkz? z+nekWe2Sy0R7Lp&qXe3$dRSz?+Is=6X!c78Nkw%@!Iu~E)nWyus!_vSAAJ0F!6+1m zXKFMnHP=m^R5rro*VG;z6^;U^b4-{w{Jz~1qji_;hMyd6SK9N z)Sb-n4+L{#*WbNP4Rp7{-NRRg$hl{GxCH)qN-v|zC($3pV3r~bJ*TxoQE_(E@x3eW zj6OJAuBtxgU7dd6eDVxe8%S~T?a^5=4`1FF8#Q7hObe^R*^fzsP_8D&lJXdj?An}9 z{S`kt*sCcY>H|`^gAMGj`%`zkFJ`)F=BkmIhOTj!i;1+3>wjf8dHJ5qMP3V~@1C~Z z*A|L)3HO3d2xGx+xw3k#QLTH>C>14=>xa?DLpZY9!bj-JGi}W+uBWa~SdlA{CI$US zQ5zHs#5bU&QemfFVr_O#O7GTGGU}ylz3$j3>b~O{Tyn?dO{UQIJOkNhUU@D6A}$A;(bjdU)=aJSAM671(hU}JWgSQN za`pg{{heV&6-s`>V_?L(-hD-s`{lv2MQO1C91!%>)y%v^4Y}bH)H&6fAC~iBw$Av* zLe~jYm?A0V#9d>reLa>xyacd2Ws)a&PB+Z+#2^jPOT<2gXM>6KtB1lv01#AnoCZg)V*9a%%l?g3v%@>Q&RmNM$+UlQt+k;+BomC6IzET6lkQ1;hPFSViBKaWz%;vM*ttKC2BHgWbjCO zs-#?%=k6SlJ-^9Ir!MJ^mO+?$40){ni4=~>tCh&>@T|_vw>5^) z;9sDvD@%fy=?-TbiYXq6aK7KLC512PZJTwh2(Ia`GcMZcV&^d@*$zmz8^BM}!{7Wn zG>s{rh=z(Yf+kK#yP7VGyhPuRmh6GNlw8o!DZ5 zZ6&6oMEbL>P3_$-E|WVNJ-aQ|Bw$Ss>pgf{|G{Pc*2v7{_r@br8+X4oEqW zt)3&1098nMTk+QTZh>$wMwiBONi z=#`@!93Wqc`>>dl#6ZT1clOgd-&c6=C3@}XZ^}m)AZGSr>sROHR!X&q^Gmp<0#T(9 zy#=rt-PnNxRD0L^eVO(m&k~0MVg>z1F>Ve?;aoipDM%w4_xEopSJXJ$;oP!@H_Bu= z4QZ(==Oy=GkVdtnpBYlX`U2Wsa3*CkvrPN^(ptNir^#MO38MDO7+tFkb>F({%?jpk zQE2_Nn<3l?aIN%0k3%)8BPCD{< z!43ogJxOH-eg8-}DUFPgzU!u3KkF zq-*H%C48qEf?N?60U?2=J_B)*nNGn&F37WYU{1n`shVb0GS3Si z%w)LYd&Jj2m95Xd9^6ZxKXwVy2~6J-9q*eE=<4m#i5HB(E*xsZ0zcHcQ%%$acR~}p zZ7ej;H?jttEF-jAj4q-TV77MCjo%h1-+phLno}suiu)RKqsBNdd_L+iBuX?%_Z_ce zEb2s@TuyKA({4fiVNB{16X=b!9(SWu6J2ZKr?LW_;3w<>r5{G&QX@H@MQAt17&pyess4B z@H?lmYG0Ioj|VW7H#$e94E)rauW=FeBhSW8E%JYO=ef+&J zF{sk0ZDz?RMr?lVx?(GH=#fDxX3Rc>@Hx!j5@6-08p+racT}+LP77|S!Czf1JWfi_ zZKzCEj3brzb|VjnD9n{)m@$)C*|0KuU-GOvcv_?q8abJ8UsCnKNLu_4BG0^5f+tZ{ z7j?RWmSqEZ3rDnY<*GJ$qAgserDnWJSDa1Q1AsvHXyrEI03Yws6!us_aP>han)ZJa zhVJiEp(>ZwAqQ=2+P4op-ckIkuLmwvga7n_)47l@bO{i4K;-XE@%~?9+5d-$Sj&;j z?E>zo?d=c`g7ez~K=|ZqR1;~`8vm^ng0C2}d$ymsxUl}69*|e_n;`aRTO)#d+uATZ zM)W8>YjNZf`|idt7%Kz2c4WWB!mSN66SS&k&d0#;#AvNkB(vNPyx)7_>PE;=QKKDV zU~njZL*LgJ8Qu&1&(D4sObnWTx!+75SzT;=Bf75T#Mjbv^Kr`9s&U6;V{SJ}#iJoNy3&{#u3PBxTS|Fx+jEYAplIq@nv$5dkz()dM}yR3&Vx&-Nmx8A>B8 za8hPw#o_fWz8;x-dvAODlf>PUb9jam&F}(0cD`BYRE^{Zy8#lg)HGA-rE-=hcMg%g zl~z$A$T!J)p2GLAxhLW#p>?=<*Qr3Mj`Va!JG3zj-tZIN(K@pArN*`X4Y&$HQp`9}rFudyfJREFHhl?@R&I`-)SmM(Ho|K51hidsl&`PW6Tf*JW96m z264L5>s;`C4`y2n<;2E=Lyi2)9xc_Jp7_*o&y^L5ub&o2MECbk2(E|8T4HT119-fi zB>1`|?~YVp$E;;wD1O%J_1QaDDlHqO+qSVd@49JBP+Hl8!n?%7AFD3_R=(?{gKUsa zA7l?loaqt0sw9g}?nSM=2nHehdUeFgBNF(dikVTg@YpVy?;)2%OY0zV;iz0fV9xg7Ak<~J zDP}n3L6@}xA%q^#53q?8w} zV2kWHH4YS81 zaYhpunM0tZ<$kvEO-(>hACVhGvHqq^}nJ<(_ z+RbK1!%PyF&QZBlY9SU7kps1bEwqH#m$l!ZK}olwTz0n&0@vFBrH-rtOA`|ACBLih z9SRz9c5i8Ef6p2cGVY%F+R|tB9=#3RRBCndtU!cKV58j#z|Zl4XU9p%A4z3P|kNNk)=sTnxbT>cfqDuy9=wZm&+M(wPy0^+M)L zgb_3kds~Snt$xR6jA>WncG2~PVSH?e zHje%ItKpIktW;;nHV(g9VuyMsZjG+w+wfRYhHcwX(Siv}Uc8%mhnkK%q}q*TNl&<+RxSiTmX0eH%DOfdNOQuT#vAw8|nCf4vnnN*l>M zf;2~$XlajqvyU5!lOIE@X3naSWI|X@7WI&c%TB*RZv_4NFrEH8N4_HjCsnt(F4B_5 z{lTAqTz%bQ$ko3VHFH(U^^Q!I6o>ZO#CL};tXsoi0n?z>S|i&p8G*?uc4)<(U&j6Q zeTY@Cju`Bv-P9^XikOnpXalWZ7A0xfJ^zuTQVxqs84_E6ZQkFIy*UFfQW>k)c79<6 z&)xY_Vl-Tm#X;Y}@8JVKv&&t)hv!UE0rHEVe8#P!0iSHfO6{73zmwr=uyv9Z&wQ8p zSw5MjzLxlC2lqj}Q7HMz5<>oml(d`j-4fb@dU}1m+M0>hP=<8)i@<9+Zq3bs+Gkx z#KXtdQifSs9WLq?$Z73v(&kE(-L6ziECnqE=uM=Oj68i(0Q7LB%|{EnRBC7^i!^>4 z7$@^)te1MMJ^9|rbo!Q8i5h+`eRv9V$@u;Uk6S9tsh2C9h36tTqDIa;iSS6p%q+79 z$PNDM9_JxZpw7bvL9Mca=URX^KiJ!TSlwYx-Hiju)K^n~G$%J!3rHfB`{5(ST z&I3*H3WK--qT4f!_b#1F4wQ`*_dYZV@{LkbZ)O15W!Zd~{wUrR66xLZsG z?BOZATh?-{q~CB13B|0^$C_szXri7R9}f0R%c!N1m49H#rR9-&zztRIV91G+_zVaA=Zn^&Vk_xQ7PKleTtc9<*%{$!Yk zaEzUg?se&YLma$4Lby;`d0Vp^3(4|*l_`HcR8$9=RqG$TU0O>|CAc-k`QAs`4LRG{ zgH4of4}aJgVlpgNQY#TQYu<58=JfpH#w(%HAc@d!F)>wb_kHltWRW(vHiz)oPWrGJ zrhb1>UU{__!X7EIp-x&ZX@WawiqNB7cRcw>McmimlSOjeN&!0^rs@|9I8yFKUVN7h zH|oN}Iy9%kvnQ8Wp)X0Daovat&rG> z9-=w!EkQ1a5F-;!vTWNGAyIbMEtY&cyx+zoV=y@K*Dfx}tBi2AvE|xN36zr__P=6~ zzQDD{i8~sqV0HC+woEhh8SuazI&XV-L>Y*89-Ur^*g16Q=8XebzDGbvacclUUbKvlQ7kK=iywFR5RD9k@$g+)sF(ex;hUQ+>_^v0PMz zDTQ=kJW3jv=>>(Tn{&;Ah#l`6$lYD)DjKl67K6v2{uD@V3+ycAWmZD)caPFB)Zj23 zj%`f`6o3)L^PZ^k=eP?$qK0M(Or_l~Eay>UZ~wo-XgCW_kzh zw;P{4OkTU4QVS4h1r|K&IS-V+jD+1_zsssLY4;HgPF=lL(U*H7?3`KA`0nvsq$jI4 z9Xs`L&p#T5xB8MTbZI$(^Sfj7;bLn??&S*PH%M?$1@Dk^X|*LRL)#o#AuEo?lXeW8 z=jS>&T=321Q%4dbWdNLJ?-CLU9I8K{h85+;CMS8!Khu(HEj*_=?ZMYqx*x)7a1~3I zH;D50>YNn>a2In=o8cuhbg5r_1rCEa5trOd;FBAoNG1mvO}MItef&^skrJ!t-KUeS z*N~$xQF4dT+(uVLY)!2x3NSn7ez8Oo=m|~vn+;Q#y@6=w?77AK6!X{5uEeM3tdM|s`ZQu=MRR&fHREt{;03#Qy?!PJdVIguI%BdpN4_;-WzydrAw1%Q&q_;) z(0}npJ;nB_Qu!60_!2R&306=7?=wC6(bfZRd;?$VHqLZ``{PVvYM>`YysPX zuum`%7<*Z-nxyjc(1F~;Wu%kKCmE_k@8t$S$vr@~nT4WGJsBlEusjec3~^!>&jVvm zC)iy-Kt#HQfe9B$0I6Zo?(y6Dv=?T`q0RE8 z27ht$Vl!g8XgQ_~&GGE{{Pit=cFV&M?(<7`41{`+W!dsn21 z#{yc)3jI!M7&}BziI#CN-^A#_R+!KbWnN#Dy>y5A=2r#Ex8oJQ%Q!qLPte?2GFP$K z2x~uA2{-1SsMP}5ZaohiBP`M7Nbkk}eDnD#0NIqa8FbiXp>82ad(t36!8+u@$QULg zTd*{No}T`hJ(1hsY|!w#Xr%A+s)eay=QR7AIDnZHY~iKDXPjt?CXZ% z$t5@3V^U5tBp+nZ#>IxQ|_kK)U7Y)wr2$8a|=D_(ubFJ&X=!u}WzOF49qgW-H z;fp$eXKo{9x+M@|P(_suIqiSF=Dr-;o2*ROs3pEjtc35|LB^lqNplh{mU5=(eWGn~ zC4lGwv*KM~k($aYmZlC_^S-Q{2wGkC-IXVw8HSGs+-w+j`X~ZZYp+I&!ASTJ_X_0& z)|upe6^%^oon1vq)ft8C*@kTVY@u9|{+joK{4z4_WC-`)@SWLtg&>I9<7xc-m@-ph zw700gV?CraBErGcC{wYF~{D~d;EPM7^N+J;5$! zU0`hKT}=m1?+j(Qd9e!JkpZ_-t0X;wtl&1fXEmb!kpG$aFq0~Ud8R$34!+L0>a*I^ z%Tu+X8c6g|OG&;_JyKk$q*^fjm|9SeZbVESS7;!;sd@iR>QPhS=5wl=HpWkC#kBp4 z+^d6v79#_Vh_t_$n53fij%S*~FB@C%wO-W0Z~u`~UP+XaJUc6$2%ktp1u2$iyV?exReZ)Bi+k z6DPyY??}T=07J4YRFP~8FEtLJ$aex40)4w1=+Iy*A8V;D0kCwP-42=M5_LNJYdg9% z{#(%n3B*&~?yNvUq9Q75ZL{@QM!5)gnj!dwJgbtn2U}p=Z(%@~T{&^%NJPqcq@uJvo)xrul7H@7RvL3zD6Y7bT<#SK3A9lNsntPt86FiXQ0 zb{I*+$o1hNh2bm~HYeTpk;!7y)!gPxpup)H=N(mU#P0YyIv=xCcj5C*?fT9UF*G#S zy;(NmBA-wW2Tw=8$w;^e>Fy>{pdP1C;d3yK3h(bEmv*zUh1yS!Cy%^^Q~XsPX~Hg( zoZQxHw-srzJq(4A^5z4Z;7 z^hCkFEHsumP^ZIz+1SJRR^xTDWx9s%t@ZWohTS(+&bN57JGtM1a)&u(>QcS`0l0tvv&TMRgScyf2e?}p+Ua~P=pqqlf>*itx|CBB` z{9NU6(~!Rl7b_RKetIrgzWuN`bC|+DAH&EM);MNB=FwRvzE(_4=k*Wgoy0_btPN$wnt ztwLRtd|r~x<7FmT(S+>PZJh9b(soF#_jsh!_>lGofXax1M+pzf2th$`t76iEBiG&s!N?0djxUx`e$XEY5>+BScxxp zOT`6TcBKFJ3a@>jHu*)%F#fEQ&c9PG3v_bjlAw_^KPW1kC5i7Z{DM4{f&I9}bTi@r zT3H;Wr;`~EaM#CEpE1pcZqkca^p@Y~|NYLBDX6CPE-^fLF_Yd-yI-ktSjU+GX+>4j z#vRf8CM6AMSDAU8^6-4Y+bh3B%HSa8)7rPJ?ZTEr|3g8^tgoYCjz zB5?#ymD%-1{i4*ZPh~zosF%|q>YN3wKD@Ami9r_~#w0I#t)t2~QCL#$s(R=AiO=sN z<4`^=_q6suHeT3N6iOJDCA#8&90KV9Ym4nci<0e9d_K@EY)Fg{Kp>)@h2cIunbD77 zD*GO%YEWMpAvF4X#POW-fdWy9gCBZ~^j(X<(bf@~+7N+4Txs#7o zB3Wm=RSy8KQ*Gw1cY5}_W7ITKu6X@Jq4GB6*2E5nmZPwxpnvUi$_Z1_=B)~7d;GV& zlnVlJU2qjAtV%X6fe#E6LwhwuCz5ZZ+;@e%0W9Fz0)DRYXg((7Rljx?<8~(&C4O7M zGa0=Kj|i!dQfw+mO!XbkN;A}+cQp2CWN@JKz8+x=@a}oP6{iWdxY221LgG-KT8JA# zvNNyrTzIfZuK3j&88-lKd=u8?K)5u^^abSTydGc;vfA={T~g+bMxO*ZjNTjWpfG%-b2Nl$c|H)g@IKX0o^fX`McE?#Hca>u_|qi!D{(Mb(|f6R zEom%qNkk^WROW?Mj<2$R(DO>NN~DofnDMx9@cFY+Km5;tMLBf^E>34j!8(|NlNb2T zJW@UL>}$t-VjGjcj&O49ax>Cl7NzD(5U)t;;Xm&{Sj$xz!+S zsjkcFmQk(>PH8u|J5~9tvOYO|a|TA4nb^EfHNk_@t3)K|pPg3qJ--|)b8PL@GOko- zecM<6Lt}h$U_U${c&e6gBk=sA7vDHDwdG+l&X%fFY1k$1ptoF4j?#NPKn+X6I z({sfuYfjLQByW?7fP&H=M;C?i6eSZ_Aza2t@UDUcNs&UnAW z_&Fu=QTFi1?b|hv?mUa{RwQr^Ew;ZKtMVj{>IuM`Sqp9mo=1rypI83=R<`+ytKiAx z>Sged((8LA#5d9W)@CUpF<=G7ok<1%;qN&mizsxH9MhQO|4$$V!z4#nQV{_DQ{w|u()R&JS0K3;aCh~(kAm2J$Uq`$m3gbA zIY~O#HmkULi;1*6>&NnJBXNkIY`gc38S3W3J5k=oGYSd_&2huM;Y@LfBiu|&B*<|W77=r(Z zoev3>h1V{cR-xIT-@0J|hzb#_CR*-%)25t#$_P;P*06j{O)h!6}YlHKv>ZqQE*RLK}+qYHe8E>YF|{2 zp;sGuYy($XeeeceJ1T^ExgbpJaNyqH%aK}C_r~jxll)UMg@3V_ChMTUEGs6`qcbiPbw-CMG~|&Ag?$9p z0Q%G6^JK}==1MX6m*p{-;urT0m@ZeaNKd|bz&Kei{5J-iC}(~6_bGFUuVOtXgqM~{ zw;QORq1w{ECT=hXedEtBE2S$I8NaRItw#j5a2W~39r>?2t)b#IF;OyTa{NfAs#om8 zWA#JFi)wYkSm~8hP{kym)<73k7@#lQT1t5IhM8G!Os7nS+X`d6*^%-rBxAe~F9_~tuXhZAm5}D)HyzLTWW#&-kmYky|qD1yb}?xeZd zUz{_v3z5g~vCxqp+`wA5M`sHK&)|Ey6MPOd?M62vGAGYyFiVpc;9NLHVk%~`h|+zaOZ zwUg%V?)okSQS23GPCP!63~sh1DMsK#-^kR0WMXrsyQYMgY=P4S#=kRhuF28PSd`P<$Kg3i_ci8Py?QGMfrLSXq`JCA|I*hPtb05MjH7@8_ zaPOunU#QkLmGq>kUUjp8N;s?*OH)m6n9nkMcJ$BAp%43h5%VEm3wjY{s zTDEeoW2)L~Yv&1Ez4Fk~FRlUNv`}uUk$iz4b|OdB-}bVD`p-AMW!Vgw znph*J%2>{QkjcsIvnxWp*3FCm#a(ky?N~NWzEc16i$3zMBV{5<10U1?)!?ss|9ria z4U65$QT6>W{ozfNXA342{bP-gL-DbfrLeT8cJ8gD>-xB*i z4^IXVmde5YB?g!LzC_2|ohY#?jR6t7qR!@0jk?mN?PG6vFryYHj$lG0fWeGgWpgB+ zQs|JYVFw6Hca8(wz?oTGsV@QU{jyAX(yj4)Z-4`H$y#k{H~wLH2@IfWk2bbGWQ=@P z$x>Gb93%LgO?@HB&6b_Rv3MhaV1r#qtu09&(_z4Nk}q^U@Pro)Ff>p8&+FTNVJr1F zKK+keu~Z$32Am~2yG>8{Z>%|1pA)}k>s^_ST5X19);t#mCN*wn?0RW*e>917P$R|Br-!>QsF4_-MlkF*X$TD(yK`EU8Nf>_(0Q9 zT*S@ct@yq~T#V3{JpN2RcjDqm3CFu*rS8as1FX?-W&ii&J&;_2f;h(Y5u}DLzJWbI z3(}0&6ax}GsEK~6BLW-<(tB4>7~l&rUKti)Y(d ze!gs92E^{dIseI%pXC%~ycn8}_REa1fKPddsma3WZ^kukPv35BMw=MP-0Pz{R1 z78>LlYMU4F-7-II2(F{#dPiojyN3i9$#q?S7`-C{SnR&uw5POF^P?YEd*KQ3sDl(E zCMe@%LZK+Oum`el-1&y-6D&UZ-krf4W2l==8HFW%)Ioy6tjq{1R|QHgyK)jK)lWa8 zOY;ux$L!ZvutKR*Pr;i;PNaD7WCE6IEQ!d0`el8sp>yZ&)4I&Bq>@|J{*s-#FH&w{ zZ)S%&p(iVD9p`e~r1BR3b<=M4$g4twvt}#0iIivRi#yih-sr`X3`4kXGd!=3>!s|6 zVz4phNp*WVp09RxiY_Yy-(=K$HS#Z+!Z6%{CTB#Y%~ND&vHD{3n0OamUxKwUF)>l% z(R7^IYIIsF?k;=5jX7tXLAJ0jGF`Ra=a|_=cNB-1XV*;lFcgsLdOV9jhVG;L)dGc8 zk;rC~;uL}c{^fJi8?sPz4oTw;s7gTVCH}~9!Z%}q6L3HVRLnQs2n;7R`zW=;UvN#w z1y$g*T-b}`8<(})s2dld!sA5aI#YO}N*Ig1!nCtV`Q;STC=+Q!%Hi3)T?07+ZVz)j zU9sct8~&px| zIk%|Uo{@10Ye2&I=AV7dqeM41C1}m3Xxu_&S>2rz(cfjBsc+kz0r-~Jeo}Po9{mPq z`#mC^GNBT4P{sANLWX&gr8F`&H!7#sUBrG-y=d}>q35_Zv4d4{kam5Dmg_!zQz$D~ zp?xa1cRR>3_h}BXwCo>fJ%~~qBoT0SAEex-q4V*-pUwhxTTw)1YRWr!_ z2xgJ80FVaOxVX20T1Bo!DkuN{qgW@aq2Qib(qv6#NkZXOuZ@_sud~y_B|CqvCSxHp zZpm{5>CF4dK45=F>$!osX8N{ID&Pyp8~#sawTh>LB-MLfHp{A&GX(6cX_m>s(E|iU zSsIl?{B}bfAh3#Ox@XtjSf?iF3*+vicKmcL9YF|EjXq(wrSn-TCJ*D2-2i{nYJh7F zTx1gySlfPJ}k6(Z-C zg~~Y-^E>ly6Vo}&iG7{y-Xqy1b5|91-fW;-W%?<;S9BP_WhwmJQYtT`Am#vCfulA2 z2(T+N;Eu+0jQwC%FS=%_2i5AL;=IIvcfIjE+HnUw>D-;c->4=C;Lzv&N8Uq&{5@0L z$IJtBzJWO+tv4p={G5_Zw*qugpA@ZLezUeEMm7Go5X z3I6wVHI%Lg6ZqXH$5X{~?5422rEA?P_Afv8O?ZH9kdzMc%cWGc%BADKa@RKew-f2a z6V`}imVb(3md^LMF9#L}BK*ZAq;7gsbVjTGCAwB61%0=5igwMCgVP(6Bg%N0Sx$w} zEvLDtd~g717qwa!QG;7bdBABp$I@A|DC~XZx;&UkupG!0DjS(KI7!uep~R{CC8_my zqaBaZen0Y{YbtbdxpC4g14kY83ctPn$evfr1)WB9@@mZfjas#S5j!RHN^hPa7B*7} zDGvyo@9$=rAru|o#SioOHJg*tozX{7v#bM}KdFoXokdaiQ4w|8zU0m$@l&15teFcz z+EWN=?r$OR+|{77|!Uo7iWzMC1{qT>&X=hUT^xq%HwYH z$zahn`JoDaSv#X$32Wba>f_wp9X-Ax8K|~>TAOBH^ek;=u0>98wCO$;k`$ednbeef z^BDDZ98v3IJs(CV0M4S~R?;G=r}OHqMy7ds%9cxPTDOX4FFHS{BY|^lOKQvHmgHDA zduzSYwsAz6y0diNEtkb5g=F*_ z0}gg`_Y;Xno2B=be(t@jeO|z_g+JDu&yo$Q5Ljm<`Ns*)(tu;q9MPm5s^g;B$oQgEheU76IPyawR5J- z?G=Us(9od=L2@a+w!J;yjOz`MFgJl(?Q-kL^GC$~ab=sV<`zr$h{;k0;#f8^7__0P z10THQrT8O!l2_u!5`nO3PyAA4K5-4AYNGnskJq@bk?A8l)vSs@+8rC@J7B5cvF~_M zKFPjg@ER^cRjVt+%NOeEd|leQ{6wyhYmh^~I=ybpVf;#8>{z2ivL}(7Nf_s5e8?j& zXn>nPQ(SxRV+c1!bikZHk#8G!aIjxje5|SF^ z5QYq$lIpWegd6$eIFXrn8?rSDemxX~6K+Sk-%)Gp}Ev|w16tk<%pISH7u zc1qQXJ_anbT^x7_G+TV2NfZ7q-l9m$Ncpy0o%})u1#@1Wm5;zLa~j#~c_VK|TEk;8_B;_ujgFDqZ$q zYo00qZq)!p_9EB}Au7ltwv8g=t;TGncpk0(-hli&5wx^`kTTT#MjAiOzhsR^9D>K! zH?R!5UaT3;2gT^!>b3beS;ukxC8qI7+O&nX+f2&#kd()vm^yx*N+3(7k!X1KOi8Fc|XfVo>=(Hh?{;wnQUS zefwl1Y@9?ir+ngO)zYW&rRji~JA{E!j>zaY=4 zEQo%0c=cR6s`~yVzdS6&tpA88_ty$M_K`C4$JHOM z7Y`HDgcH&RvqN&+r9ZBH4Cq}@K-owKC!DH11rtw1=5t+ckLP!M-6+g)qj8R6a?Oh- zg&!ORs-6|ZR?v>>;*M|}K2|M!mm`b3p0kO*o`q;fe)93YQMFDMAO$>KKo3`dB?v{vkA_L zJgNWf*`2wFy&?mSeGLLHOR7sWjy@SU9K|U7CaH=x?6|^g5Ktz=p7h;NSIJCG-0v;% z4s(?}B`SFNh274Gb1{pLy>ScAyIn^l+b5B}d2IRmPZq)RkR#8sx$W@{ONqs0A&aBm z;E5WKK5B}Y!ubZCt^+!>Sx@*oP|!8a`4yj_5`>bQs?Y5dO82{ujb=|j2H`I~QP&@O zwjhoQ>Zs#kg;X#8&G+>9L@me%&YKdsx(m5_;fYS?cVS{Iy^g)FW2)_@_%zEcpg!Csy>(tAXMjTTg+( zzvg7PUqu87LJ4^#b_rgS|GA3u9k9*4>ghv4(`T$sZg=fsQ`awX=N{5TkXysiw<i(UZ7Dk2O~QrfO;kbE#;+P-gVYJ88}otl*^rgIpzmQv00Co5c`tQ(W43*KW!4*= zrMoiB`*)|Xf=xO$DB=H^kM Date: Sun, 31 Oct 2021 14:11:37 +0500 Subject: [PATCH 019/335] Add files via upload --- .../images/uc_workspace_overview_blade.png | Bin 0 -> 16055 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/deployment/update/images/uc_workspace_overview_blade.png diff --git a/windows/deployment/update/images/uc_workspace_overview_blade.png b/windows/deployment/update/images/uc_workspace_overview_blade.png new file mode 100644 index 0000000000000000000000000000000000000000..18dce5e83156b5e8904ff9e72a54f69b39f943f2 GIT binary patch literal 16055 zcmeIZXH-;Om+wnX1x3z+H?Qrf6X2HNJou~goy+T3yVxc zU0ELs3)>M33rCR%2l!@XpdJJK!uHZvdw^9j1o;Vkz#*vbNMfE&A(2tVxm(noT{_HBr6V@;?jxyz z$P(|*VzLYCr#a`peWvBszt!ZP?=>A98}#>lnzr!&9XM2Te4KOs%|FxaS%NT%3KT7j zV){=v8R8Mklc5RHlfo3}9-Y&?>T8_6RJ>IXxA$ z;R<9N^S$g|$1J`j?t3Z@6@Eu3P{8-bzQDQyRq1BkDHsRK76HR48QeLnJQ%}?hw}R| z3BSH_%f6kBoJO&1`;J?%bw`u(uWL*Fdd(JUe%ohPwJ1Y~YyZiHL&nz)8gR4M*OMrZ zf}Zbf#|6)N(%m_uk5hjw$llFFvv*W@Th*5c7;%zm-DS(@L-~CX8u8H!8FVbm3TsN> zA!45H-FZH~KJl@hcl6p9moDOGNk52_)(lavY2SVxGb{!?E3 zMP9Jh(3lc5UdqxXZezt=+IPbk1#w1=<_M|P zAl!hSqWcawbCF8!rU9ZfE17yN!ZC2_=^&2Nq4vHCqlco2HFNzUz10jV22B2#4~9$v z^@X7w*bJC8KL7UQ_+OTfXS=1VuC#S2SK6TBizQ<_Q}%a1_=9ra_Jd*z{jS?8_#Uck zaP)Fn*)3kGF?r2&FPXuSa9@miqxQ~rk7PJ^Ldy?-)Yp^5y#zQ~I`P08wUl~Tzb8B<8ljeRgh;!95$kLTz7V(jYsOl6aOBEgntq-?q z-|LT^YWgr`%J!-u1no&iiT=s0xA^)stX4p2)9%qUj-@zKNJl=J;G!AAE9^XnduS_4%7SWK2v;HoN293jyN*e;XY*pZfApjC&!0v;3zt{bcPs zBej_NdscId8xJYp>hI!3cQw;uX6#G?;#{ni1V~g;Icy_EW-`nyDBWY0cFQ_UDuo5a zO?dM)6Zx!_3qf0~Gd?QCF%9{}4srY2hg*^oDMC!HT=@o2^>1F~k{QIsno5qV%)}IS zf)2iwnjHu`jb5P}qwk3> zQc>1i9Uaw(op%MB*uMgzhVSnZ_iBYib}|?w{C_ut>QIYUKkrDug;9h~-4cH9b+TCl34Bd}YvK>3WWT z;y*gsVuaA7-5u7vGe_y}T2tQqoVl}UgJo72AzIGK5OEfehCUg>xE<)AUV`l+J(P2~ zU6AzM>rdbTChz6qv*D(#x0NVifeOE2|4E-sx6d3@Z-mpFa8jl$w7N9;j}+{g}IVdMaXgg>vO$YLbl(YH%UgnGsfydh1>PrJ_;+YFm2g;0oM`| zJ0B>z_;xWt*-wVtJI`NX5o+h$Q8gJ2TCILZzQ{2qhVJTY`@s+z&XwhJD@yCH^AGve zIeO@8u3|#E^e-mPmQ>=7FE4!F`@|YchP>9B3hU_AuWqBFcI#rJN2kHdN#N%Mym!F=@17W`zjkgLAfW>rDC(0LjaMfFR}4wZ4?!cG|Cejl z6rkW+GJfs&^kNCZ?*8-hb#C)%VQ9oXTX4j3IP1mj)O@EbS^w+HV-B448e0Z2wCkN3 z0f_(ccBHg2MuA!p>PPi1jKQ`JVN4Hxs7eEliHzVtCkUIOwLsCg1R5ebbs=c2NF-gN z8+ITKll*eXaGtOOAJPd!5wH}Zk0rr&=Sr>{;Uvu3VGT#}{O9M#!Q|!ydRt+d!D$_> zk9S+K90qC;N!;MO_{tG2*Z4xVsG$HNwSf8%qmzYYA%}*62G~v`mF)A76Y|p&!Oa9D ziPwIYVl|c?^rFjpzz{)>2~pT!J>R=AGy(V-A^;Em@KO6A_TtVteQ>VL-_~shw5)+! z-SFmq|Bp1Hn;jm&B&W8T4_Qhb%dgl1W}GlHjV}bR^DKfXK^Nqw45B^`m$BgrJO{d- z3j7z(4$)faQWW4`Wf~&cz!TOzVFwey_r+88VkH`|ya$6QEpYC)DOTSzTtx@Kkg{{Kdb)Dl=H>@&Pwgl7q_8AFdr%C4tPUm1lk+fNN|kwgbs+A6iJZC~&H zR?UtU=bn>^8g9%{5ok*g*?i_3iEBz`DU*q2*b)s=v8NuUbY-XBsK#-cNgZKX>(t|_ z2WGB*beHM6g>G<9MyOZ%p=v~t->u|ME(Q1Hgv;8+L4tAd9|)-bG`s&cGl!Nf4o23A zY5!%xz!}mUgZ0h%8%pLHR)znCvU(nE%+UbG%7DbEyLPnmU5thZe>>CW$Rgy&>ZY`o zdz8^YL@mUr-G!fIAdx=$m08rn;e5*}#pQ=2v>3A!BjQKaB=zvYqUc{HVR^zC!Sp$k8<=Vr1XM1)6>qc;*_)>Ter&uy-)4R~`C>v$C2 zRPjJ5z!sSCSn?lt@x336M85RleMHfmK@=p_jiPc_&uDhJ@zeLt+NCP;P_(fl^fE$Q zqh7muct)8%VP|lk_W9KnOFcp* z6U|_&MSOtGi(MXK1CPMH4kx5-rzUFg7e*tfHgFBYN=AvIh0%tiL_O|5&i}YcWR@@7 zrElx7u9=NuTE#Jfx=PGHDlo$WMGrbKJEww#457(hgG%=eVEwL24htVNPimT3V_(3v zVGFH6ii&8~^X|_WnVJh4YKqwAm=DFbqZi*Q8P;SK4d`WLP#cwuNQ27F^cgjxoSPIF zUmM^>VPbSWT4x(vFOCvtlrab^_4LD3Cb|BoGD6 z6Pnbjsa^Aa>n5HMm&RK=#BPw$(5Eh@{3v(&!)+0Ri1sOxx?<)9CMyi0>rotd=xvMD z(q>`Hm<@ZkJ=5fzD@%vcq&TQtCT`EaZ2fud6ZM)@&0m&-sl3hIi(GKyvhNsH)DjZ&O{qL?D3~YSm8TJEw!(s zBPxW%eHz?q_)gX7DE3-UBDj=!&4_;XM4>g&Qi$!(aKpGLzqmGrt}VZG%+08r@G)Fl ze5SrV^G6X*a6ZRO%Fgo#5{t3n=H<){5UTJ!3{3PLWB3PR!g=Au{BALyuRRLSm&D_% z=sgZQFp+s6Ing&fKYUD<6m-mQ6&f~Wfs~AzT<8#JJ9P9Ib; zyMkS8t+cqAd3=llNl=$V2i=t$soyiYH)H{B@1u3f#;5bLt1g4rP**7GIBmoYP8s*z zc}sa#I|EW{HY0%lp;=-mg?hQx*aE{vbYNQ+?4*@~{Bd@3j^%DfE3t-VeA5u)YFoT} zFCn2>Ou3KU8FevrFEgrFOelvUJHbyW--*N|OO{Myu*BHLm}!h=;zNaI_#wa66MF(IUh7aJU1#UzRmqBb9J%{ByI zdbXn2%bWQ>Sn(sGMpDhd5kD{5jB?XTy4jt8Slnma2SJM1t8cfue>HrUb?2>3a#0^q zAVT$PEm>+TS3q-MahRJb=^s!r1-ShM{U6zYrjDIk`w85TFj>OZZ!ZU|1tp_1Le6;{ z(4x6qDx5=My^d`RswVNhHZ2Ve7mhLg(==vMTw{0ImS}{*N)b9t9YrK!l>E=E-v~uV zp#qGr12s`3tNaKS+L_F>38r_}Y4r~nGP0PyHguL`E!E9d@6O-1`2ce*vBn0~XfAED zI#QEX&!TKnK~|WmSy!b5Pi%gOM5fyZJ%P5rV#R)QZmU(ztgGzN7(x}A$0XR4Eb1ze zd2hDZ;Jr?cjK*(<%NLKqEYhhWe|@{Rw^-S za@ELtedK<9wDLw5MVdM2pn3GoYnVmK6K|p5?^sa-n{lmkHcf|Z1^%*%1ODD`=b}#x z_OrRZKHqb1TPzgF9ITs>_yU7m&ILoyk#1G%Eqka5`<4CRt%1)*(siFXv`8<9izUDsHzy=@ z;Zj~sVZIezZ7AYvO~aMoRQ$j>jaZ0g^rLNMg(ls)+r3DlCG*J;r z?bC!B%LQbZx+ZQToRH&JB;)|aF(?{N7$Lqalg4w8snPGDwU$z{b_EH3zr*x|iA21z z{9{}Cy~lB-3AC?DJXFEJDs)teEVuxy4P7|fm4>&TeXA_0Hs`{GBo*N2QZlehn~Ww; z(LTkeo8Gk*WlFLX!JExYeC6t^oxK*Pq%V$QW2J%ls?Qxf7Z0(ugyJIuVU*0Fb1BXrk{Ye4&AbUurGPtO)t=N zl5i5V^Et@B=a0pHH2GETdxOLTV3o`=HSUqi_vxnBwPNnIzQlCHEDq-+ufDfl$P~?5 z(SbAF?1HaWDokugCP|xf7u)%nvo^{t+(Q`urPcZf=@q| zNB<~+_jeU=FAH8A7F=s3_?^Ud3J)!w?l8ajG-nMsIz+4%Cwek_eWnm6Soqi}IErDa^^x_;3$2d^bEP@^k242Uy&gn20%V+1Dijlm|lA>*BEWaI#S_fEE%T zr(0J&9lHjDckxwDmW{e-rGiOKPNOszh<=}puvVUVJ(^98TxMPl9wX2>^O_V`X6@d0 z*Ec0=KARs8T4sF**1F}$Y*95;=ZT%^f&1Punbd5k)Z$$AD&tEK_SV#JpcE>bJnB8^ zrGwh^_*7~nZVC3iwl(IH_e*{p=fM(nho(|PP}tF+=}K}RH9vH2?OssBQTF@X)`Q=F z(36*Ik@TBShhDVom!#J1NGOY28Bl}e?kjJ;OiX4g51y_-R$=I#L7?Yr_dL~CiRmD2 z`*iX?=ehDPk22)XR@^U-z-G&QmVsZ@+^@~f%DgdddCqO9i>~%Rk4##1+qb*U)s_vS zGJftVBV(4|&P#*Us7ngfXrVMbcSJ+KYH4=%<7IgI5pUTm$16YWi`8aiH85Vn`KrD0_I{^l!wqMTetaX&O8oa5}VI&AFq( z3Z4#eAWiFZt8sc#2jvf`rSH zQl=^=Igdq%O>}!7u9ThN*vJ+Y7~ct@f>wX(xd~$+U>|zhYgE{uR8*yNgcdWtHZpN3 zRD;?CZEo$^qRPZ;NKw^viC=2SFL&K;97Vx)KwLVu(s5$0;^^fT*YCl7EA0+A5Mn$s z4@l0GZIsnRf#`7xe$h{bV?7;Ej(|hJs0$0!MSv7=)X8Ni=YlPLigqiwCf_|%yz$!q zI^d8sz^eY{>M^P%d4R^wj#=yY$CtjwcAhShb@IF>HxLOlk--uRB7XelROCQ}P%g_T zS&l0*=_vz;M@*RyKae;fELBYeEvMxD5BmFHhT1`pd@G14Sfj-a+tv5xHX1DZN67d) zaQshh%c&CIaO(=(yZ3vcHF!8jHi^kr3%d)O%H!f>w?HjPqQm3YL@}=INVWSy3oE0o z7S=~Bj}T>kK|$90zGak&wMau4bfh(2!ATa~NtB6;be&MB+jGd+&vGJB`?gw( zvITm`oF0GkXANlj=tATHoiW59{9cYSuo^jsF%F&%Ohha1dcM}CPyLO;OHMQpY3mR`LNNaI1q-CYE3jM zZPcfZal%GF5sf!EDBETEY_H{|D=|o}iyF{@^I6Ebe+Mzu@xLhd75zE4 z^p)GOqt6S+i169#8s#sP9?%eAdW)adytn_H823aV$wd?OHvMkybWTO8`DlZ~M8<5l zGvtA7S5~gpzG!0o`6rJrF4o#TBypQClwG#Q^NsrN#QyzW4;V0|sF*6vjE>3+qL0L^ z=rE5v9+6nY&SSbteXB(z<+r21a)OiOELO?0ge^cBoaT*Ei$LIG_Cvh`pfrpXCyoO?0PUI+|DgdJom|(a(y4CJAe&Pc_J#)_O*kyYOj}WmRuh zpdkzy%U=gidnY0|e(M;G3#-mE(G6?B_eXvS!1g{$T5=DY$hhLAPMz zMW6il!=ETwZX+n1(PL*(@cHRPZu3P){L7Qf4Ft2?g$IG*s=%J1)6WF1)9aD#jn=N?0lVnWa{WAG z-#61Fp0{3MWmGntP|4{$5QGg;&K~}}kAT^{L>6pcmbN-XJlH>5_yQkv`EiU*`d)02 z_KNnYc~8Z&pdbp{cl@q8@kK>NneHv8k@OahbGTJ722rX+%^wHgtbhRBP*L)mouO_v zHPN8p-M5uNWRzLK61yiMYncmI0utDT5h^Exf(} zPVn2#lQ)lY{L48`3|2s1J+K-jf4?QaPx)*=@%xMX)5bq78QQnMwBu@0n_!dkJR(F( zJ(6-A%ax8MXZ`WTi@Vl#y24!BQGA>x@q`-z|MqJBH*WABW+#T3eaVasmJ`sTI&)4_ zwU*0|uQMN+#k=SANeDS{wF7k9Ek&mVLw-6fA#+(*C;~rs{4qE%wZK{UqwxH|wSyac znU~(mts300$fMLci;eG;Uy4M*HfF}#Ef}wKWfl{UHA$%)uCdhD+uu#IJ^tGSIL_n;oh zTYky89s?bgWu$s!LP{N@`zMdW8o#xMPH7?VU(p$Vx+-s-(a!cLc;1hf+JOxdkUNVt z&BKq`ubdcrR1- z+7okKikZ7wwp{GaHZ)!_BF4!3`~d&$6~-<;Do-V)uof8~+YwRh((-Aawnt6k;7L_p zJxCumJDA+E3~w0QpUa@f(Fa2+xX)nqGWfd>l_0d<)v%F5T|{mG)TC}Zwhw)rxZmOD zbTA3$V|**LX?#LQ&pGBO7YA@ zRhMtV<@E5r?l{4F+e;g)%3T!Rd}UwtrnRnAQ1)3NCmxGE&MlKllO!43YYsQ?F;(Rl zRGugyK(xTD2zShFtkCfx@2UAez> z&)$UBS8;FJTAMD(#l0VbPFHX=M;`jiB;m~LkpkmnuG{9K0!4*9Xi$=VF-3CP{%(uR8l zybh&^x8!PrX5n6Z#75LvUL_$&OJJ|5Spk1Xc|?o=cp6~=AI*0fV|m%CVEkA>B-9fB zAJ>#dEU$chqp7KRe*9;l=Gib%SYU92lo0u#i;dBO1XvazXSXqUZ_R)HqlRXn4&hgT z+@|dB@4r!`B9;$+jzYk0x zt8d9~Q>Lt@%isJO<%dKKq`_e49f-C{pH&BY9U7W7@83bE(&p4!cqWlb1vBuc?V(N; z>RNn)%1RAsgsF`Cw#9hkQ47)somc^{VxzZn5n{ zKPrW3W#Ys!FOt^1P4DUlCbYcom&{}`sm;{sd#y!cI}4JYp5i`(Pls`7Og|s;a@g+F zBe4Hg{OvMs1f%fWQDvnQ@%1}vV7{2iX3B_19EzO>Y>-0po=tA&K_AKLp2_r+G?Vr6 zcqt*Vo;R8M*+^<|-X+<1Xl$khc*&!upx7%+yYhP_MtZ-{Ctq1Q*W(ksD*|PESh7;% zvKZN=W%Q*9q3a?Yr;q#0wb@4x+9!_KPje#aY3f|=QgR%485wEoc|(2O9l}y{iTF1Q z_eJ2(?RbmN)b5*n0&^bU4<#W|ueRkyBYq?WEzxz2`hU&*v3uDp?j)2&JhSx8ZZ06y=*lMY90_YKdvjlyd>san|fX0@- z;OerH%U%#Qu2FtKAN`)MY(AR903wi(16~9coqXZRPXk?1qV=5=4%mSUKT!Yhv8{D2 zkk#)xfz>)dC)7egyrdRD9<6;mY|Vw|LcNyPp$dy%m%MUY<8wXQbaLe`Z=hG^^@dmS zY0(ovaYAQN1Ehx&P9C($b^^V@Wn6i&z~jl*;FS$wKqCtuW&tU@y`eKkPRJeBvl(qa z($MgA@D;^z$F!N}bo#c#9~qGw?Fz624mci-Knu;B%`@JdL@+yuQ0i&x@#TWwVmn{u zOV$g4cSsO{^9>xWy)Uo2ln=@$jwDwjXO$X@coNbA0GZcuwq-eN;=h{Ii0B zNELyM+RpUAA;{|No?z&Es;^nRbsIzl)!>qhDL)m}#*E~k!UIJwa{b%p z#|4Ge5!%9Vfa?lp`1dDnp}*1|t86AMmaJXB1U@?}quFZNkFUJW?$?JPdwV{x++Rq$I&o`Z_`qcKq~&qw!r>}qW|Y%_ zva&YZ2CT=$=k>W8BBSm2~#pw=Yh_WERNdgn8NGv}j9 zMf2U4+KM_RPd0KX!Sr;2M@zIp#*c1~Nk7q?41APw5_Bk7_ROM2C#sa-=1KT6#I&6* z_L&iLijFeUgQHK8e#vi@4iAQ?gzziPXB_;$!B9vJ2`QD&r!_U!L^SV=fzTQ3gbn~9 z1~4J*-z3zUHC-0XJBcOA27waHkbRRCdd?LFW!EnF{Q)Faa3&PmX)ogrLlgukrw$PD zM2qS_pB1a~$sXm7yUhrcS4sIjrZ4j$a}<%vw=%|V&tYr~kn)QZv{igpyU}yo9h|Xx zj{pAG6S!)Ik3lJu)mcaA_coS1H=1MWu2Lukeb3Di?Wwc)jCG%l%f79Sf=&5dz* zS9Lw!+Fhw5)g`7>$j@R5j#apM3#7@}PvhDsgt6LH?0lgT^SPt!jd`Q*ar9E%j1*(Fv0p(@}Z;tS8>GaT{fLB>FgO60Kz8z#FCowtjQ>gS3L8p^^cy_Xfw%*++zN;?nMTpRp9mI{UyL zqCYgoRM=Up*rZa1TZ^bIiHYFIzVJk|fi&GA{x5%fL^=u79NvIW0nD`U9=@$ZX|4oB z(l|JqVO=3RR4;Z?ML9zqcKb8*QcQ5kK0>D{&2g1vnSx)dSuE$57^sXCEnThzWqCDe zNM9*T6hUDEJ9qNpDAfmlG!>*3KiF@ujS`FClelTmJ{ zu7gMpq_0MtOJ&tpS^B`XdqnZf@s!901Vr-A=#K;y_PLR-wQ!o~Vwz)FZRF}FQp!Z5 zxG17w?gV!DVZL?~1IrUrMaljVPu(t0hBVcD{7A%VHgDCIiD0%U2D3jzBe!KRT~LZF=6p$ic7 z2=CR~9%pNxZ_QQ)9J-`Zo#@JZq4Bq+9%k`7^V`6v&4?!{h}XF<1pWRr4W0&e{De7f z<5iuob^oo%0jgAJ0juGDEN&mpb;fbv;-zFz#I6)RAgp~DyXiehjmIC@*nV4{Kl=ZG z;O?K>e}Q1X<*{l<)Wz9RhR?`+hNuiw*xW$3ZAV}IO;PL1Y;6LIX*&gxN36q?7vf%* zIEbKr&BbCo582F}*l@XAv$e~o>bt4$7Pdmd#6~Bz44?~G9FXaoZc-lLD1{9@W@PAruEQqU@%H#}8f%Hfgo>e)ugUVYNDTbid1L<>&` zSBof%w~-R7O}Exm>CM|ONi#99O^ga!P~f`xrpS8X84%y!r$R?Qy9aeA4c&DUD+_|cqnTpNaN<>jpxiD5E^bH0we zWcFVacOP;;(ZsbC46NYQQ4>=k=Ig?PX5Agq_hGwpS%k;_v6evWrBX!0iZ`IFJ!$`# z7lRvZ23>ZrEe3=n>Wlj>|bZSkn&77~H_mKafo)BMysB$ntfo23_3PKbnpC*o}f zK*?&T=|fY_ZCZ-YpoS{Ui1H)KBk+PRq@!XZ{3>*nrbzHZxH&K{aC2V$CsCg&2p#Dp zG<12+I92|BEg&Y&}8> z4ioJ*rwx}el(8c1=z&dj@!7@8ZLr>b-;-p;U*_}4PesVW>6#zbcStb=ymN4nPF0>_ zp8Sr;X=iX8L8%kGhtC0C}4* z6<@_z3Y@xdriv&QVRc0`fxP z$$!;o8AA^mnX3-GuGp+5LU;erk2&Szs-Jd7PwR-OOuf`~##DN??c|711>=XOJeiWJ zM3RitfJ;=z8U8ex{Jwkqt<4-U7WLqz;fxE=wKg2o(LKr46lm)3**%J~5hqg*5_V zMTP##@3i2uns%<~80F$(QlE$jx1$@yt>fLNj72&L1G;ZK<6ENEn3Tjv19ne0`})IR z^#l^3RJDaUE}_Eg6i&@z6!f~>M_fSpVu8^k%6Ik$-^QlSDV}x+h|;3CATz?NLrTe} zW|=&v$|<)9nKchFg@I|#Xw0`fNA&IJ9&-VkjD{84+p68&oQ9B72<@9sdxpuB(v(G` z>z}NM0`Lu3D0`?>mtLtOd6J7i_9}A0(<$^QzS@hcE;TiguRa7`0VwANyK+2ltVgcc z5(O}E$bti*Yh#ezIe>`VzShjYESXZ--8FTi!AT1DD5P8o-kwsKl6#~1&<%-{7|GLMUY#{AQ|9FsyB6(VZ|V0wY%Kr zCSOjVAdNp9x}UJ?X|4ghskG8G} ZUF6sb^2TvFfS1j&G*onyD;`*d{Wl8Cisk?S literal 0 HcmV?d00001 From 85385c7f46ed9831b6c0348feba4c962cff10bea Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 1 Nov 2021 10:11:02 +0530 Subject: [PATCH 020/335] Delete settings.json --- .vscode/settings.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index ed9462b7e6..0000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "markdownlint.config": { - "MD028": false, - "MD025": { - "front_matter_title": "" - } - } -} \ No newline at end of file From 140125f846549ffe91d0376674e1908563b2c424 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Nov 2021 12:12:06 +0530 Subject: [PATCH 021/335] deleted redirected files --- .../mdm/cm-proxyentries-csp.md | 184 ------ .../mdm/deviceinstanceservice-csp.md | 139 ----- ...dded-8-1-handheld-devices-to-windows-10.md | 534 ------------------ 3 files changed, 857 deletions(-) delete mode 100644 windows/client-management/mdm/cm-proxyentries-csp.md delete mode 100644 windows/client-management/mdm/deviceinstanceservice-csp.md delete mode 100644 windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md deleted file mode 100644 index 97f580f139..0000000000 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ /dev/null @@ -1,184 +0,0 @@ ---- -title: CM\_ProxyEntries CSP -description: Learn how the CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device. -ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# CM\_ProxyEntries CSP - - -The CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device. - -> [!NOTE] -> CM\_ProxyEntries CSP is only supported in Windows 10 Mobile. - -> [!IMPORTANT] -> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - - - -The following shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607. - -``` -./Vendor/MSFT -CM_ProxyEntries -----Entry ---------ConnectionName ---------BypassLocal ---------Enable ---------Exception ---------Password ---------Port ---------Server ---------Type ---------Username - - -./Device/Vendor/MSFT -Root - - -./Vendor/MSFT -./Device/Vendor/MSFT -CM_ProxyEntries -----Entry ---------ConnectionName ---------BypassLocal ---------Enable ---------Exception ---------Password ---------Port ---------Server ---------Type ---------Username -``` -**entryname** -Defines the name of the connection proxy. - -Each cellular entry can have only one proxy entry. For example, an Internet connection can have no more than one HTTP proxy specified but it might also have a WAP proxy. If two applications need access to the same APN but one application needs a proxy and the other application cannot have a proxy, two entries can be created with different names for the same APN. - -**ConnectionName** -Specifies the name of the connection the proxy is associated with. This is the APN name of a connection configured using the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md). - -**BypassLocal** -Specifies if the proxy should be bypassed when local hosts are accessed by the device. - -A value of "0" specifies that the proxy bypass for local hosts is disabled. A value of "1" specifies that the proxy bypass for local hosts is enabled. - -**Enable** -Specifies if the proxy is enabled. - -A value of "0" specifies that the proxy is disabled. A value of "1" specifies that the proxy is enabled. - -**Exception** -Specifies a list of external hosts which should bypass the proxy when accessed. - -The exception list is a semi-colon delimited list of host names. For example, to bypass the proxy when either MSN or Yahoo is accessed, the value for the Exception list would be "www.msn.com;www.yahoo.com". - -**Password** -Specifies the password used to connect to the proxy. - -Passwords are only required for WAP and SOCKS proxies and are not used for HTTP proxies. Queries of this parameter return a string composed of asterisks (\*). - -When setting the password, passing in the same string causes the new password to be ignored and does not change the existing password. - -**Port** -Specifies the port number of the proxy server. - -**Server** -Specifies the name of the proxy server. - -**Type** -Specifies the type of proxy connection for this entry. - -The following list enumerates the values allowed for the Type parameter. - -- "0" = Null proxy - -- "1" = HTTP proxy - -- "2" = WAP proxy - -- "4" = SOCKS4 proxy - -- "5" = SOCKS5 proxy - -The Null proxy can be used to allow Connection Manager to treat one network as a super set of another network by creating a null proxy from one network to the other. - -**UserName** -Specifies the username used to connect to the proxy. - -## Additional information - - -To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection. - -```xml - - - - - - - - -``` - -## Microsoft Custom Elements - - -The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - - ---- - - - - - - - - - - - - - - - - - - - - -
ElementAvailable

Parm-query

Yes

No characteristic

Yes

Characteristic-query

Yes

-

Recursive query: Yes

-

Top-level query: Yes

- - - -## Related topics - - -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - - diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md deleted file mode 100644 index e3e30bf041..0000000000 --- a/windows/client-management/mdm/deviceinstanceservice-csp.md +++ /dev/null @@ -1,139 +0,0 @@ ---- -title: DeviceInstanceService CSP -description: Learn how the DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise. -ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# DeviceInstanceService CSP - - -The DeviceInstanceService configuration service provider provides some device inventory information that could be useful for an enterprise. Additionally, this CSP supports querying two different phone numbers in the case of dual SIM. The URIs for SIM 1 and SIM 2 are ./Vendor/MSFT/DeviceInstanceService/Identity/Identity1 and ./Vendor/MSFT/DeviceInstanceService/Identity/Identity2 respectively. - -> **Note**   -Stop using DeviceInstanceService CSP and use the updated [DeviceStatus CSP](devicestatus-csp.md) instead. - -The DeviceInstance CSP is only supported in Windows 10 Mobile. - - - -The following shows the DeviceInstanceService configuration service provider in tree format. - -```console -./Vendor/MSFT -DeviceInstanceService -------------Roaming -------------PhoneNumber -------------IMEI -------------IMSI -------------Identity ----------------Identity1 -------------------Roaming -------------------PhoneNumber -------------------IMEI -------------------IMSI ----------------Identity2 -------------------PhoneNumber -------------------IMEI -------------------IMSI -------------------Roaming -``` - -**Roaming** -A boolean value that specifies the roaming status of the device. In dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/Roaming is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/Roaming. - -Supported operation is **Get**. - -Returns **True** if the device is roaming; otherwise **False**. - -**PhoneNumber** -A string that represents the phone number of the device. In dual SIM mode, when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/PhoneNumber is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/PhoneNumber. - -Value type is chr. - -Supported operation is **Get**. - -**IMEI** -A string the represents the International Mobile Station Equipment Identity (IMEI) of the device. In dual SIM mode, when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/IMEI is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/IMEI. - -Value type is chr. - -Supported operation is **Get**. - -**IMSI** -A string that represents the first six digits of device IMSI number (Mobile Country/region Code, Mobile Network Code) of the device. In dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/IMSI is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/IMSI. - -Value type is chr. - -Supported operation is **Get**. - -**Identity** -The parent node to group per SIM-specific information in dual SIM mode. - -**Identity1** -The parent node to group SIM1 specific information in dual SIM mode. - -**Identity2** -The parent node to group SIM2 specific information in dual SIM mode. - -## Examples - - -The following sample shows how to query roaming status and phone number on the device. - -```xml - - 2 - - - ./Vendor/MSFT/DeviceInstanceService/Roaming - - - - - ./Vendor/MSFT/DeviceInstanceService/PhoneNumber - - - -``` - -Response from the phone. - -```xml - - 3 - 1 - 2 - - ./Vendor/MSFT/DeviceInstanceService/Roaming - bool - false - - - ./Vendor/MSFT/DeviceInstanceService/PhoneNumber - +14254458055 - - -``` - -## Related topics - - -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - - diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md deleted file mode 100644 index 9bc5d3ad58..0000000000 --- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md +++ /dev/null @@ -1,534 +0,0 @@ ---- -title: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices -description: Overview of how to enable offline updates using Microsoft Endpoint Configuration Manager. -ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices - - -Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. There are also situations where network restrictions or other enterprise policies require that devices download updates from an internal location. This article describes how to enable offline updates using Microsoft Endpoint Configuration Manager. - -The following table describes the update path to Windows 10 Mobile. - - ---- - - - - - - - - - - - - - - - - - - - - -
Starting SKUUpgrade to Windows 10 Mobile

Windows Mobile 6.5

No

Windows Phone 8

No

Windows Phone 8.1

Yes

- -  -To configure the mobile device management (MDM) service provider and enable mobile devices to download updates from a predefined internal location, an IT administrator or device administrator must perform a series of manual and automated steps: - -1. Prepare a test device that can connect to the Internet to download the released update packages. -2. After the updates are downloaded and before pressing the install button, retrieve an XML file on the device that contains all the metadata about each update package. -3. Check the status code in the XML file. -4. Check for registry dependencies. -5. Using a script that we provide, parse the XML file to extract download URLs for the update packages. -6. Download the update packages using the download URLs. -7. Place the downloaded packages on an internal share that is accessible to devices you are updating. -8. Create two additional XML files that define the specific updates to download and the specific locations from which to download the updates, and deploy them onto the production device. -9. Start the update process from the devices. - -As a part of the update process, Windows runs data migrators to bring forward configured settings and data on the device. For instance, if the device was configured with a maintenance time or other update policy in Windows Embedded 8.1 Handheld, these settings are automatically migrated to Windows 10 as part of the update process. If the handheld device was configured for assigned access lockdown, then this configuration is also migrated to Windows 10 as part of the update process. This includes ProductId and AumId conversion for all internal apps (including buttonremapping apps). - -Be aware that the migrators do not take care of the following: - -- Third-party apps provided by OEMs. -- Deprecated first-party apps, such as Bing News. -- Deprecated system or application settings, such as Microsoft.Game and Microsoft.IE. - -In the event of an Enterprise Reset, these migrated settings are automatically persisted. - -After the upgrade to Windows 10 is complete, if you decide to push down a new wehlockdown.xml, you need to take the following steps to ensure that the updated settings are persisted through an Enterprise Reset: - -1. Delete the TPK\*ppkg and push down a new ppkg with your new configuration to the persistent folder. -2. Push down a new ppkg with your new configuration with higher priority. (Be aware that in ICD, Owner=Microsoft, Rank=0 is the lowest priority, and vice versa. With this step, the old assigned access lockdown configuration is overwritten.) - -**Requirements:** - -- The test device must be same as the other production devices that are receiving the updates. -- The test device must be enrolled with Microsoft Endpoint Configuration Manager. -- The test device must be connected to the Internet. -- The test device must have an SD card with at least 0.5 GB of free space. -- Ensure that the settings app and PhoneUpdate applet are available through Assigned Access. - -The following diagram shows a high-level overview of the process. - -![update process for windows embedded 8.1 devices.](images/windowsembedded-update.png) - -## Step 1: Prepare a test device to download updates from Microsoft Update - - -Define the baseline update set that you want to apply to other devices. Use a device that is running the most recent image as the test device. - -Trigger the device to check for updates either manually or using Microsoft Endpoint Configuration Manager. - -**Check for updates manually** - -1. On the device, go to **Settings** > **Phone updates** > **Check for updates**. -2. Sync the device, go to **Settings** > **Workplace** > **Enrolled**, and then select the refresh icon. Repeat as needed. -3. Follow the prompts to download the updates, but do not select the **Install** button. - -> [!NOTE] -> There is a bug in all OS versions up to GDR2 where the Cloud Solution Provider (CSP) does not set the assigned value. There is no way to change or set this until GDR2 is deployed onto the device. - - -**Check for updates by using Microsoft Endpoint Configuration Manager** - -1. Remotely trigger a scan of the test device by deploying a Trigger Scan configuration baseline. - - ![device scan using Configuration Manager](images/windowsembedded-update2.png) - -2. Set the value of this OMA-URI by going to **Configuration Item**, and then selecting the newly created Trigger Scan settings from the previous step. - - ![Configuration Manager enabling device scan](images/windowsembedded-update3.png) - -3. Ensure that the value that is specified for this URI is greater than the value on the device(s), and that the **Remediate noncompliant rules when supported** option is selected. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value. - - ![device scan through Configuration Manager](images/windowsembedded-update4.png) - -4. Create a configuration baseline for Trigger Scan and Deploy. We recommend that this configuration baseline be deployed after the Controlled Updates baseline has been applied to the device. (The corresponding files are deployed on the device through a device sync session.) -5. Follow the prompts for downloading the updates, but do not install the updates on the device. - - -## Step 2: Retrieve the device update report XML from the device - -After updates are downloaded (but not installed on the device), the process generates an XML file that contains information about the packages it downloaded. You must retrieve this XML file. - -There are two ways to retrieve this file from the device; one pre-GDR1 and one post-GDR1. - -**Pre-GDR1: Parse a compliance log from the device in ConfigMgr** - -1. Use ConfigMgr to create a configuration item to look at the registry entry ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/ApprovedUpdatesXml. - - > [!NOTE] - > In Microsoft Endpoint Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml, but the process still completes even if the file is large. - - If the XML file is greater than 32 KB, you can also use ./Vendor/MSFT/FileSystem/<*filename*>. -2. Set a baseline for this configuration item with a “dummy” value (such as zzz), and ensure that you do not remediate it. - - The dummy value is not set; it is only used for comparison. -3. After the report XML is sent to the device, Microsoft Endpoint Manager displays a compliance log that contains the report information. The log can contain significant amount of data. -4. Parse this log for the report XML content. - -For a step-by-step walkthrough, see [Retrieve a device update report using Microsoft Endpoint Manager logs](#retrieve-a-device-update-report-using-microsoft-endpoint-manager-logs). - - -**Post-GDR1: Retrieve the report xml file using an SD card** - -1. Use ConfigMgr to create a configuration item to set a registry value for ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/CopyUpdateReportToSDCard. -2. The value that you define for this configuration item is defined by the relative path to the SD card, which includes the filename of the XML file (such as SDCardRoot\\Update\\DUReport.xml). -3. Remove the SD card from device and copy the XML file to your PC. - -## Step 3: Check the status code in the XML file -Make sure that the status code is set to 0000-0000 (success). - -## Step 4: Check for registry dependencies -Remove any registry dependencies in the XML file. - -## Step 5: Extract download URLs from the report XML - -Use the [example PowerShell script](#example-powershell-script) to extract the download URLs from the XML file or parse it manually. - -## Step 6: Retrieve update packages using download URLs - -Use a script or manually download each update package to a PC or an internal share. - -## Step 7: Place the update packages on an accessible share - -Put all the update packages into an internal share that is accessible to all the devices that need these updates. Ensure that the internal share can support multiple devices trying to access the updates at the same time. - -## Step 8: Create two XML files for production devices to select updates and download locations - -Here are the two files. - - ---- - - - - - - - - - - - - - - - - -
TermDescription

DUControlledUpdates.xml

This is the same file as the report XML retrieved in Step 2 with a different name. This file tells the device the specific update packages to download. See Appendix for example

-

DUCustomContentUris.xml

This file maps the update packages in DUControlledUpdates.xml to the internal share location.

- -  - -For a walkthrough of these steps, see [Deploy controlled updates](#deploy-controlled-updates). Ensure that the Trigger Scan configuration baseline has NOT been deployed. - - - -### Deploy controlled updates - -The deployment process has three parts: - -- Create a configuration item for DUControlledUpdates.xml. -- Create a configuration item for DUCustomContentURIs.xml. -- Create a configuration item for approved updates. - - - -**Create a configuration item for DUControlledUpdates.xml** - -1. Create a configuration item. In the **Browse Settings** window, select **Device File** as a filter, and then select **Select**. - - ![embedded device update](images/windowsembedded-update18.png) - -2. Browse to the DUControlledUpdates.xml that was created from the test device, and then specify the file path and name on the device as `NonPersistent\DUControlledUpdates.xml`. - - ![embedded updates related to a specific device](images/windowsembedded-update19.png) - -3. Select **Remediate noncompliant settings**, and then select **OK**. - - - -**Create a configuration item for DUCustomContentURIs.xml** - -1. Create a configuration item and specify the file path and name on the device as `NonPersistent\DUCustomContentURIs.xml` -2. Select **Remediate noncompliant settings**. - - ![embedded updates pertaining to a device](images/windowsembedded-update21.png) - -3. Select **OK**. - - - -**Create a configuration baseline for approved updates** - -1. Create a configuration baseline item and give it a name (such as ControlledUpdates). -2. Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then select **OK**. - - ![embedded updates of a specific device](images/windowsembedded-update22.png) - -3. Deploy the configuration baseline to the appropriate device or device collection. - - ![embedded updates regarding a specific device](images/windowsembedded-update23.png) - -4. Select **OK**. - -## Step 7: Trigger the other devices to scan, download, and install updates - -Now that the other "production" or "in-store" devices have the necessary information to download updates from an internal share, the devices are ready for updates. - -### Update unmanaged devices - -If the update policy of the device is not managed or restricted by Microsoft Endpoint Configuration Manager, an update process can be initiated on the device in one of the following ways: - -- A periodic scan that the device automatically performs. -- Manually through **Settings** > **Phone Update** > **Check for Updates**. - -### Update managed devices - -If the update policy of the device is managed or restricted by MDM, an update process can be initiated on the device in one of the following ways: - -- Trigger the device to scan for updates through Microsoft Endpoint Configuration Manager. - - Ensure that the trigger scan has successfully executed, and then remove the trigger scan configuration baseline. - - > [!NOTE] - > Ensure that the PhoneUpdateRestriction Policy is set to a value of 0 so that the device doesn't perform an automatic scan. - - -- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in Microsoft Endpoint Configuration Manager. - -After the updates are installed, the IT Admin can use the DUReport generated in the production devices to determine whether the device successfully installed the list of updates. If the device did not, error codes are provided in the DUReport.xml. To retrieve the device update report from a device, perform the same steps defined in [Step 2](#step2). - - -## Example PowerShell script - -```powershell -param ( -# [Parameter (Mandatory=$true, HelpMessage="Input File")] - [String]$inputFile, - -# [Parameter (Mandatory=$true, HelpMessage="Download Cache Location")] - [String]$downloadCache, - -# [Parameter (Mandatory=$true, HelpMessage="Local Cache URL")] - [String]$localCacheURL - ) - -#DownloadFiles Function -function DownloadFiles($inputFile, $downloadCache, $localCacheURL) -{ - $customContentURIFileCreationError = "Not able to create Custom Content URI File" -#Read the Input File - $report = [xml](Get-Content $inputFile) - -# this is where the document will be saved - $customContentURLFile = "$downloadCache\DUCustomContentUris.xml" - New-Item -Path $customContentURLFile -ItemType File -force -ErrorAction SilentlyContinue -ErrorVariable NewItemError > $null - if ($NewItemError -ne "") - { - PrintMessageAndExit $customContentURIFileCreationError - } - -# get an XMLTextWriter to create the XML - $XmlWriter = New-Object System.XMl.XmlTextWriter($customContentURLFile,$Null) - -# choose a pretty formatting: - $xmlWriter.Formatting = 'Indented' - $xmlWriter.Indentation = 1 - $XmlWriter.IndentChar = "`t" - -# write the header - $xmlWriter.WriteStartDocument() - $xmlWriter.WriteStartElement('CustomContentUrls') - foreach ($update in $report.UpdateData.coreUpdateMetadata.updateSet.update) - { - if (!$update.destinationFilePath -or !$update.contentUrl) - { - continue; - } - - $destFilePath = $update.destinationFilePath.Trim(); - $contentUrl = $update.contentUrl.Trim(); - - Write-Host "Pre-Processing Line: $destFilePath#$contentUrl" - if (($destFilePath -ne "") -and ($destFilePath.Contains("\")) -and ($contentUrl -ne "") -and ($contentUrl.Contains("/")) ) - { - $isBundle = $update.isBundle - $revisionId = $update.revisionId - $updateId = $update.updateId - $revisionNum = $update.revisionNum - - $fileName = $destFilePath.Substring($destFilePath.LastIndexOf("\") + 1); -#Write-Host "Processing Line: $destFilePath#$contentUrl" - if ($fileName -ne "") - { - $destination = $downloadCache + "\" + $fileName; - Try - { - $wc = New-Object System.Net.WebClient - $wc.DownloadFile($contentUrl, $destination) - Write-Host "Successfull Download: $contentUrl#$destination"; - - $XmlWriter.WriteStartElement('contentUrl') - $XmlWriter.WriteAttributeString('isBundle', $isBundle) - $XmlWriter.WriteAttributeString('revisionId', $revisionId) - $XmlWriter.WriteAttributeString('updateId', $updateId) - $XmlWriter.WriteAttributeString('revisionNum', $revisionNum) - $XmlWriter.WriteRaw($localCacheURL + $fileName) - $xmlWriter.WriteEndElement() - } - Catch [ArgumentNullException] - { - Write-Host "Content URL is null"; - } - Catch [WebException] - { - Write-Host "Invalid Content URL: $contentUrl"; - } - Catch - { - Write-Host "Exception in Download: $contentUrl"; - } - } - else - { - Write-Host "Ignored Input Line: $contentUrl" - } - } - else - { - Write-Host "Ignored Input Line: $contentUrl" - } - } - -# close the "CustomContentUrls" node - $xmlWriter.WriteEndElement() - -# finalize the document - $xmlWriter.WriteEndDocument() - $xmlWriter.Flush() - $xmlWriter.Close() - - Write-Host "Successfully Created Custom Content URL File: $customContentURLFile" -} - -#PrintMessage Function -function PrintMessageAndExit($ErrorMessage) -{ - Write-Host $ErrorMessage - exit 1 -} - -#PrintMessage Function -function PrintUsageAndExit() -{ - Write-Host "Usage: Download.ps1 -inputFile -downloadCache -localCacheURL " - exit 1 -} - -if (($inputFile -eq "") -or ($downloadCache -eq "") -or ($localCacheURL -eq "")) -{ - PrintUsageAndExit -} -if (!$localCacheURL.EndsWith("/")) -{ - $localCacheURL = $localCacheURL + "/"; -} -$inputFileErrorString = "Input File does not exist"; -$downloadCacheErrorString = "Download Cache does not exist"; -$downloadCacheAddError = "Access Denied in creating the Download Cache Folder"; -$downloadCacheRemoveError = "Not able to delete files from Download Cache" -$downloadCacheClearWarningString = "Download Cache not empty. Do you want to Clear"; - -#Check if Input File Exist -$inputFileExists = Test-Path $inputFile; -if(!$inputFileExists) -{ - PrintMessageAndExit($inputFileErrorString) -} - -#Check if Download Cache Exist -$downloadCacheExists = Test-Path $downloadCache; -if(!$downloadCacheExists) -{ - PrintMessageAndExit($downloadCacheErrorString) -} - -$downloadCacheFileCount = (Get-ChildItem $downloadCache).Length; -if ($downloadCacheFileCount -ne 0) -{ -#Clear the directory - Remove-Item $downloadCache -Recurse -Force -Confirm -ErrorVariable RemoveItemError -ErrorAction SilentlyContinue > $null - if ($RemoveItemError -ne "") - { - PrintMessageAndExit $downloadCacheRemoveError - } - - $childItem = Get-ChildItem $downloadCache -ErrorAction SilentlyContinue > $null - $downloadCacheFileCount = ($childItem).Length; - if ($downloadCacheFileCount -ne 0) - { - PrintMessageAndExit $downloadCacheRemoveError - } - -#Create a new directory - New-Item -Path $downloadCache -ItemType Directory -ErrorAction SilentlyContinue -ErrorVariable NewItemError > $null - if ($NewItemError -ne "") - { - PrintMessageAndExit $downloadCacheAddError - } -} - -DownloadFiles $inputFile $downloadCache $localCacheURL -``` - - -## Retrieve a device update report using Microsoft Endpoint Manager logs - -**For pre-GDR1 devices** -Use this procedure for pre-GDR1 devices: - -1. Trigger a device scan by going to **Settings** > **Phone Update** > **Check for Updates**. - - Since the DUReport settings have not been remedied, you should see a non-compliance. -2. In Microsoft Endpoint Configuration Manager, under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Items**. -3. Select **Create Configuration Item**. - - ![device update using Configuration Manager](images/windowsembedded-update5.png) -4. Enter a filename (such as GetDUReport), and then select **Mobile Device**. -5. On the **Mobile Device Settings** page, select **Configure Additional Settings that are not in the default settings group**, and then select **Next**. - - ![device update through Configuration Manager](images/windowsembedded-update6.png) -6. On the **Additional Settings** page, select **Add**. - - ![device update with help of Configuration Manager](images/windowsembedded-update7.png) -7. On the **Browse Settings** page, select **Create Setting**. - - ![device update.](images/windowsembedded-update8.png) -8. Enter a unique **Name**. For **Setting type**, select **OMA-URI**, and for **Data type**, select **String**. -9. In the **OMA-URI** text box, enter `./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml`, and then select **OK**. - - ![handheld device update.](images/windowsembedded-update9.png) -10. On the **Browse Settings** page, select **Close**. -11. On the **Create Configuration Item Wizard** page, select **All Windows Embedded 8.1 Handheld** as the supported platform, and then select **Next**. - - ![device update embedded](images/windowsembedded-update10.png) -12. Close the **Create Configuration Item Wizard** page. -13. Right-click on the newly create configuration item, and then select the **Compliance Rules** tab. -14. Select the new created mobile device setting (such as DUReport), and then select **Select**. -15. Enter a dummy value (such as zzz) that is different from the one on the device. - - ![device update which is embedded](images/windowsembedded-update11.png) -16. Disable remediation by deselecting the **Remediate noncompliant rules when supported** option. -17. Select **OK** to close the **Edit Rule** page. -18. Create a new configuration baseline. Under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Baselines**. -19. Select **Create Configuration Item**. - - ![device update that is embedded](images/windowsembedded-update12.png) -20. Enter a baseline name (such as RetrieveDUReport). -21. Add the configuration item that you just created. Select **Add**, and then select the configuration item that you just created (such as DUReport). - - ![device update - embedded](images/windowsembedded-update13.png) -22. Select **OK**, and then select **OK** again to complete the configuration baseline. -23. Deploy the newly created configuration baseline to the appropriate device collection. Right-click on the configuration baseline that you created, and then select **Deploy**. - - ![embedded updates related to a device](images/windowsembedded-update14.png) -24. Select **Remediate noncompliant rules when supported**. -25. Select the appropriate device collection and define the schedule. - - ![A device's update](images/windowsembedded-update15.png) -26. To view the DUReport content, select the appropriate deployment for the configuration baseline that you created. Right-click on the deployment, and then select **View Status**. -27. Select **Run Summarization**, and then select **Refresh**. The test device(s) should be listed on the **Non-Compliant** tab. -28. Under **Asset Details**, right-click on the test device, and then select **Mode Details**. - - ![device's update](images/windowsembedded-update16.png) -29. On the **Non-compliant** tab, you can see the DUReport, but you cannot retrieve the content from here. - - ![update specific to a device](images/windowsembedded-update17.png) -30. To retrieve the DUReport, open C:\\Program Files\\SMS\_CCM\\SMS\_DM.log. -31. In the log file, search from the bottom for "./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml" RuleExression="Equals zzz," where zzz is the dummy value. Just above this, copy the information for UpdateData and use this information to create the DUControlledUpdates.xml. - -  - - - - - From 0009e2903f70093a78f888349c1dff9277930aee Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 11 Nov 2021 09:36:56 +0530 Subject: [PATCH 022/335] Update data-structures-windows-store-for-business.md --- .../mdm/data-structures-windows-store-for-business.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 15eed34d0a..ef58d974e0 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -7,7 +7,6 @@ MS-HAID: ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B ms.reviewer: manager: dansimp -description: Learn about data structures for Microsoft Store for Business. ms.author: dansimp ms.topic: article ms.prod: w10 From 068fc1632558cc82a332f3004da4fbcafae57bc3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Nov 2021 22:39:27 +0530 Subject: [PATCH 023/335] added windows 11 after reading this article, i found windows 11 is missing, so i added it in to this article. I need help from @JohanFreelancer9 for his assistance --- ...lization-based-protection-of-code-integrity.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index ea7806d09a..1af50efd7d 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -19,8 +19,9 @@ ms.technology: windows-sec **Applies to** - Windows 10 +- Windows 11 -This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. +This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10 and Windows 11. Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a blue screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. @@ -34,9 +35,9 @@ If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. * HVCI also ensures that your other trusted processes, like Credential Guard, have got a valid certificate. * Modern device drivers must also have an EV (Extended Validation) certificate and should support HVCI. -## How to turn on HVCI in Windows 10 +## How to turn on HVCI in Windows 10 and Windows 11 -To enable HVCI on Windows 10 devices with supporting hardware throughout an enterprise, use any of these options: +To enable HVCI on Windows 10 and Windows 11 devices with supporting hardware throughout an enterprise, use any of these options: - [Windows Security app](#windows-security-app) - [Microsoft Intune (or another MDM provider)](#enable-hvci-using-intune) - [Group Policy](#enable-hvci-using-group-policy) @@ -80,7 +81,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s > > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. -#### For Windows 10 version 1607 and later +#### For Windows 10 version 1607 and later, For Windows 11 21H2 Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): @@ -194,17 +195,17 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG ### Validate enabled Windows Defender Device Guard hardware-based security features -Windows 10 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: +Windows 10, Windows 11 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: ```powershell Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard ``` > [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10. +> The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10 and Windows 11. > [!NOTE] -> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803. +> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 21H2. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled. From 3769f89f6e63ecb5d8ea5f4f667e153e7c9406db Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Nov 2021 11:18:20 +0530 Subject: [PATCH 024/335] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 1af50efd7d..afe3d97a04 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -81,7 +81,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s > > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. -#### For Windows 10 version 1607 and later, For Windows 11 21H2 +#### For Windows 10 version 1607 and later and for Windows 11 version 21H2 Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): From 8cdeaf2f40f4af5a08a90e16aaea910b5bf9335b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Nov 2021 12:19:46 +0530 Subject: [PATCH 025/335] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index afe3d97a04..947d55b387 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -195,7 +195,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG ### Validate enabled Windows Defender Device Guard hardware-based security features -Windows 10, Windows 11 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: +Windows 10, Windows 11, and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: ```powershell Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard From aa3793980e384d17ce344770e003640a5295e898 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Nov 2021 12:20:04 +0530 Subject: [PATCH 026/335] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 947d55b387..6dea84f15c 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -205,7 +205,7 @@ Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windo > The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10 and Windows 11. > [!NOTE] -> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 21H2. +> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled. From cf1afe2a2abde259c59b1b7df5a3e8324bd2109c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 16 Nov 2021 21:31:15 +0530 Subject: [PATCH 027/335] added windows 11 after reading this article, i found windows 11 is missing so i added windows 11 I need assistance from @JohanFreelancer9. --- .../identity-protection/access-control/local-accounts.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 6ad17afded..c285a90fc9 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -19,6 +19,7 @@ ms.reviewer: # Local Accounts **Applies to** +- Windows 11 - Windows 10 - Windows Server 2019 - Windows Server 2016 @@ -73,7 +74,7 @@ The Administrator account has full control of the files, directories, services, The default Administrator account cannot be deleted or locked out, but it can be renamed or disabled. -In Windows 10 and Windows Server 2016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation. +From Windows 10, Windows 11 and Windows Server 2016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation. **Account group membership** @@ -558,4 +559,4 @@ The following resources provide additional information about technologies that a - [Security Identifiers](security-identifiers.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) From d93f5e693751373616b547916f2b048985ac9fe1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 16 Nov 2021 21:32:50 +0530 Subject: [PATCH 028/335] added windows 11 after reading this article, i found windows 11 is missing so i added windows 11. --- .../security-policy-settings/user-rights-assignment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index 6760680ea6..e32051cb2c 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -22,6 +22,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 +- Windows 11 Provides an overview and links to information about the User Rights Assignment security policy settings user rights that are available in Windows. User rights govern the methods by which a user can log on to a system. User rights are applied at the local device level, and they allow users to perform tasks on a device or in a domain. User rights include logon rights and permissions. Logon rights control who is authorized to log on to a device and how they can log on. User rights permissions control access to computer and domain resources, and they can override permissions that have been set on specific objects. User rights are managed in Group Policy under the **User Rights Assignment** item. From ba2224e322f231f819743869df0e66fb4d1385c7 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 17 Nov 2021 15:48:36 +0530 Subject: [PATCH 029/335] Update policy-csp-admx-terminalserver.md --- .../client-management/mdm/policy-csp-admx-terminalserver.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index ed42ebde3f..1ae14c6f68 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -33,6 +33,9 @@ manager: dansimp
ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+
+ ADMX_TerminalServer/TS_RADC_DefaultConnection +
From ee91df6b077e6ea54ac391fa3e948052eec9ebf1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 17 Nov 2021 18:55:28 +0530 Subject: [PATCH 030/335] added link with adjustments, as per user report #10119, so i adjusted links with symbols and arranged the top[ics in ascending order for easy understanding. I need help from @JohanFreelancer9. --- windows/security/threat-protection/index.md | 23 +++++++++++---------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 7baa36b1a0..c95857ed71 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -29,23 +29,24 @@ In Windows client, hardware and software work together to help protect you from See the following articles to learn more about the different areas of Windows threat protection: -- [Microsoft Defender Application Guard](\windows\security\threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md) -- [Virtualization-based protection of code integrity](\windows\security\threat-protection\device-guard\enable-virtualization-based-protection-of-code-integrity.md) -- [Application control](/windows-defender-application-control/windows-defender-application-control.md) +- [Application Control](/windows-defender-application-control/windows-defender-application-control.md) +- [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) +- [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders) +- [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection) +- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md) - [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -- [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection) -- [Network protection](/microsoft-365/security/defender-endpoint/network-protection), [web protection](/microsoft-365/security/defender-endpoint/web-protection-overview) -- [Microsoft Defender SmartScreen](\windows\security\threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-overview.md) -- [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders) -- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) -- [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) -- [Windows Sandbox](\windows\security\threat-protection\windows-sandbox\windows-sandbox-overview.md) +- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) +- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)- +- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md) +- [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) +- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) +- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md) ### Next-generation protection Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. +- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus) - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) - [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus) - [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus) - [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus) -- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus) \ No newline at end of file From 2cd22d65d75e7333f540416fbe0c84a32f23413a Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Thu, 18 Nov 2021 10:14:07 +0530 Subject: [PATCH 031/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 1ae14c6f68..2833f7d9f9 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -189,7 +189,79 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_RADC_DefaultConnection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). + +- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. + +- If you disable or do not configure this policy setting, the user has no default connection URL. + +RemoteApp programs that are installed through RemoteApp and Desktop Connections from an un-trusted server can compromise the security of a user's account. + + + + + + +ADMX Info: +- GP Friendly name: *Specify default connection URL* +- GP name: *TS_RADC_DefaultConnection* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
From 229abdc68bcd3ee47952dd970f73ca7fa82ba17a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Nov 2021 11:40:51 +0530 Subject: [PATCH 032/335] Update windows/security/threat-protection/index.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index c95857ed71..7cf2f166da 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -36,7 +36,7 @@ See the following articles to learn more about the different areas of Windows th - [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md) - [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) -- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)- +- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection) - [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md) - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) - [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) From 769d57be92be5b607b8ccf2aff46d27f2f2f50c7 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 19 Nov 2021 10:58:04 +0530 Subject: [PATCH 033/335] ADMX terminal Server Missing polices - part1 Added 44 policies under ADMX Terminal Server and modifies existing content as it was incorrect. --- .../mdm/policies-in-policy-csp-admx-backed.md | 44 + .../policy-configuration-service-provider.md | 132 + .../mdm/policy-csp-admx-terminalserver.md | 3434 ++++++++++++++++- 3 files changed, 3594 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 6256ffe15a..3b44f8e00e 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1131,8 +1131,52 @@ ms.date: 10/08/2020 - [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name) - [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state) - [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state) +- [ADMX_TerminalServer/TS_AUTO_RECONNECT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_auto_reconnect) +- [ADMX_TerminalServer/TS_CAMERA_REDIRECTION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_camera_redirection) +- [ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_certificate_template_policy) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_signed_files_1) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_signed_files_2) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_unsigned_files_1) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_unsigned_files_2) +- [ADMX_TerminalServer/TS_CLIENT_AUDIO](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio) +- [ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio_capture) +- [ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio_quality) +- [ADMX_TerminalServer/TS_CLIENT_CLIPBOARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_clipboard) +- [ADMX_TerminalServer/TS_CLIENT_COM](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_com) +- [ADMX_TerminalServer/TS_CLIENT_DEFAULT_M](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_default_m) +- [ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_disable_hardware_mode) +- [ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_disable_password_saving_1) +- [ADMX_TerminalServer/TS_CLIENT_LPT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_lpt) +- [ADMX_TerminalServer/TS_CLIENT_PNP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_pnp) +- [ADMX_TerminalServer/TS_CLIENT_PRINTER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_printer) +- [ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_trusted_certificate_thumbprints_1) +- [ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_trusted_certificate_thumbprints_2) +- [ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_turn_off_udp) +- [ADMX_TerminalServer/TS_COLORDEPTH](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_colordepth) +- [ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_delete_roaming_user_profiles) +- [ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_disable_remote_desktop_wallpaper) +- [ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_dx_use_full_hwgpu) +- [ADMX_TerminalServer/TS_EASY_PRINT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_easy_print) +- [ADMX_TerminalServer/TS_EASY_PRINT_User](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_easy_print_user) +- [ADMX_TerminalServer/TS_EnableVirtualGraphics](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_enablevirtualgraphics) +- [ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_fallbackprintdrivertype) +- [ADMX_TerminalServer/TS_FORCIBLE_LOGOFF](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_forcible_logoff) - [ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_enable) - [ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_auth_method) +- [ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_server) +- [ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_join_session_directory) +- [ADMX_TerminalServer/TS_KEEP_ALIVE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_keep_alive) +- [ADMX_TerminalServer/TS_LICENSE_SECGROUP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_secgroup) +- [ADMX_TerminalServer/TS_LICENSE_SERVERS](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_servers) +- [ADMX_TerminalServer/TS_LICENSE_TOOLTIP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_tooltip) +- [ADMX_TerminalServer/TS_LICENSING_MODE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_licensing_mode) +- [ADMX_TerminalServer/TS_MAX_CON_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_max_con_policy) +- [ADMX_TerminalServer/TS_MAXDISPLAYRES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_maxdisplayres) +- [ADMX_TerminalServer/TS_MAXMONITOR](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_maxmonitor) +- [ADMX_TerminalServer/TS_NoDisconnectMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nodisconnectmenu) +- [ADMX_TerminalServer/TS_NoSecurityMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nosecuritymenu) +- [ADMX_TerminalServer/TS_PreventLicenseUpgrade](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_preventlicenseupgrade) +- [ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_promt_creds_client_comp) - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails) - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders) - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..fa5d7a6fb0 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4067,12 +4067,144 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ### ADMX_TerminalServer policies
+
+ ADMX_TerminalServer/TS_AUTO_RECONNECT +
+
+ ADMX_TerminalServer/TS_CAMERA_REDIRECTION +
+
+ ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY +
+
+ ADMX_TerminalServer/TS_CLIENT_CLIPBOARD +
+
+ ADMX_TerminalServer/TS_CLIENT_COM +
+
+ ADMX_TerminalServer/TS_CLIENT_DEFAULT_M +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_LPT +
+
+ ADMX_TerminalServer/TS_CLIENT_PNP +
+
+ ADMX_TerminalServer/TS_CLIENT_PRINTER +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP +
+
+ ADMX_TerminalServer/TS_COLORDEPTH +
+
+ ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES +
+
+ ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER +
+
+ ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU +
+
+ ADMX_TerminalServer/TS_EASY_PRINT +
+
+ ADMX_TerminalServer/TS_EASY_PRINT_User +
+
+ ADMX_TerminalServer/TS_EnableVirtualGraphics +
+
+ ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE +
+
+ ADMX_TerminalServer/TS_FORCIBLE_LOGOFF +
ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD +
+
+ ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
+
+ ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY +
+
+ ADMX_TerminalServer/TS_KEEP_ALIVE +
+
+ ADMX_TerminalServer/TS_LICENSE_SECGROUP +
+
+ ADMX_TerminalServer/TS_LICENSE_SERVERS +
+
+ ADMX_TerminalServer/TS_LICENSE_TOOLTIP +
+
+ ADMX_TerminalServer/TS_LICENSING_MODE +
+
+ ADMX_TerminalServer/TS_MAX_CON_POLICY +
+
+ ADMX_TerminalServer/TS_MAXDISPLAYRES +
+
+ ADMX_TerminalServer/TS_MAXMONITOR +
+
+ ADMX_TerminalServer/TS_NoDisconnectMenu +
+
+ ADMX_TerminalServer/TS_NoSecurityMenu +
+
+ ADMX_TerminalServer/TS_PreventLicenseUpgrade +
+
+ ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP +
### ADMX_Thumbnails policies diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index ed42ebde3f..8e10cb601a 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -27,19 +27,150 @@ manager: dansimp ## ADMX_TerminalServer policies
+
+ ADMX_TerminalServer/TS_AUTO_RECONNECT +
+
+ ADMX_TerminalServer/TS_CAMERA_REDIRECTION +
+
+ ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY +
+
+ ADMX_TerminalServer/TS_CLIENT_CLIPBOARD +
+
+ ADMX_TerminalServer/TS_CLIENT_COM +
+
+ ADMX_TerminalServer/TS_CLIENT_DEFAULT_M +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_LPT +
+
+ ADMX_TerminalServer/TS_CLIENT_PNP +
+
+ ADMX_TerminalServer/TS_CLIENT_PRINTER +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP +
+
+ ADMX_TerminalServer/TS_COLORDEPTH +
+
+ ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES +
+
+ ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER +
+
+ ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU +
+
+ ADMX_TerminalServer/TS_EASY_PRINT +
+
+ ADMX_TerminalServer/TS_EASY_PRINT_User +
+
+ ADMX_TerminalServer/TS_EnableVirtualGraphics +
+
+ ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE +
+
+ ADMX_TerminalServer/TS_FORCIBLE_LOGOFF +
ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+
+ ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER +
+
+ ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY +
+
+ ADMX_TerminalServer/TS_KEEP_ALIVE +
+
+ ADMX_TerminalServer/TS_LICENSE_SECGROUP +
+
+ ADMX_TerminalServer/TS_LICENSE_SERVERS +
+
+ ADMX_TerminalServer/TS_LICENSE_TOOLTIP +
+
+ ADMX_TerminalServer/TS_LICENSING_MODE +
+
+ ADMX_TerminalServer/TS_MAX_CON_POLICY +
+
+ ADMX_TerminalServer/TS_MAXDISPLAYRES +
+
+ ADMX_TerminalServer/TS_MAXMONITOR +
+
+ ADMX_TerminalServer/TS_NoDisconnectMenu +
+
+ ADMX_TerminalServer/TS_NoSecurityMenu +
+
+ ADMX_TerminalServer/TS_PreventLicenseUpgrade +
+
+ ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP +
-
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** +**ADMX_TerminalServer/TS_AUTO_RECONNECT** @@ -88,22 +219,2249 @@ manager: dansimp -This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session. +This policy specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. -If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). +By default, a maximum of twenty reconnection attempts are made at five second intervals. If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost. -If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. +If the status is set to Disabled, automatic reconnection of clients is prohibited. If the status is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection. -Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later. + + + +ADMX Info: +- GP Friendly name: *Automatic reconnection* +- GP name: *TS_AUTO_RECONNECT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CAMERA_REDIRECTION** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices. + +If you enable this policy setting, users cannot redirect their video capture devices to the remote computer. + +If you disable or do not configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer. + + + + +ADMX Info: +- GP Friendly name: *Do not allow video capture redirection* +- GP name: *TS_CAMERA_REDIRECTION* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. + +A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. + +If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. + +If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. + +>[!NOTE] +>If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. + + + + +ADMX Info: +- GP Friendly name: *Server authentication certificate template* +- GP name: *TS_CERTIFICATE_TEMPLATE_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. + +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). + +If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. + +>[!Note] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* +- GP name: *TTS_CLIENT_ALLOW_SIGNED_FILES_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. + +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). + +If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. + +>[!NOTE] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* +- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. + +If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from unknown publishers* +- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. + +If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from unknown publishers* +- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_AUDIO** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. + +Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. + +By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. + +If you enable this policy setting, audio and video playback redirection is allowed. + +If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Allow audio and video playback redirection* +- GP name: *TS_CLIENT_AUDIO* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). + +Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. + +If you enable this policy setting, audio recording redirection is allowed. + +If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC. If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Allow audio recording redirection* +- GP name: *TS_CLIENT_AUDIO_CAPTURE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. + +If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. + +For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used. + +Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. + +If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic. + + + + +ADMX Info: +- GP Friendly name: *Limit audio playback quality* +- GP name: *TS_CLIENT_AUDIO_QUALITY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. + +You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. + +If you enable this policy setting, users cannot redirect Clipboard data. + +If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. + +If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow Clipboard redirection* +- GP name: *TS_CLIENT_CLIPBOARD* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_COM** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. + +You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. + +If you enable this policy setting, users cannot redirect server data to the local COM port. + +If you disable this policy setting, Remote Desktop Services always allows COM port redirection. + +If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow COM port redirection* +- GP name: *TS_CLIENT_COM* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server. + +By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior. + +If you enable this policy setting, the default printer is the printer specified on the remote computer. + +If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection. + +If you do not configure this policy setting, the default printer is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not set default client printer to be default printer in a session* +- GP name: *TS_CLIENT_DEFAULT_M* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. + +If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. + +If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available. + + + + +ADMX Info: +- GP Friendly name: *Do not allow hardware accelerated decoding* +- GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection. + +If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted. + +If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection + + + + +ADMX Info: +- GP Friendly name: *Do not allow passwords to be saved* +- GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_LPT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection. + +If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port. + +If you disable this policy setting, LPT port redirection is always allowed. If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow LPT port redirection* +- GP name: *TS_CLIENT_LPT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_PNP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices. + +If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. + +If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions. + +>[!NOTE] +>You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings. + + + + +ADMX Info: +- GP Friendly name: *Do not allow supported Plug and Play device redirection* +- GP name: *TS_CLIENT_PNP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_PRINTER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping. + +If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. + +If you disable this policy setting, users can redirect print jobs with client printer mapping. + +If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow client printer redirection* +- GP name: *TS_CLIENT_PRINTER* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. + +If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. + +If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. + +>[!NOTE] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. + +If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. + +This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored. + + + + +ADMX Info: +- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers* +- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. + +If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. + +If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. + +>[!NOTE] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. + +If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. + +This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored. + + + + +ADMX Info: +- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers* +- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. + +If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol. + +If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols. + + + + +ADMX Info: +- GP Friendly name: *Turn Off UDP On Client* +- GP name: *TS_CLIENT_TURN_OFF_UDP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_COLORDEPTH** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load. + +If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used. + +If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level. + +>[!NOTE] +> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. +>2. The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. +>3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: +> - a. Value specified by this policy setting +> - b. Maximum color depth supported by the client +> - c. Value requested by the client If the client does not support at least 16 bits, the connection is terminated. + + + + +ADMX Info: +- GP Friendly name: *Limit maximum color depth* +- GP name: *TS_COLORDEPTH* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed. + +>[!NOTE] +>If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles. + +If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. + +When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. + +If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled. + + + + +ADMX Info: +- GP Friendly name: *Limit the size of the entire roaming user profile cache* +- GP name: *TS_DELETE_ROAMING_USER_PROFILES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. + +You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Services sessions. + +If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session. + +If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies. + + + + +ADMX Info: +- GP Friendly name: *Enforce Removal of Remote Desktop Wallpaper* +- GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter. + +If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. + +If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default. + +>[!NOTE] +>The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session is not affected by this policy setting. + + + + +ADMX Info: +- GP Friendly name: *Use hardware graphics adapters for all Remote Desktop Services sessions* +- GP name: *TS_DX_USE_FULL_HWGPU* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_EASY_PRINT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. + +If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session. + +If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. + +>[!NOTE] +>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. + + + + +ADMX Info: +- GP Friendly name: *Use Remote Desktop Easy Print printer driver first* +- GP name: *TS_EASY_PRINT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_EASY_PRINT_User** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. + +If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session. + +If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. + +>[!NOTE] +>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. + + + + +ADMX Info: +- GP Friendly name: *Use Remote Desktop Easy Print printer driver first* +- GP name: *TS_EASY_PRINT_User* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_EnableVirtualGraphics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). + +By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. + +If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. + +If you disable this policy setting, RemoteFX will be disabled. + +If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. + + + + +ADMX Info: +- GP Friendly name: *Configure RemoteFX* +- GP name: *TS_EnableVirtualGraphics* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session. + +If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are: + +- **Do nothing if one is not found** - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior. +- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. +- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. +- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers. + +If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver. If you do not configure this policy setting, the fallback printer driver behavior is off by default. + +>[!NOTE] +>If the **Do not allow client printer redirection** setting is enabled, this policy setting is ignored and the fallback printer driver is disabled. + + + + +ADMX Info: +- GP Friendly name: *Specify RD Session Host server fallback printer driver behavior* +- GP name: *TS_FALLBACKPRINTDRIVERTYPE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console. This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost. + +If you enable this policy setting, logging off the connected administrator is not allowed. + +If you disable or do not configure this policy setting, logging off the connected administrator is allowed. + +>[!NOTE] +>The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line. + + + + +ADMX Info: +- GP Friendly name: *Deny logoff of an administrator logged in to the console session* +- GP name: *TS_FORCIBLE_LOGOFF* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. + +In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. + +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. + +To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. + +When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. + +If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. ADMX Info: -- GP Friendly name: *Allow time zone redirection* +- GP Friendly name: *Enable connection through RD Gateway* - GP name: *TS_GATEWAY_POLICY_ENABLE* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* - GP ADMX file name: *TerminalServer.admx* @@ -161,15 +2519,13 @@ ADMX Info: -This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. +This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. -You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. -If you enable this policy setting, users cannot redirect Clipboard data. +To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. -If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. - -If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level. +If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication. @@ -177,16 +2533,1062 @@ If you do not configure this policy setting, Clipboard redirection is not specif ADMX Info: -- GP Friendly name: *Do not allow Clipboard redirection* +- GP Friendly name: *Set RD Gateway authentication method* - GP name: *TS_GATEWAY_POLICY_AUTH_METHOD* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* - GP ADMX file name: *TerminalServer.admx*
+ +**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. + +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. + +>[!NOTE] +>It is highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. + +To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server. + +Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default. + +>[!NOTE] +>If you disable or do not configure this policy setting, but enable the **Enable connections through RD Gateway** policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. + + + + +ADMX Info: +- GP Friendly name: *Set RD Gateway server address* +- GP name: *TS_GATEWAY_POLICY_SERVER* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server. + +If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. + +If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. + +If the policy setting is not configured, the policy setting is not specified at the Group Policy level. + +>[!NOTE] +>1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. +>2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Join RD Connection Broker* +- GP name: *TS_JOIN_SESSION_DIRECTORY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_KEEP_ALIVE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state. + +After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active. + +If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. + +If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state. + + + + +ADMX Info: +- GP Friendly name: *Configure keep-alive connection interval* +- GP name: *TS_KEEP_ALIVE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSE_SECGROUP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs). + +You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one. + +If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty. + +If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting. + +>[!NOTE] +>You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain. + + + + +ADMX Info: +- GP Friendly name: *License server security group* +- GP name: *TS_LICENSE_SECGROUP* +- GP path: *Windows Components\Remote Desktop Services\RD Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSE_SERVERS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers. + +If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. + +In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: +1. Remote Desktop license servers that are published in Active Directory Domain Services. +2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server. + +1If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Use the specified Remote Desktop license servers* +- GP name: *TS_LICENSE_SERVERS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSE_TOOLTIP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server. + +By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire. + +If you enable this policy setting, these notifications will not be displayed on the RD Session Host server. + +If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator. + + + + +ADMX Info: +- GP Friendly name: *Hide notifications about RD Licensing problems that affect the RD Session Host server* +- GP name: *TS_LICENSE_TOOLTIP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSING_MODE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. + +You can use this policy setting to select one of three licensing modes: Per User , Per Device and AAD Per User . +- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server. +- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server. +- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD. + +If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host. + +If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Set the Remote Desktop licensing mode* +- GP name: *TS_LICENSING_MODE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_MAX_CON_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, additional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. + +By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions. + +To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. + +If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. + +If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level. + +>[!NOTE] +>This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed). + + + + +ADMX Info: +- GP Friendly name: *Limit number of connections* +- GP name: *TS_MAX_CON_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_MAXDISPLAYRES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load. + +If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. + +If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool. + + + + +ADMX Info: +- GP Friendly name: *Limit maximum display resolution* +- GP name: *TS_MAXDISPLAYRES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_MAXMONITOR** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load. + +If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16. + +If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Limit number of monitors* +- GP name: *TS_MAXMONITOR* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_NoDisconnectMenu** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server. + +If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box. + +If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box. + +>[!NOTE] +>This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. + +This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the **Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions** policy setting. + + + + +ADMX Info: +- GP Friendly name: *Remove "Disconnect" option from Shut Down dialog* +- GP name: *TS_NoDisconnectMenu* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_NoSecurityMenu** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently. + +If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer. + +If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu. + + + + +ADMX Info: +- GP Friendly name: *Remove Windows Security item from Start menu* +- GP name: *TS_NoSecurityMenu* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_PreventLicenseUpgrade** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems. + +A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. + +By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: +- A client connecting to a Windows Server 2003 terminal server +- A client connecting to a Windows 2000 terminal server + +If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. + +If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier. + + + + +ADMX Info: +- GP Friendly name: *Prevent license upgrade* +- GP name: *TS_PreventLicenseUpgrade* +- GP path: *Windows Components\Remote Desktop Services\RD Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server. + +If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials. + +>[!NOTE] +>If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. + +If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. + +For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection. + + + + +ADMX Info: +- GP Friendly name: *Prompt for credentials on the client computer* +- GP name: *TS_PROMT_CREDS_CLIENT_COMP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
From f76dd8645b644c0045e5b4a2009939c498bf9687 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 19 Nov 2021 11:59:49 +0530 Subject: [PATCH 034/335] 5560668-part1 --- browsers/edge/microsoft-edge-faq.yml | 2 +- browsers/internet-explorer/kb-support/ie-edge-faqs.yml | 4 ++-- ...anage-users-and-groups-microsoft-store-for-business.md | 2 +- .../troubleshoot-microsoft-store-for-business.md | 2 +- .../appv-deploying-microsoft-office-2016-with-appv.md | 2 +- .../advanced-troubleshooting-boot-problems.md | 4 ++-- ...anced-troubleshooting-wireless-network-connectivity.md | 2 +- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- ...roup-policies-for-enterprise-and-education-editions.md | 2 +- .../manage-settings-app-with-group-policy.md | 2 +- windows/client-management/mandatory-user-profile.md | 2 +- ...-windows-10-device-automatically-using-group-policy.md | 6 +++--- windows/client-management/troubleshoot-stop-errors.md | 8 ++++---- .../client-management/troubleshoot-tcpip-rpc-errors.md | 2 +- windows/client-management/troubleshoot-windows-freeze.md | 4 ++-- .../configuration/cortana-at-work/cortana-at-work-o365.md | 2 +- windows/configuration/kiosk-single-app.md | 2 +- .../lock-down-windows-10-to-specific-apps.md | 2 +- windows/configuration/start-layout-troubleshoot.md | 2 +- .../stop-employees-from-using-microsoft-store.md | 2 +- windows/configuration/ue-v/uev-prepare-for-deployment.md | 2 +- windows/configuration/ue-v/uev-release-notes-1607.md | 4 ++-- .../deployment/planning/windows-10-removed-features.md | 2 +- 23 files changed, 32 insertions(+), 32 deletions(-) diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml index 96038bd4ce..bfb48a3544 100644 --- a/browsers/edge/microsoft-edge-faq.yml +++ b/browsers/edge/microsoft-edge-faq.yml @@ -62,7 +62,7 @@ sections: - question: Will Internet Explorer 11 continue to receive updates? answer: | - We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. + We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](/lifecycle/faq/internet-explorer-microsoft-edge). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. - question: How do I find out which version of Microsoft Edge I have? answer: | diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml index 50862d688d..f7f8874d78 100644 --- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml @@ -148,7 +148,7 @@ sections: - question: | Where to find Internet Explorer security zones registry entries answer: | - Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users). + Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries). This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11. @@ -193,7 +193,7 @@ sections: answer: | Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed. - For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer). + For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge). - question: | How to configure TLS (SSL) for Internet Explorer diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md index a417157bc2..717074d334 100644 --- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md +++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md @@ -44,5 +44,5 @@ If you created a new Azure AD directory when you signed up for Store for Busines You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617). For more information, see: -- [Add user accounts using Office 365 admin dashboard](https://support.office.com/en-us/article/add-users-individually-or-in-bulk-to-office-365-admin-help-1970f7d6-03b5-442f-b385-5880b9c256ec) +- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users) - [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory) \ No newline at end of file diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md index f54b676866..febe7110b0 100644 --- a/store-for-business/troubleshoot-microsoft-store-for-business.md +++ b/store-for-business/troubleshoot-microsoft-store-for-business.md @@ -56,7 +56,7 @@ The private store for your organization is a page in Microsoft Store app that co ## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager -If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w). +If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration). ## Still having trouble? diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index cbe270cf7d..0f5fbdc637 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail |--------------|----------------------------|----------------| | Add element | Specifies which products and languages the package will include. | N/A | | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`
`OfficeClientEdition="64"` | - | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | + | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation/product-ids-supported-office-deployment-click-to-run?redirectSourcePath=%252fen-US%252farticle%252f77654e77-aaeb-4ed6-84eb-1d8b0e086590). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | | Language element | Specifies which language the applications support. | `Language ID="en-us"` | | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` | | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` | diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 1c65aec135..5f919123ef 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -230,7 +230,7 @@ If Windows cannot load the system registry hive into memory, you must restore th If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced. > [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start). +> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder) ## Kernel Phase @@ -413,4 +413,4 @@ If the dump file shows an error that is related to a driver (for example, window 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. > [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start). +> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://docs.microsoft.com/en-US/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index 043d6d76df..0354d8e90c 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -54,7 +54,7 @@ Make sure that you install the latest Windows updates, cumulative updates, and r - [Windows 10 version 1511](https://support.microsoft.com/help/4000824) - [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470) - [Windows Server 2012](https://support.microsoft.com/help/4009471) -- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469) +- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469) ## Data Collection diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 87a70ff761..be97ca94cf 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -72,7 +72,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. > [!NOTE] - > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e). + > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials). ## Supported configurations diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md index c9150ce005..3d50f1d30a 100644 --- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md +++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md @@ -32,7 +32,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) | | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) | | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | In Windows 10, version 1703, this policy setting can be applied to Windows 10 Pro. For more info, see [Manage Windows 10 Start layout options and policies](/windows/configuration/windows-10-start-layout-options-and-policies) | -| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). | +| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). | | **Only display the private store within the Microsoft Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app

User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app | For more info, see [Manage access to private store](/microsoft-store/manage-access-to-private-store) | | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) | diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index 4e6bcdad77..56a3adc040 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -26,7 +26,7 @@ To make use of the Settings App group policies on Windows server 2016, install f >[!Note] >Each server that you want to manage access to the Settings App must be patched. -If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra). +If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store). This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app. diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 25245fa812..536c404d2c 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -41,7 +41,7 @@ The name of the folder in which you store the mandatory profile must use the cor | Windows 10, versions 1507 and 1511 | N/A | v5 | | Windows 10, versions 1607, 1703, 1709, 1803, 1809, 1903 and 1909 | Windows Server 2016 and Windows Server 2019 | v6 | -For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198). +For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](/troubleshoot/windows-server/user-profiles-and-logon/roaming-user-profiles-versioning). ## Mandatory user profile diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 4dfc661666..e03fc7a5f0 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -212,7 +212,7 @@ Requirements: 5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**. - If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. + If this folder does not exist, then be aware that you will be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain. 6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available. @@ -247,7 +247,7 @@ To collect Event Viewer logs: ![Event ID 76.](images/auto-enrollment-troubleshooting-event-id-76.png) - To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information. + To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors) for more information. - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section. @@ -288,7 +288,7 @@ To collect Event Viewer logs: - [Link a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732979(v=ws.11)) - [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11)) - [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11)) -- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) +- [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) - [Getting started with Cloud Native Windows Endpoints](https://docs.microsoft.com/mem/cloud-native-windows-endpoints) - [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684) - [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 390add3169..6e808bbeda 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -81,7 +81,7 @@ To troubleshoot Stop error messages, follow these general steps: > >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135). > - >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](https://support.microsoft.com/help/816071). + >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](/troubleshoot/windows-server/performance/deactivate-kernel-mode-filter-driver). > >You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll Back a Device Driver to a Previous Version](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)). @@ -125,9 +125,9 @@ More information on how to use Dumpchk.exe to check your dump files: ### Pagefile Settings -- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](https://support.microsoft.com/help/4133658) -- [How to determine the appropriate page file size for 64-bit versions of Windows](https://support.microsoft.com/help/2860880) -- [How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2](https://support.microsoft.com/help/969028) +- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](/windows/client-management/introduction-page-file) +- [How to determine the appropriate page file size for 64-bit versions of Windows](/windows/client-management/determine-appropriate-page-file-size) +- [How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2](/windows/client-management/generate-kernel-or-complete-crash-dump) ### Memory dump analysis diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index ba02501c81..67d111be15 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -46,7 +46,7 @@ Remote Procedure Call (RPC) dynamic port allocation is used by server applicatio Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (UDP and TCP) ports. Many RPC servers in Windows let you specify the server port in custom configuration items such as registry entries. When you can specify a dedicated server port, you know what traffic flows between the hosts across the firewall, and you can define what traffic is allowed in a more directed manner. -As a server port, please choose a port outside of the range you may want to specify below. You can find a comprehensive list of server ports that are used in Windows and major Microsoft products in the article [Service overview and network port requirements for Windows](https://support.microsoft.com/help/832017). +As a server port, please choose a port outside of the range you may want to specify below. You can find a comprehensive list of server ports that are used in Windows and major Microsoft products in the article [Service overview and network port requirements for Windows](/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements). The article also lists the RPC servers and which RPC servers can be configured to use custom server ports beyond the facilities the RPC runtime offers. Some firewalls also allow for UUID filtering where it learns from a RPC Endpoint Mapper request for a RPC interface UUID. The response has the server port number, and a subsequent RPC Bind on this port is then allowed to pass. diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 3ed83421c9..3b76dccd95 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -132,7 +132,7 @@ If the computer is no longer frozen and now is running in a good state, use the To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change. > [!NOTE] - > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146). + > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](/troubleshoot/windows-client/performance/nmi-hardware-failure-error). 4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file. @@ -282,6 +282,6 @@ The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL On Windows Server 2008, you may not have enough free disk space to generate a complete memory dump file on the system volume. There's a [hotfix](https://support.microsoft.com/help/957517) that allows for the data collection even though there isn't sufficient space on the system drive to store the memory dump file. -Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028). +Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](/windows/client-management/generate-kernel-or-complete-crash-dump). For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](https://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx). \ No newline at end of file diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index 2241f9d819..3a9e871905 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -20,7 +20,7 @@ Your employees can use Cortana to help manage their day and be more productive b **See also:** -[Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10). +[Known issues for Windows Desktop Search and Cortana in Windows 10](/troubleshoot/windows-client/shell-experience/windows-desktop-search-and-cortana-issues). ### Before you begin There are a few things to be aware of before you start using Cortana in Windows 10, versions 1909 and earlier. diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 3a71008734..6ed1d17274 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -204,7 +204,7 @@ Clear-AssignedAccess >[!IMPORTANT] ->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). +>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon). When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application. diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 2461a34568..dd3885771b 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -352,7 +352,7 @@ Starting with Windows 10 version 1809, you can configure the display name that w On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).) >[!IMPORTANT] ->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). +>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon). ##### Config for individual accounts diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index 5a39031455..df9c9b1c63 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -279,7 +279,7 @@ Additionally, users may see blank tiles if sign-in was attempted without network ### Symptom: Start Menu issues with Tile Data Layer corruption -**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).) +**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](/en-US/windows/deployment/planning/windows-10-removed-features).) **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed. diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md index 000617ec7e..3bb01bd01c 100644 --- a/windows/configuration/stop-employees-from-using-microsoft-store.md +++ b/windows/configuration/stop-employees-from-using-microsoft-store.md @@ -82,7 +82,7 @@ For more information on the rules available via AppLocker on the different suppo Applies to: Windows 10 Enterprise, Windows 10 Education > [!Note] -> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](https://support.microsoft.com/kb/3135657). +> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). You can also use Group Policy to manage access to Microsoft Store. diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 08853f5b22..ef7c732bf1 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -311,7 +311,7 @@ The UE-V settings storage location and settings template catalog support storing - [Information about roaming profiles from the Directory Services team](https://blogs.technet.microsoft.com/askds/tag/roaming-profiles/) - - [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009) + - [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](/troubleshoot/windows-server/networking/support-policy-for-dfsr-dfsn-deployment) In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication. diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 91fb17d0de..3a7b61d729 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -107,12 +107,12 @@ This section contains hotfixes and KB articles for UE-V. |------------|---------|--------| | 3018608 | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing | [support.microsoft.com/kb/3018608](https://support.microsoft.com/kb/3018608) | | 2903501 | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles | [support.microsoft.com/kb/2903501](https://support.microsoft.com/kb/2903501) | -| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](https://support.microsoft.com/kb/2770042) | +| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) | | 2847017 | Internet Explorer settings replicated by UE-V | [support.microsoft.com/kb/2847017](https://support.microsoft.com/kb/2847017) | | 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) | | 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) | | 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) | -| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](https://support.microsoft.com/kb/2782997) | +| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) | | 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) | | 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) | | 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index a790a1e83a..0164b03c0e 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -60,7 +60,7 @@ The following features and functionalities have been removed from the installed |Reader app | Functionality to be integrated into Microsoft Edge. | 1709 | |Reading List | Functionality to be integrated into Microsoft Edge. | 1709 | |Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | -|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 | +|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](/troubleshoot/windows-server/identity/syskey-exe-utility-is-no-longer-supported). | 1709 | |TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 | |Tile Data Layer |To be replaced by the Tile Store.| 1709 | |Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 | From 2728f29438458f6d694d286f0f178d603e2766c0 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 19 Nov 2021 15:46:26 +0530 Subject: [PATCH 035/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 1229 +++++++++++++++++ 1 file changed, 1229 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 2833f7d9f9..f4dd2966a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -36,6 +36,54 @@ manager: dansimp
ADMX_TerminalServer/TS_RADC_DefaultConnection
+
+ ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration +
+
+ ADMX_TerminalServer/TS_RemoteControl_1 +
+
+ ADMX_TerminalServer/TS_RemoteControl_2 +
+
+ ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics +
+
+ ADMX_TerminalServer/TS_SD_ClustName +
+
+ ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS +
+
+ ADMX_TerminalServer/TS_SD_Loc +
+
+ ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY +
+
+ ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT +
+
+ ADMX_TerminalServer/TS_SELECT_TRANSPORT +
+
+ ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP +
+
+ ADMX_TerminalServer/TS_SERVER_AUTH +
+
+ ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_COMPRESSOR +
+
+ ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY +
@@ -263,5 +311,1186 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. + +- If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. + +- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. + + + + + + +ADMX Info: +- GP Friendly name: *Suspend user sign-in to complete app registration* +- GP name: *TS_RDSAppX_WaitForRegistration* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. + +You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. + +Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). + + + + + + +ADMX Info: +- GP Friendly name: *Optimize visual experience when using RemoteFX* +- GP name: *TS_RemoteDesktopVirtualGraphics* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_ClustName** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. + +RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. + +If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. + +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. +- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. + +- This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +- For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker farm name* +- GP name: *TS_SD_ClustName* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. + +This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. + +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. + +- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. + +When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. + +If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. + +For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + + + +ADMX Info: +- GP Friendly name: *Use IP Address Redirection* +- GP name: *TS_SD_EXPOSE_ADDRESS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_Loc** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. + +All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. + +- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. + +- If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level. + +For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. +This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. + +To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers. + + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker server name* +- GP name: *TS_SD_Loc* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. + +- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. + +The following security methods are available: + +- * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. + +- * RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. + +- * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy. + +- If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level. + + + + + +ADMX Info: +- GP Friendly name: *Require use of specific security layer for remote (RDP) connections* +- GP name: *TS_SECURITY_LAYER_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency). +You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. +- If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. +- If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. +- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. +- If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. + + + + + +ADMX Info: +- GP Friendly name: *Select network detection on the server* +- GP name: *TS_SELECT_NETWORK_DETECT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SELECT_TRANSPORT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server. + +- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: +"Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP. + +- If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. + + + + +ADMX Info: +- GP Friendly name: *Select RDP transport protocols* +- GP name: *TS_SELECT_TRANSPORT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. + +This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions. + +- If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. + +- If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. + +You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics. + + + + +ADMX Info: +- GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp* +- GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_AUTH** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + +- If you enable this policy setting, you must specify one of the following settings: + +Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. + +Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. + +Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. + +- If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + + + + +ADMX Info: +- GP Friendly name: *Configure server authentication for client* +- GP name: *TS_SERVER_AUTH* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. + +- When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. + +- If you disable or do not configure this policy, we will always use software encoding. + + + + +ADMX Info: +- GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. + +When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444. + + + + +ADMX Info: +- GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC444_MODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_COMPRESSOR** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. + +If you enable this policy setting, you can specify which RDP compression algorithm to use. + +If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. + +If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. + +Additionally, a third option is available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. If you disable or do not configure this policy setting, the default RDP compression algorithm will be used. + + + + +ADMX Info: +- GP Friendly name: *Configure compression for RemoteFX data* +- GP name: *TS_SERVER_COMPRESSOR* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. + +- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. + +- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. + +- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. + +- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. + +- If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. + + + + +ADMX Info: +- GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics* +- GP name: *TS_SERVER_IMAGE_QUALITY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ From e1b9c0075b8d900f0e84fc89d42349a15652ce97 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 19 Nov 2021 18:46:27 +0530 Subject: [PATCH 036/335] self review --- .../app-v/appv-deploying-microsoft-office-2016-with-appv.md | 2 +- .../client-management/advanced-troubleshooting-boot-problems.md | 2 +- windows/configuration/start-layout-troubleshoot.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index 0f5fbdc637..c5900e3088 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail |--------------|----------------------------|----------------| | Add element | Specifies which products and languages the package will include. | N/A | | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`
`OfficeClientEdition="64"` | - | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation/product-ids-supported-office-deployment-click-to-run?redirectSourcePath=%252fen-US%252farticle%252f77654e77-aaeb-4ed6-84eb-1d8b0e086590). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | + | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | | Language element | Specifies which language the applications support. | `Language ID="en-us"` | | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` | | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` | diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 5f919123ef..4c4778907e 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -413,4 +413,4 @@ If the dump file shows an error that is related to a driver (for example, window 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. > [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://docs.microsoft.com/en-US/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). +> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index df9c9b1c63..fb99dd0757 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -279,7 +279,7 @@ Additionally, users may see blank tiles if sign-in was attempted without network ### Symptom: Start Menu issues with Tile Data Layer corruption -**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](/en-US/windows/deployment/planning/windows-10-removed-features).) +**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](/windows/deployment/planning/windows-10-removed-features).) **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed. From cc14bbc739987dd8adb60558416d686caea5d9eb Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 19 Nov 2021 18:57:19 +0530 Subject: [PATCH 037/335] corrected as per Suggestion in build --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index e03fc7a5f0..a1f278305e 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -289,7 +289,7 @@ To collect Event Viewer logs: - [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11)) - [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11)) - [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) -- [Getting started with Cloud Native Windows Endpoints](https://docs.microsoft.com/mem/cloud-native-windows-endpoints) +- [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints) - [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684) - [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353) From 1cfda485a318989004cfe1df843eb6d1537d77eb Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 19 Nov 2021 19:24:07 +0530 Subject: [PATCH 038/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 182 +++++++++++++++--- 1 file changed, 158 insertions(+), 24 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 9febc8bf46..b42aac7547 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -173,6 +173,7 @@ manager: dansimp
ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY +
ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
@@ -2661,7 +2662,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** @@ -2705,44 +2706,28 @@ ADMX Info: > [!div class = "checklist"] > * Device -> * User
-This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. -You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. +You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). +If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. -Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. - -By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). - -If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. - -In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. - -By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. - -To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. - -When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. - -If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. +If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). - ADMX Info: - GP Friendly name: *Optimize visual experience when using RemoteFX* - GP name: *TS_RemoteDesktopVirtualGraphics* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP Friendly name: *Enable connection through RD Gateway* -- GP name: *TS_GATEWAY_POLICY_ENABLE* -- GP path: *Windows Components\Remote Desktop Services\RD Gateway* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* - GP ADMX file name: *TerminalServer.admx* @@ -2750,6 +2735,155 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_SD_ClustName** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. + +Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. + +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. + +- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. + +>[!NOTES] +> 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +> 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker farm name* +- GP name: *TS_SD_ClustName* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. + +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. + +- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. + +If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. + +>[!NOTES] +> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Use IP Address Redirection* +- GP name: *TS_SD_EXPOSE_ADDRESS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ **ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** From 01e1b3a238bad02e0a5f8c9bf1cb8f17617b0bdb Mon Sep 17 00:00:00 2001 From: Rafael Ortiz Date: Fri, 19 Nov 2021 09:24:46 -0500 Subject: [PATCH 039/335] Update basic-audit-logon-events.md --- .../threat-protection/auditing/basic-audit-logon-events.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 01b1068234..c0be497365 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -45,7 +45,7 @@ You can configure this security setting by opening the appropriate policy under | 4779 | A user disconnected a terminal server session without logging off. | -When event 528 is logged, a logon type is also listed in the event log. The following table describes each logon type. +When event 4624 (Legacy Windows Event ID 528) is logged, a logon type is also listed in the event log. The following table describes each logon type. | Logon type | Logon title | Description | | - | - | - | From 30c000b7290053554f8ef52da2685a88edc90b18 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:18:39 +0530 Subject: [PATCH 040/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 2755 +++++++++++++++-- 1 file changed, 2490 insertions(+), 265 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index b42aac7547..bb3ba3a713 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -124,6 +124,48 @@ manager: dansimp ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+ ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER +
+
+ ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY +
+
+ ADMX_TerminalServer/TS_KEEP_ALIVE +
+
+ ADMX_TerminalServer/TS_LICENSE_SECGROUP +
+
+ ADMX_TerminalServer/TS_LICENSE_SERVERS +
+
+ ADMX_TerminalServer/TS_LICENSE_TOOLTIP +
+
+ ADMX_TerminalServer/TS_LICENSING_MODE +
+
+ ADMX_TerminalServer/TS_MAX_CON_POLICY +
+
+ ADMX_TerminalServer/TS_MAXDISPLAYRES +
+
+ ADMX_TerminalServer/TS_MAXMONITOR +
+
+ ADMX_TerminalServer/TS_NoDisconnectMenu +
+
+ ADMX_TerminalServer/TS_NoSecurityMenu +
+
+ ADMX_TerminalServer/TS_PreventLicenseUpgrade +
+
+ ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP +
+
ADMX_TerminalServer/TS_RADC_DefaultConnection
@@ -174,47 +216,6 @@ manager: dansimp
ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
- ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER - -
- ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY -
-
- ADMX_TerminalServer/TS_KEEP_ALIVE -
-
- ADMX_TerminalServer/TS_LICENSE_SECGROUP -
-
- ADMX_TerminalServer/TS_LICENSE_SERVERS -
-
- ADMX_TerminalServer/TS_LICENSE_TOOLTIP -
-
- ADMX_TerminalServer/TS_LICENSING_MODE -
-
- ADMX_TerminalServer/TS_MAX_CON_POLICY -
-
- ADMX_TerminalServer/TS_MAXDISPLAYRES -
-
- ADMX_TerminalServer/TS_MAXMONITOR -
-
- ADMX_TerminalServer/TS_NoDisconnectMenu -
-
- ADMX_TerminalServer/TS_NoSecurityMenu -
-
- ADMX_TerminalServer/TS_PreventLicenseUpgrade -
-
- ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP -
@@ -2658,230 +2659,6 @@ ADMX Info: - -
- - -**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - - -This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. - -You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). -If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. - -By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. - -If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). - - - - -ADMX Info: -- GP Friendly name: *Optimize visual experience when using RemoteFX* -- GP name: *TS_RemoteDesktopVirtualGraphics* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* -- GP ADMX file name: *TerminalServer.admx* - - - - -
- - -**ADMX_TerminalServer/TS_SD_ClustName** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. - -Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. - -- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. - -- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. - ->[!NOTES] -> 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. -> 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. - - - - -ADMX Info: -- GP Friendly name: *Configure RD Connection Broker farm name* -- GP name: *TS_SD_ClustName* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* -- GP ADMX file name: *TerminalServer.admx* - - - -
- - -**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. - -- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. - -- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. - -If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. - ->[!NOTES] -> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. - - - - -ADMX Info: -- GP Friendly name: *Use IP Address Redirection* -- GP name: *TS_SD_EXPOSE_ADDRESS* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* -- GP ADMX file name: *TerminalServer.admx* - - -
@@ -4003,6 +3780,2454 @@ ADMX Info: +
+ + +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. + +You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). +If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. + +If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). + + + + +ADMX Info: +- GP Friendly name: *Optimize visual experience when using RemoteFX* +- GP name: *TS_RemoteDesktopVirtualGraphics* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SD_ClustName** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. + +Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. + +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. + +- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. + +>[!NOTES] +> 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +> 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker farm name* +- GP name: *TS_SD_ClustName* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. + +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. + +- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. + +If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. + +>[!NOTES] +> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Use IP Address Redirection* +- GP name: *TS_SD_EXPOSE_ADDRESS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_Loc** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. +The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. + +- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. + +- If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level. + + +>[!NOTES] +> 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. +> 2. This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. +> 3. To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers. + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker server name* +- GP name: *TS_SD_Loc* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. + +- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. + +The following security methods are available: + +1. * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. +2. * RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. +3. * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy. + +- If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Require use of specific security layer for remote (RDP) connections* +- GP name: *TS_SECURITY_LAYER_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency). +You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. + +- If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. + +- If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. + +- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. + +- If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. + + + + +ADMX Info: +- GP Friendly name: *Select network detection on the server* +- GP name: *TS_SELECT_NETWORK_DETECT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SELECT_TRANSPORT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server. + +- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" + +If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP. + +- If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. + + + + +ADMX Info: +- GP Friendly name: *Select RDP transport protocols* +- GP name: *TS_SELECT_TRANSPORT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. +This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions. + +- If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. + +- If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics. + + + + +ADMX Info: +- GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp* +- GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_AUTH** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + +- If you enable this policy setting, you must specify one of the following settings: + + 1. Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. + + 2. Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. + + 3. Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. + +- If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + + + + +ADMX Info: +- GP Friendly name: *Configure server authentication for client* +- GP name: *TS_SERVER_AUTH* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. + +- When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. + +- If you disable or do not configure this policy, we will always use software encoding. + + + + +ADMX Info: +- GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. + +When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444. + + + + +ADMX Info: +- GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC444_MODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_COMPRESSOR** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. + +- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. + +If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. + +In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. + +Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. + +- If you disable or do not configure this policy setting, the default RDP compression algorithm will be used. + + + + +ADMX Info: +- GP Friendly name: *Configure compression for RemoteFX data* +- GP name: *TS_SERVER_COMPRESSOR* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + +This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. + +- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. + +- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. + +- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. + +- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. + +- If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. + + + + +ADMX Info: +- GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics* +- GP name: *TS_SERVER_IMAGE_QUALITY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + +This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. + +When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. + +- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. + +- If you disable this policy setting, RemoteFX will be disabled. If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. + + + + +ADMX Info: +- GP Friendly name: *Configure RemoteFX* +- GP name: *TS_SERVER_LEGACY_RFX* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_PROFILE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth. + +If you enable this policy setting, the RemoteFX experience could be set to one of the following options: +1. Let the system choose the experience for the network condition +2. Optimize for server scalability +3. Optimize for minimum bandwidth usage If you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition." + + + + +ADMX Info: +- GP Friendly name: *Configure RemoteFX Adaptive Graphics* +- GP name: *TS_SERVER_PROFILE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. + +- If you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. + +- If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver. For this change to take effect, you must restart Windows. + + + + +ADMX Info: +- GP Friendly name: *Use WDDM graphics display driver for Remote Desktop Connections* +- GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_Session_End_On_Limit_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. + +See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. + +- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. + +- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. + +This policy setting only applies to time-out limits that are explicitly set by the administrator. + +This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *End session when time limits are reached* +- GP name: *TS_Session_End_On_Limit_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_Session_End_On_Limit_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. + +See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. + +- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. + +- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. + +This policy setting only applies to time-out limits that are explicitly set by the administrator. + +This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *End session when time limits are reached* +- GP name: *TS_Session_End_On_Limit_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. +When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. + +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for disconnected sessions* +- GP name: *TS_SESSIONS_Disconnected_Timeout_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. +When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. + +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for disconnected sessions* +- GP name: *TS_SESSIONS_Disconnected_Timeout_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. + +- If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Idle_Limit_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. + +- If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Idle_Limit_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Limits_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Limits_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SINGLE_SESSION** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. + +If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon. + +If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you do not configure this policy setting, this policy setting is not specified at the Group Policy level. + + + + + +ADMX Info: +- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session* +- GP name: *TS_SINGLE_SESSION* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SMART_CARD** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. + +- If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session. + +- If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection. + +>[!NOTE] +> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain. + + + + +ADMX Info: +- GP Friendly name: *Do not allow smart card device redirection* +- GP name: *TS_SMART_CARD* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_START_PROGRAM_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. + +The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. + +If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) + +>[!NOTE] +> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. + + + + +ADMX Info: +- GP Friendly name: *Start a program on connection* +- GP name: *TS_START_PROGRAM_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_START_PROGRAM_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. + +The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. + +If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) + +>[!NOTE] +> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. + + + + +ADMX Info: +- GP Friendly name: *Start a program on connection* +- GP name: *TS_START_PROGRAM_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TEMP_DELETE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off. + +If you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session. + +If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise. If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator. + +>[!NOTE] +> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect. + + + + +ADMX Info: +- GP Friendly name: *Do not delete temp folders upon exit* +- GP name: *TS_TEMP_DELETE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TEMP_PER_SESSION** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. + +You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid. + +- If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer. + +- If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. If you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise. + + + + +ADMX Info: +- GP Friendly name: *Do not use temporary folders per session* +- GP name: *TS_TEMP_PER_SESSION* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TIME_ZONE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session. + +- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). + +- If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. + +>[!NOTE] +> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later. + + + + +ADMX Info: +- GP Friendly name: *Allow time zone redirection* +- GP name: *TS_TIME_ZONE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes. + +- If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. + +- If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. + +>[!NOTE] +> The preferred method of managing user access is by adding a user to the Remote Desktop Users group. + + + + +ADMX Info: +- GP Friendly name: *Do not allow local administrators to customize permissions* +- GP name: *TS_TSCC_PERMISSIONS_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy. + +- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings. + +- If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer. + +>[!NOTE] +> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored. + + + + +ADMX Info: +- GP Friendly name: *Always show desktop on connection* +- GP name: *TS_TURNOFF_SINGLEAPP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_UIA** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to restrict users to a single Remote Desktop Services session. + +If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon. + +- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. + +- If you do not configure this policy setting, this policy setting is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session* +- GP name: *TS_UIA* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + +
From 6c5b285a5c7557bd9fbf7f58d11a2459ce3cf5a0 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:27:45 +0530 Subject: [PATCH 041/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index bb3ba3a713..e1907d8a54 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6229,6 +6229,73 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_UIA** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. +If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. + + + + + +ADMX Info: +- GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer* +- GP name: *TS_UIA* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + +
From 85669a44a796971060886f1e3c71f89a49cee46c Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:31:23 +0530 Subject: [PATCH 042/335] Update policy-csp-admx-terminalserver.md --- windows/client-management/mdm/policy-csp-admx-terminalserver.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index e1907d8a54..44fb95957d 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6283,7 +6283,6 @@ ADMX Info: This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. - From 9f518007f6ccd7fdc27abbbf9a6dbc2eb0727e2f Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:48:54 +0530 Subject: [PATCH 043/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 44fb95957d..afc0d59440 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -165,7 +165,7 @@ manager: dansimp
ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
-
+
ADMX_TerminalServer/TS_RADC_DefaultConnection
@@ -216,6 +216,63 @@ manager: dansimp
ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
+
+ ADMX_TerminalServer/TS_SERVER_LEGACY_RFX +
+
+ ADMX_TerminalServer/TS_SERVER_PROFILE +
+
+ ADMX_TerminalServer/TS_SERVER_VISEXP +
+
+ ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_1 +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Limits_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Limits_2 +
+
+ ADMX_TerminalServer/TS_SINGLE_SESSION +
+
+ ADMX_TerminalServer/TS_SMART_CARD +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_1 +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_2 +
+
+ ADMX_TerminalServer/TS_TEMP_DELETE +
+
+ ADMX_TerminalServer/TS_TEMP_PER_SESSION +
+
+ ADMX_TerminalServer/TS_TIME_ZONE +
@@ -6296,5 +6353,6 @@ ADMX Info:
+ From d02ee03e5f10fab0dc87b32ca8caf97955d0f39c Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 07:08:58 +0530 Subject: [PATCH 044/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 305 +++++++++++++++++- 1 file changed, 302 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index afc0d59440..f67869e5fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6288,7 +6288,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_UIA** +**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** @@ -6338,14 +6338,15 @@ ADMX Info: This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. -If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. +If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. +If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. ADMX Info: - GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer* -- GP name: *TS_UIA* +- GP name: *TS_USB_REDIRECTION_DISABLE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection* - GP ADMX file name: *TerminalServer.admx* @@ -6354,5 +6355,303 @@ ADMX Info:
+ + +**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. + +- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported. + +- If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. + +Disabling this policy setting provides less security because user authentication will occur later in the remote connection process. + + + + +ADMX Info: +- GP Friendly name: *Require user authentication for remote connections by using Network Level Authentication* +- GP name: *TS_USER_AUTHENTICATION_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_USER_HOME** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. + +- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. + +If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. + +- If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. + +If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. + + + + +ADMX Info: +- GP Friendly name: *Server authentication certificate template* +- GP name: *TS_USER_HOME* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server. + +- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile. + +- If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server. + +For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting. + + + + + +ADMX Info: +- GP Friendly name: *Use mandatory profiles on the RD Session Host server* +- GP name: *TS_USER_MANDATORY_PROFILES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_USER_PROFILES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user. + +To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. + +If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. + +If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. + +1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. +2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile. + + + + +ADMX Info: +- GP Friendly name: *Set path for Remote Desktop Services Roaming User Profile* +- GP name: *TS_USER_PROFILES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ From 8782e39f0b704dc08d825205fdcf1e5a12db122a Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 07:25:28 +0530 Subject: [PATCH 045/335] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index f67869e5fa..727599a933 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -273,6 +273,30 @@ manager: dansimp
ADMX_TerminalServer/TS_TIME_ZONE
+
+ ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY +
+
+ ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP +
+
+ ADMX_TerminalServer/TS_UIA +
+
+ ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE +
+
+ ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY +
+
+ ADMX_TerminalServer/TS_USER_HOME +
+
+ ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES +
+
+ ADMX_TerminalServer/TS_USER_PROFILES +
From e0d3e5998873a314ba76872bcdbcfdf548574991 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 07:55:20 +0530 Subject: [PATCH 046/335] Update policies-in-policy-csp-admx-backed.md --- .../mdm/policies-in-policy-csp-admx-backed.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 3b44f8e00e..e32a8a34bd 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1177,6 +1177,50 @@ ms.date: 10/08/2020 - [ADMX_TerminalServer/TS_NoSecurityMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nosecuritymenu) - [ADMX_TerminalServer/TS_PreventLicenseUpgrade](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_preventlicenseupgrade) - [ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_promt_creds_client_comp) +- [ADMX_TerminalServer/TS_RADC_DefaultConnection](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_radc_defaultconnection) +- [ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_rdsappx_waitforregistration) +- [ADMX_TerminalServer/TS_RemoteControl_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotecontrol_1) +- [ADMX_TerminalServer/TS_RemoteControl_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotecontrol_2) +- [ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotedesktopvirtualgraphics) +- [ADMX_TerminalServer/TS_SD_ClustName](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_clustname) +- [ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_expose_address) +- [ADMX_TerminalServer/TS_SD_Loc](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_loc) +- [ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_security_layer_policy) +- [ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_select_network_detect) +- [ADMX_TerminalServer/TS_SELECT_TRANSPORT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_select_transport) +- [ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_advanced_remotefx_remoteapp) +- [ADMX_TerminalServer/TS_SERVER_AUTH](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_auth) +- [ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_avc_hw_encode_preferred) +- [ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_avc444_mode_preferred) +- [ADMX_TerminalServer/TS_SERVER_COMPRESSOR](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_compressor) +- [ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_image_quality) +- [ADMX_TerminalServer/TS_SERVER_LEGACY_RFX](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_legacy_rfx) +- [ADMX_TerminalServer/TS_SERVER_PROFILE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_profile) +- [ADMX_TerminalServer/TS_SERVER_VISEXP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_visexp) +- [ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_wddm_graphics_driver) +- [ADMX_TerminalServer/TS_Session_End_On_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_session_end_on_limit_1) +- [ADMX_TerminalServer/TS_Session_End_On_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_session_end_on_limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_1) +- [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2) +- [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1) +- [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_1) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_2) +- [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session) +- [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card) +- [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1) +- [ADMX_TerminalServer/TS_START_PROGRAM_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_2) +- [ADMX_TerminalServer/TS_TEMP_DELETE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_temp_delete) +- [ADMX_TerminalServer/TS_TEMP_PER_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_temp_per_session) +- [ADMX_TerminalServer/TS_TIME_ZONE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_time_zone) +- [ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_tscc_permissions_policy) +- [ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_turnoff_singleapp) +- [ADMX_TerminalServer/TS_UIA](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_uia) +- [ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_usb_redirection_disable) +- [ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_authentication_policy) +- [ADMX_TerminalServer/TS_USER_HOME](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_home) +- [ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_mandatory_profiles) +- [ADMX_TerminalServer/TS_USER_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_profiles) - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails) - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders) - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders) From 013a58e0f8226113f7db945dac4d3fb4e0d23f65 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 12:36:06 +0530 Subject: [PATCH 047/335] Updated --- .../policy-configuration-service-provider.md | 78 ++ .../mdm/policy-csp-admx-terminalserver.md | 690 +++++++++++++----- 2 files changed, 593 insertions(+), 175 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index fa5d7a6fb0..13d7cd2ea9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4205,6 +4205,84 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
+
+ ADMX_TerminalServer/TS_RADC_DefaultConnection +
+
+ ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration +
+
+ ADMX_TerminalServer/TS_RemoteControl_1 +
+
+ ADMX_TerminalServer/TS_RemoteControl_2 +
+
+ ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics +
+
+ ADMX_TerminalServer/TS_SD_ClustName +
+
+ ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS +
+
+ ADMX_TerminalServer/TS_SD_Loc +
+
+ ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY +
+
+ ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT +
+
+ ADMX_TerminalServer/TS_SELECT_TRANSPORT +
+
+ ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP +
+
+ ADMX_TerminalServer/TS_SERVER_AUTH +
+
+ ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_COMPRESSOR +
+
+ ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY +
+
+ ADMX_TerminalServer/TS_SERVER_LEGACY_RFX +
+
+ ADMX_TerminalServer/TS_SERVER_PROFILE +
+
+ ADMX_TerminalServer/TS_SERVER_VISEXP +
+
+ ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_1 +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2 +
### ADMX_Thumbnails policies diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 727599a933..c96ea7e054 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -567,154 +567,9 @@ ADMX Info:
- -**ADMX_TerminalServer/TS_RADC_DefaultConnection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - - -This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). - -- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. - -- If you disable or do not configure this policy setting, the user has no default connection URL. - -RemoteApp programs that are installed through RemoteApp and Desktop Connections from an un-trusted server can compromise the security of a user's account. - - - - - - -ADMX Info: -- GP Friendly name: *Specify default connection URL* -- GP name: *TS_RADC_DefaultConnection* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP ADMX file name: *TerminalServer.admx* - - - -
-**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - - -This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. - -- If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. - -- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. - - - - - - -ADMX Info: -- GP Friendly name: *Suspend user sign-in to complete app registration* -- GP name: *TS_RDSAppX_WaitForRegistration* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP ADMX file name: *TerminalServer.admx* - - - -
- - -**ADMX_TerminalServer/TS_RemoteControl_1** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** @@ -763,32 +618,7 @@ ADMX Info: - -This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. - -To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. - - - - - - -ADMX Info: -- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* -- GP name: *TS_RemoteControl_1* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP ADMX file name: *TerminalServer.admx* - - - -
- - -**ADMX_TerminalServer/TS_RemoteControl_2** - - - -This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). @@ -796,7 +626,7 @@ If you enable or do not configure this policy setting, users can run .rdp files If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. ->[!Note] +>[!NOTE] >You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. @@ -804,7 +634,7 @@ If you disable this policy setting, users cannot run .rdp files that are signed ADMX Info: - GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* -- GP name: *TTS_CLIENT_ALLOW_SIGNED_FILES_1* +- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* - GP ADMX file name: *TerminalServer.admx* @@ -2742,6 +2572,82 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. + +In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. + +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. + +To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. + +When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. + +If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. + + + + +ADMX Info: +- GP Friendly name: *Enable connection through RD Gateway* +- GP name: *TS_GATEWAY_POLICY_ENABLE* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ **ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** @@ -3863,6 +3769,292 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_RADC_DefaultConnection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). + +- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. + +- If you disable or do not configure this policy setting, the user has no default connection URL. + +RemoteApp programs that are installed through RemoteApp and Desktop Connections from an un-trusted server can compromise the security of a user's account. + + + + + + +ADMX Info: +- GP Friendly name: *Specify default connection URL* +- GP name: *TS_RADC_DefaultConnection* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. + +- If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. + +- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. + + + + + + +ADMX Info: +- GP Friendly name: *Suspend user sign-in to complete app registration* +- GP name: *TS_RDSAppX_WaitForRegistration* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ **ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** @@ -4973,6 +5165,77 @@ ADMX Info: +**ADMX_TerminalServer/TS_SERVER_VISEXP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation. + +- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text. + +- If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia. + + + + +ADMX Info: +- GP Friendly name: *Optimize visual experience for Remote Desktop Service Sessions* +- GP name: *TS_SERVER_VISEXP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + **ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** @@ -5577,6 +5840,83 @@ ADMX Info: +**ADMX_TerminalServer/TS_SESSIONS_Limits_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Limits_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + **ADMX_TerminalServer/TS_SINGLE_SESSION** @@ -6312,7 +6652,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** +**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** From 050ba1d6767b40a4a9ec0aba139c10d459d5a625 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 12:48:35 +0530 Subject: [PATCH 048/335] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- .../mdm/policy-configuration-service-provider.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index e32a8a34bd..57ac9f7317 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1204,8 +1204,8 @@ ms.date: 10/08/2020 - [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_1) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_1) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_2) - [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session) - [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card) - [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 13d7cd2ea9..11916ac48a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4206,7 +4206,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
- ADMX_TerminalServer/TS_RADC_DefaultConnection + ADMX_TerminalServer/TS_RADC_DefaultConnection
ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration @@ -4239,13 +4239,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ADMX_TerminalServer/TS_SELECT_TRANSPORT
- ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP + ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
ADMX_TerminalServer/TS_SERVER_AUTH
- ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED + ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED From 34e27c8cd44ef6cc068a63f8bb95cce2eb3d3285 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 13:17:16 +0530 Subject: [PATCH 049/335] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 11916ac48a..b62b8f7d66 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4247,9 +4247,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
-
- ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED -
ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
From 880432985b64090b80309fd112d1531a6b200bd6 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 13:29:38 +0530 Subject: [PATCH 050/335] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- .../mdm/policy-configuration-service-provider.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 57ac9f7317..0153913344 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1204,8 +1204,8 @@ ms.date: 10/08/2020 - [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_1) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Limits_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limits_1) +- [ADMX_TerminalServer/TS_SESSIONS_Limits_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limits_2) - [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session) - [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card) - [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b62b8f7d66..a636e041e5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4242,7 +4242,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
- ADMX_TerminalServer/TS_SERVER_AUTH + ADMX_TerminalServer/TS_SERVER_AUTH
ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED From f5ede191b79be42c1e6d6db6bfa26f14df02605e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 13:43:58 +0530 Subject: [PATCH 051/335] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a636e041e5..1fa8949def 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4280,6 +4280,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2 +
### ADMX_Thumbnails policies From 8e8a45bbd972cd73e93852e6f167855aef3cd54c Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Mon, 22 Nov 2021 14:03:49 +0530 Subject: [PATCH 052/335] Adding new policies in CSP .md --- .../policy-configuration-service-provider.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b62b8f7d66..95217e5116 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4280,6 +4280,51 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+
+ ADMX_TerminalServer/TS_SINGLE_SESSION +
+
+ ADMX_TerminalServer/TS_SMART_CARD +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_1 +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_2 +
+
+ ADMX_TerminalServer/TS_TEMP_DELETE +
+
+ ADMX_TerminalServer/TS_TEMP_PER_SESSION +
+
+ ADMX_TerminalServer/TS_TIME_ZONE +
+
+ ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY +
+
+ ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP +
+
+ ADMX_TerminalServer/TS_UIA +
+
+ ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE +
+
+ ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY +
+
+ ADMX_TerminalServer/TS_USER_HOME +
+
+ ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES +
+
+ ADMX_TerminalServer/TS_USER_PROFILES +
### ADMX_Thumbnails policies From 84b0ba0c436ebd9397cb675d32e9a68722d73bdd Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 14:14:56 +0530 Subject: [PATCH 053/335] Updated --- .../mdm/policy-configuration-service-provider.md | 3 ++- .../client-management/mdm/policy-csp-admx-terminalserver.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1fa8949def..21a5e6f57f 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4283,9 +4283,10 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
-
+
ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
+
### ADMX_Thumbnails policies diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index c96ea7e054..67bd9ecc23 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6,8 +6,8 @@ ms.localizationpriority: medium ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 09/23/2020 +author: nimishasatapathy +ms.date: 11/22/2021 ms.reviewer: manager: dansimp --- From 1b4e38f020f548601e4db8961994ef0c52080f21 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 15:27:47 +0530 Subject: [PATCH 054/335] Update policy-csp-settings.md --- .../mdm/policy-csp-settings.md | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 69c7b52c83..c595c0b078 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -29,6 +29,9 @@ manager: dansimp
Settings/AllowDateTime
+
+ Settings/AllowEditDeviceName +
Settings/AllowLanguage
@@ -266,6 +269,68 @@ The following list shows the supported values:
+ +**Settings/AllowEditDeviceName** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy disables edit device name option on Settings. + + + + +Describes what value are supported in by this policy and meaning of each value, default value. + + + + +
+ **Settings/AllowLanguage** From cf41ad11bb4cba8c4b31075e8a94d6d8c8dbd02e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 17:26:50 +0530 Subject: [PATCH 055/335] Added missing policies in policy-system-csp.md Added: - System/LimitDiagnosticLogCollection - System/LimitDumpCollection --- .../policy-configuration-service-provider.md | 6 + .../mdm/policy-csp-system.md | 143 ++++++++++++++++++ 2 files changed, 149 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..a49ccf6dae 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8358,6 +8358,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ System/LimitDiagnosticLogCollection +
+
+ System/LimitDumpCollection +
System/LimitEnhancedDiagnosticDataWindowsAnalytics
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 04cccacbb5..f963b773a2 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -94,6 +94,9 @@ manager: dansimp
System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ System/LimitDiagnosticLogCollection +
System/LimitEnhancedDiagnosticDataWindowsAnalytics
@@ -1766,6 +1769,146 @@ The following list shows the supported values:
+ +**System/LimitDiagnosticLogCollection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It is sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for additional data collection. + +If you disable or do not configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data. + + + +ADMX Info: +- GP Friendly name: *Limit Diagnostic Log Collection* +- GP name: *LimitDiagnosticLogCollection* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 – Disabled +- 1 – Enabled +- + + + +
+ + +**System/LimitDumpCollection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps are not sent unless we have permission to collect optional diagnostic data. + +By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. + +If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data. + + + +ADMX Info: +- GP Friendly name: *Limit Dump Collection* +- GP name: *LimitDumpCollection* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 – Disabled +- 1 – Enabled +- + + + +
+ **System/LimitEnhancedDiagnosticDataWindowsAnalytics** From 5436b59670ae0a26a8da33989fc394926a57e98e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 17:30:08 +0530 Subject: [PATCH 056/335] added index --- windows/client-management/mdm/policy-csp-system.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index f963b773a2..15ca67148a 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -97,6 +97,9 @@ manager: dansimp
System/LimitDiagnosticLogCollection
+
+ System/LimitDumpCollection +
System/LimitEnhancedDiagnosticDataWindowsAnalytics
From 61fa2b89662ef007259e506b1830a5442694d41d Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 19:37:26 +0530 Subject: [PATCH 057/335] Notification update --- .../mdm/policy-csp-notifications.md | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 643ef3e681..7ba7ed964f 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -31,6 +31,9 @@ manager: dansimp
Notifications/DisallowTileNotification
+
+ Notifications/WnsEndpoint +
@@ -280,5 +283,77 @@ Validation:
+ +**Notifications/WnsEndpoint** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting determines which Windows Notification Service endpoint will be used to connect for Windows Push Notifications. + +If you disable or do not configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com. + +Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also whitelisted from your firewall settings. + + + +ADMX Info: +- GP Friendly name: *Required for Airgap servers that may have a unique FQDN that is different from the public endpoint* +- GP name: *WnsEndpoint* +- GP path: *Start Menu and Taskbar/Notifications* +- GP ADMX file name: *WPN.admx* + + + +If the policy is not specified, we will default our connection to client.wns.windows.com. + + + +
+ \ No newline at end of file From a7b671cf433767152e3345561e32b4bc1d54f384 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 14:43:05 +0530 Subject: [PATCH 058/335] Added missing CSP in TextInput.md Added : - TextInput/AllowTextInputSuggestionUpdate --- .../policy-configuration-service-provider.md | 3 + .../mdm/policy-csp-textinput.md | 72 +++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..b15e0648ff 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8447,6 +8447,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
TextInput/AllowLinguisticDataCollection
+
+ TextInput/AllowTextInputSuggestionUpdate +
TextInput/ConfigureJapaneseIMEVersion
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 77bf576304..23f839bf58 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -58,6 +58,9 @@ manager: dansimp
TextInput/AllowLinguisticDataCollection
+
+ TextInput/AllowTextInputSuggestionUpdate +
TextInput/ConfigureJapaneseIMEVersion
@@ -856,6 +859,75 @@ This setting supports a range of values between 0 and 1.
+ +**TextInput/AllowTextInputSuggestionUpdate** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Allows the user to turn on or off the automatic downloading of newer versions of the Expressive Input UI. +When downloading is not allowed the Expressive Input panel will always display the initial UI included with the base Windows image. + +Most restricted value is 0. + +Default: Enabled + + + +The following list shows the supported values: + +- 1 (Enabled) - The newer UX is downloaded from Microsoft service. +- 0 (Diabled) - The UX remains unchanged with what the operating system installs. + + + + +
+ **TextInput/ConfigureJapaneseIMEVersion** From d90f8375eddde74d6c44e24fd236b27cf3ca48fe Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 15:24:27 +0530 Subject: [PATCH 059/335] Added missing CSPs in TimeLanguageSettings.md Added : - TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks - TimeLanguageSettings/MachineUILanguageOverwrite - TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall --- .../policy-configuration-service-provider.md | 9 + .../mdm/policy-csp-timelanguagesettings.md | 233 ++++++++++++++++++ 2 files changed, 242 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..73b572e3bd 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8497,9 +8497,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ### TimeLanguageSettings policies
+
+ TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks +
TimeLanguageSettings/ConfigureTimeZone
+
+ TimeLanguageSettings/MachineUILanguageOverwrite +
+
+ TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall +
### Troubleshooting policies diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 9d490b2202..b176166a68 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -22,12 +22,99 @@ manager: dansimp ## TimeLanguageSettings policies
+
+ TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks +
TimeLanguageSettings/ConfigureTimeZone
+
+ TimeLanguageSettings/MachineUILanguageOverwrite +
+
+ TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall +
+
+ + +**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls whether the maintenance task will run to clean up language packs installed on a machine but are not used by any users on that machine. + +If you enable this policy setting (value 1), language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system. + +If you disable (value 0) or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task. + + + + + + +ADMX Info: +- GP Friendly name: *Block cleanup of unused language packs* +- GP name: *BlockCleanupOfUnusedPreinstalledLangPacks* +- GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options* +- GP ADMX file name: *Globalization.admx* + + + + + + + + + +
@@ -98,5 +185,151 @@ Specifies the time zone to be applied to the device. This is the standard Window
+ +**TimeLanguageSettings/MachineUILanguageOverwrite** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls which UI language is used for computers with more than one UI language installed. + +If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator. + +If you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs. + + + + + + +ADMX Info: +- GP Friendly name: *Force selected system UI language to overwrite the user UI language* +- GP name: *MachineUILanguageOverwrite* +- GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options* +- GP ADMX file name: *Globalization.admx* + + + + + + + + + + +
+ + +**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting restricts standard users from installing language features on demand. This policy does not restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.” + +If you enable this policy setting, the installation of language features is prevented for standard users. + +If you disable or do not configure this policy setting, there is no language feature installation restriction for the standard users. + + + + + + + + + + + + + From 5edc8ccd344ee6f31cc3866de9cc0583d619dadf Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Thu, 25 Nov 2021 15:24:51 +0530 Subject: [PATCH 060/335] 5560668-part2-windows-docs-pr --- windows/deployment/update/quality-updates.md | 2 +- windows/deployment/update/waas-delivery-optimization.md | 2 +- windows/deployment/update/waas-overview.md | 2 +- .../update/waas-servicing-strategy-windows-10-updates.md | 2 +- windows/deployment/update/waas-wufb-group-policy.md | 2 +- windows/deployment/update/windows-update-errors.md | 2 +- windows/deployment/update/windows-update-resources.md | 8 ++++---- .../deployment/update/windows-update-troubleshooting.md | 2 +- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/upgrade/quick-fixes.md | 2 +- windows/deployment/upgrade/resolution-procedures.md | 4 ++-- .../upgrade/resolve-windows-10-upgrade-errors.md | 2 +- windows/deployment/upgrade/troubleshoot-upgrade-errors.md | 2 +- windows/deployment/upgrade/upgrade-error-codes.md | 2 +- windows/deployment/upgrade/windows-10-upgrade-paths.md | 2 +- windows/deployment/upgrade/windows-error-reporting.md | 2 +- .../volume-activation/configure-client-computers-vamt.md | 4 ++-- windows/deployment/windows-10-media.md | 2 +- ...diagnostic-data-windows-analytics-events-and-fields.md | 2 +- ...s-operating-system-components-to-microsoft-services.md | 4 ++-- windows/privacy/manage-windows-11-endpoints.md | 2 +- windows/privacy/manage-windows-1709-endpoints.md | 8 ++++---- windows/privacy/manage-windows-1803-endpoints.md | 8 ++++---- windows/privacy/manage-windows-20H2-endpoints.md | 2 +- windows/privacy/manage-windows-21H1-endpoints.md | 2 +- windows/privacy/manage-windows-21h2-endpoints.md | 2 +- 26 files changed, 38 insertions(+), 38 deletions(-) diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md index 2f90ee99e0..2bd74d5b87 100644 --- a/windows/deployment/update/quality-updates.md +++ b/windows/deployment/update/quality-updates.md @@ -61,7 +61,7 @@ Some key considerations about OOB releases include: ## More information -For additional details about the different types of Windows updates like critical, security, drivers, service packs, and more, please see the [Description of the standard terminology used to describe Microsoft software updates](https://support.microsoft.com/help/824684) and [Introducing a new deployment service for driver and firmware updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942). +For additional details about the different types of Windows updates like critical, security, drivers, service packs, and more, please see the [Description of the standard terminology used to describe Microsoft software updates](/troubleshoot/windows-client/deployment/standard-terminology-software-updates) and [Introducing a new deployment service for driver and firmware updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942). ## Related topics diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 4bd4c62a37..61ba0ff9a7 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -117,7 +117,7 @@ Delivery Optimization also communicates with its cloud service by using HTTP/HTT #### What are the requirements if I use a proxy? -For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update). +For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting). #### What hostnames should I allow through my firewall to support Delivery Optimization? diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 543f0e96db..c48bf0f429 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -113,7 +113,7 @@ Specialized systems—such as devices that control medical equipment, point-of-s Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. > [!NOTE] -> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products). +> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows). The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSC editions, even if you install by using sideloading. diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 3fda1c0024..3f7a279aaa 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -28,7 +28,7 @@ Here’s an example of what this process might look like: - **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business. - **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible. -- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) +- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) - **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools). - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 086e6b3841..ba6dade4d5 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -31,7 +31,7 @@ To manage updates with Windows Update for Business as described in this article, - Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. - Allow access to the Windows Update service. -- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates). +- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates). ## Set up Windows Update for Business diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index fc07839d42..46f3b90097 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -98,7 +98,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.

Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. | +| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.

Review [KB920659](/troubleshoot/windows-server/deployment/wsus-selfupdate-not-send-automatic-updates) for instructions to resolve the issue. | ## 0x80244007 diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index fd1d2c3d80..5e140ac574 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -30,13 +30,13 @@ The following resources provide additional information about using Windows Updat ## WSUS Troubleshooting -[Troubleshooting issues with WSUS client agents](https://support.microsoft.com/help/10132/) +[Troubleshooting issues with WSUS client agents](/troubleshoot/mem/configmgr/troubleshoot-issues-with-wsus-client-agents) -[How to troubleshoot WSUS](https://support.microsoft.com/help/4025764/) +[How to troubleshoot WSUS](/troubleshoot/mem/configmgr/troubleshoot-wsus-connection-failures) -[Error 80244007 when WSUS client scans for updates](https://support.microsoft.com/help/4096317/) +[Error 80244007 when WSUS client scans for updates](/troubleshoot/mem/configmgr/error-80244007-when-wsus-client-scans-updates) -[Updates may not be installed with Fast Startup in Windows 10](https://support.microsoft.com/help/4011287/) +[Updates may not be installed with Fast Startup in Windows 10](/troubleshoot/windows-client/deployment/updates-not-install-with-fast-startup) ## How do I reset Windows Update components? diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index affb4df80e..f612e9b8c6 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -154,7 +154,7 @@ Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping ## Issues arising from configuration of conflicting policies Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors. -For more information, see [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information. +For more information, see [How to configure automatic updates by using Group Policy or registry settings](/windows/deployment/update/waas-wu-settings) for more information. ## Device cannot access update files diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index f7c75013e7..d666c24a07 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -258,4 +258,4 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index d9c4e34fd7..ed61e6c2c4 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -240,4 +240,4 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 9752ac670c..c884c9cb05 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -45,7 +45,7 @@ See the following general troubleshooting procedures associated with a result co | :--- | :--- | :--- | | 0xC1900101 - 0x20004 | Uninstall antivirus applications.
Remove all unused SATA devices.
Remove all unused devices and drivers.
Update drivers and BIOS. | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation.
This is generally caused by out-of-date drivers. | | 0xC1900101 - 0x2000c | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
This is generally caused by out-of-date drivers | -| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](https://support.microsoft.com/en-us/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows).
Update or uninstall the problem drivers. | A driver has caused an illegal operation.
Windows was not able to migrate the driver, resulting in a rollback of the operating system.
This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. | +| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](/troubleshoot/windows-client/deployment/windows-setup-log-file-locations).
Update or uninstall the problem drivers. | A driver has caused an illegal operation.
Windows was not able to migrate the driver, resulting in a rollback of the operating system.
This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. | | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
 
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
 
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
 
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. | @@ -344,6 +344,6 @@ Also see the following sequential list of modern setup (mosetup) error codes wit - [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) - [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) - [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro) -- [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) - [Win 7 to Win 10 upgrade error (0x800707E7 - 0x3000D)](https://answers.microsoft.com/en-us/windows/forum/all/win-7-to-win-10-upgrade-error-0x800707e7-0x3000d/1273bc1e-8a04-44d4-a6b2-808c9feeb020)) - [Win 10 upgrade error: User profile suffix mismatch, 0x800707E7 - 0x3000D](https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/win-10-upgrade-error-user-profile-suffix-mismatch/0f006733-2af5-4b42-a2d4-863fad05273d?page=3) diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 24ed5c4e2b..1b32993b9d 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -61,5 +61,5 @@ See the following topics in this article:
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
\ No newline at end of file diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index d8183e1f62..1e5e363532 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -98,4 +98,4 @@ WIM = Windows image (Microsoft)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 93173e687a..bb10c8952d 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -158,4 +158,4 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 600631905f..6751e7e2b4 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -26,7 +26,7 @@ This topic provides a summary of available upgrade paths to Windows 10. You can If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded. -- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. +- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information. - **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options. diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 50aad1782d..c68a62ccb1 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -71,4 +71,4 @@ The event will also contain links to log files that can be used to perform a det [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index 5cbd41f410..a42268c33d 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -65,12 +65,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. - For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://support.microsoft.com/help/929851). + For more info, see [How to configure RPC dynamic port allocation to work with firewalls](/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang). ## Create a registry value for the VAMT to access workgroup-joined computer > [WARNING]   -> This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://support.microsoft.com/help/256986). +> This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](/troubleshoot/windows-server/performance/windows-registry-advanced-users). On the client computer, create the following registry key using regedit.exe. diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 3595e295f0..d3de108475 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -53,7 +53,7 @@ Features on demand is a method for adding features to your Windows 10 image that
[Volume Activation for Windows 10](./volume-activation/volume-activation-windows-10.md)
[Plan for volume activation](./volume-activation/plan-for-volume-activation-client.md)
[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) -
[Download and burn an ISO file on the volume licensing site (VLSC)](https://support.microsoft.com/help/2472143/download-and-burn-an-iso-file-on-the-volume-licensing-site-vlsc) +
[Download and burn an ISO file on the volume licensing site (VLSC)](/troubleshoot/windows-client/deployment/iso-file-on-vlsc)   diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index 4188fd5ad3..157848b599 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -26,7 +26,7 @@ ms.reviewer: > [!IMPORTANT] > The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported. -> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement). +> For more information, see [Windows Analytics retirement on January 31, 2020](/lifecycle/announcements/windows-analytics-retirement). Desktop Analytics reports are powered by diagnostic data not included in the Basic level. diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index aef42b510b..928161b06d 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -28,7 +28,7 @@ ms.date: 5/21/2021 This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience. -Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly. +Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly. > [!IMPORTANT] > - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices. @@ -420,7 +420,7 @@ To turn off Insider Preview builds for Windows 10 and Windows 11: ### 8. Internet Explorer > [!NOTE] -> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: +> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](/troubleshoot/browsers/enhanced-security-configuration-faq). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: | Policy | Description | |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md index 718e6bdc07..3eb00fd485 100644 --- a/windows/privacy/manage-windows-11-endpoints.md +++ b/windows/privacy/manage-windows-11-endpoints.md @@ -155,5 +155,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 8c9ec8ec64..3815f25f30 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -293,7 +293,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -304,7 +304,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen | | | *.e-msedge.net | | | | *.s-msedge.net | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -327,7 +327,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | -The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | @@ -455,5 +455,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index 88aab3a7f9..c6fdb38386 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -297,7 +297,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -309,7 +309,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen | | | *.s-msedge.net | | | HTTPS | ocos-office365-s2s.msedge.net | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -332,7 +332,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | -The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | @@ -460,5 +460,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md index 4378cb0b1d..a10181d480 100644 --- a/windows/privacy/manage-windows-20H2-endpoints.md +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -155,5 +155,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md index 427beac9b9..f30727f52c 100644 --- a/windows/privacy/manage-windows-21H1-endpoints.md +++ b/windows/privacy/manage-windows-21H1-endpoints.md @@ -153,5 +153,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md index c6578dcc77..af44d078a0 100644 --- a/windows/privacy/manage-windows-21h2-endpoints.md +++ b/windows/privacy/manage-windows-21h2-endpoints.md @@ -153,5 +153,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file From 3959873286956465627adeb5a66c7dab0aee6cad Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 16:28:50 +0530 Subject: [PATCH 061/335] Added missing CSPs in Update.md Added the following policy entries: - Update/ConfigureDeadlineGracePeriodForFeatureUpdates - Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection - Update/SetPolicyDrivenUpdateSourceForDriverUpdates - Update/SetPolicyDrivenUpdateSourceForFeatureUpdates - Update/SetPolicyDrivenUpdateSourceForOtherUpdates - Update/SetPolicyDrivenUpdateSourceForQualityUpdates --- .../policy-configuration-service-provider.md | 18 + .../mdm/policy-csp-update.md | 482 ++++++++++++++++++ 2 files changed, 500 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..8edcf7dfe8 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8564,6 +8564,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -8591,6 +8594,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/DisableWUfBSafeguards
+
+ Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection +
Update/EngagedRestartDeadline
@@ -8687,6 +8693,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/SetEDURestart
+
+ Update/SetPolicyDrivenUpdateSourceForDriverUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForFeatureUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForOtherUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForQualityUpdates +
Update/SetProxyBehaviorForUpdateDetection
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c38caf5830..960936ef4d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -72,6 +72,9 @@ manager: dansimp
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -99,6 +102,9 @@ manager: dansimp
Update/DisableWUfBSafeguards
+
+ Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection +
Update/EngagedRestartDeadline
@@ -195,6 +201,18 @@ manager: dansimp
Update/SetEDURestart
+
+ Update/SetPolicyDrivenUpdateSourceForDriverUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForFeatureUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForOtherUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForQualityUpdates +
Update/SetProxyBehaviorForUpdateDetection
@@ -1515,6 +1533,77 @@ Default value is 2.
+ +**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Allows IT admins to set different grace periods for both Quality Updates and Feature Updates. Specifically, when used with used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates). + +IT Admins will be able to specify a minimum number of days until restarts occur automatically for Featur Updates. Setting the grace period may extend the effective deadline set by the deadline policies specifically for Feature Updates. + + + + +Supports a numeric value from 0 - 7, which indicates the minimum number of days. + +Default value is 2. + + + + + + + + + +
+ **Update/ConfigureDeadlineNoAutoReboot** @@ -2250,6 +2339,80 @@ The following list shows the supported values:
+ +**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +To ensure the highest levels of security, we recommended leveraging WSUS TLS certificate pinning on all devices. + +By default, certificate pinning for Windows Update client is not enforced. + + + +ADMX Info: +- GP Friendly name: *Allow user proxy to be used as a fallback if detection using system proxy fails* +- GP name: *Allow user proxy to be used as a fallback if detection using system proxy fails* +- GP path: *Windows Update\SpecifyintranetMicrosoftupdateserviceLocation* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0 (default) -Do not enforce certificate pinning +- 1 - Do not enforce certificate pinning + + + + +
+ **Update/EngagedRestartDeadline** @@ -4557,6 +4720,325 @@ The following list shows the supported values:
+ +**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForDriverUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForFeatureUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForOtherUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForQualityUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
**Update/SetProxyBehaviorForUpdateDetection** From 1bea4d17370edd63f91305555d853e0a430bbf59 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Thu, 25 Nov 2021 17:35:10 +0530 Subject: [PATCH 062/335] fixed acrolinx errors and suggestions --- .../privacy/manage-windows-11-endpoints.md | 2 +- .../privacy/manage-windows-1709-endpoints.md | 44 ++++++++-------- .../privacy/manage-windows-1803-endpoints.md | 50 +++++++++---------- .../privacy/manage-windows-20H2-endpoints.md | 2 +- .../privacy/manage-windows-21H1-endpoints.md | 2 +- .../privacy/manage-windows-21h2-endpoints.md | 2 +- 6 files changed, 51 insertions(+), 51 deletions(-) diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md index 3eb00fd485..30c5f07e04 100644 --- a/windows/privacy/manage-windows-11-endpoints.md +++ b/windows/privacy/manage-windows-11-endpoints.md @@ -155,5 +155,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 3815f25f30..320f38f7e7 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -31,16 +31,16 @@ Some Windows components, app, and related services transfer data to Microsoft ne This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. +Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it. We used the following methodology to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. -2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. As such no IPV6 traffic is reported here. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. @@ -59,7 +59,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -68,7 +68,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoints are used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -78,7 +78,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Facebook updates. To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -87,7 +87,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -96,7 +96,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -105,14 +105,14 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | The following endpoint is used by the Groove Music app for update HTTP handler status. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and can't directly launch the app. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -121,28 +121,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Cortana and Search The following endpoint is used to get images that are used for Microsoft Store suggestions. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions. | Source process | Protocol | Destination | |----------------|----------|------------| | searchui | HTTPS |store-images.s-microsoft.com | The following endpoint is used to update Cortana greetings, tips, and Live Tiles. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/client | The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive | The following endpoint is used by Cortana to report diagnostic and diagnostic data information. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and can't fix them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -150,11 +150,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Certificates -The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. +The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses. -Additionally, it is used to download certificates that are publicly known to be fraudulent. +Additionally, it's used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. -We do not recommend blocking this endpoint. +We don't recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. | Source process | Protocol | Destination | @@ -293,7 +293,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -304,7 +304,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen | | | *.e-msedge.net | | | | *.s-msedge.net | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -327,7 +327,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | -The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide). +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | @@ -455,5 +455,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index c6fdb38386..877b2991d4 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -31,16 +31,16 @@ Some Windows components, app, and related services transfer data to Microsoft ne This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. +Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it. We used the following methodology to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. -2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. As such no IPV6 traffic is reported here. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. @@ -60,7 +60,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -69,7 +69,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoints are used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -79,7 +79,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Facebook updates. To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -88,7 +88,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -97,7 +97,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -106,14 +106,14 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | The following endpoint is used by the Groove Music app for update HTTP handler status. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and can't directly launch the app. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -122,28 +122,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Cortana and Search The following endpoint is used to get images that are used for Microsoft Store suggestions. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions. | Source process | Protocol | Destination | |----------------|----------|------------| | searchui | HTTPS |store-images.s-microsoft.com | The following endpoint is used to update Cortana greetings, tips, and Live Tiles. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/client | The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive | The following endpoint is used by Cortana to report diagnostic and diagnostic data information. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and can't fix them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -151,11 +151,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Certificates -The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. +The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses. -Additionally, it is used to download certificates that are publicly known to be fraudulent. +Additionally, it's used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. -We do not recommend blocking this endpoint. +We don't recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. | Source process | Protocol | Destination | @@ -165,7 +165,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl ## Device authentication The following endpoint is used to authenticate a device. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device won't be authenticated. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -174,7 +174,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Device metadata The following endpoint is used to retrieve device metadata. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata won't be updated for the device. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -184,7 +184,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Diagnostic Data The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -297,7 +297,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -309,7 +309,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen | | | *.s-msedge.net | | | HTTPS | ocos-office365-s2s.msedge.net | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -332,7 +332,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | -The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide). +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | @@ -460,5 +460,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md index a10181d480..2a50c1802d 100644 --- a/windows/privacy/manage-windows-20H2-endpoints.md +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -155,5 +155,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md index f30727f52c..46cdd0bcec 100644 --- a/windows/privacy/manage-windows-21H1-endpoints.md +++ b/windows/privacy/manage-windows-21H1-endpoints.md @@ -153,5 +153,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md index af44d078a0..36caec360f 100644 --- a/windows/privacy/manage-windows-21h2-endpoints.md +++ b/windows/privacy/manage-windows-21h2-endpoints.md @@ -153,5 +153,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2&view=o365-worldwide) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file From 218d92239ff5bd8229c33952bbcaa373cdb2eed6 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 17:35:28 +0530 Subject: [PATCH 063/335] Added new VirtualizationBasedTechnology.md for policies Added new file: VirtualizationBasedTechnology.md to include missing policies: - VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity - VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable --- .../policy-configuration-service-provider.md | 11 ++ ...olicy-csp-virtualizationbasedtechnology.md | 181 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 194 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..b95d387e6b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8797,6 +8797,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC +### VirtualizationBasedTechnology policies + +
+
+ VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity +
+
+ VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable +
+
+ ### Wifi policies
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md new file mode 100644 index 0000000000..0640cb8d99 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -0,0 +1,181 @@ +--- +title: Policy CSP - VirtualizationBasedTechnology +description: Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: aljupudi +ms.localizationpriority: medium +ms.date: 11/25/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - VirtualizationBasedTechnology + +
+ + +## VirtualizationBasedTechnology policies + +
+
+ VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity +
+
+ VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable +
+
+ + +
+ + +**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs). + +>[!NOTE] +>After the policy is pushed, a system reboot will be required to change the state of HVCI. + + + +The following are the supported values: + +- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock +- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock +- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock + + + + + + + + + +
+ + +**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs). + +>[!NOTE] +>After the policy is pushed, a system reboot will be required to change the state of HVCI. + + + + +The following are the supported values: + +- 0: (Disabled) Do not require UEFI Memory Attributes Table +- 1: (Enabled) Require UEFI Memory Attributes Table + + + + + + + + + +
+ + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 7a1fa1b52f..6ac4cc4a3d 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -831,6 +831,8 @@ items: href: policy-csp-update.md - name: UserRights href: policy-csp-userrights.md + - name: VirtualizationBasedTechnology + href: policy-csp-virtualizationbasedtechnology.md - name: Wifi href: policy-csp-wifi.md - name: WindowsConnectionManager From d1d396088b4b4607673053ce12e8bdac07e076bf Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 17:44:48 +0530 Subject: [PATCH 064/335] Added missing CSP in WirelessDisplay.md Added: - WirelessDisplay/AllowMovementDetectionOnInfrastructure --- .../policy-configuration-service-provider.md | 3 + .../mdm/policy-csp-wirelessdisplay.md | 74 +++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..a2c7c9c52a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8979,6 +8979,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
WirelessDisplay/AllowMdnsDiscovery
+
+ WirelessDisplay/AllowMovementDetectionOnInfrastructure +
WirelessDisplay/AllowProjectionFromPC
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 9d941ee024..779859ca11 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -26,6 +26,9 @@ manager: dansimp
WirelessDisplay/AllowMdnsDiscovery
+
+ WirelessDisplay/AllowMovementDetectionOnInfrastructure +
WirelessDisplay/AllowProjectionFromPC
@@ -177,6 +180,77 @@ The following list shows the supported values:
+ +**WirelessDisplay/AllowMovementDetectionOnInfrastructure** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to disable the infrastructure movement detection feature. + +If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure. + +If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session. + +The default value is 1. + + + + +The following list shows the supported values: + +- 0 - Do not allow +- 1 (Default) - Allow + + + + +
+ **WirelessDisplay/AllowProjectionFromPC** From 96fd9a3ac70bcfa45adc0d7e4c4a082da8a99f69 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 17:58:58 +0530 Subject: [PATCH 065/335] Created new CSP WindowsAutoplot.md Created new CSP WindowsAutoplot.md and added : - WindowsAutoPilot/EnableAgilityPostEnrollment --- .../policy-configuration-service-provider.md | 8 ++ .../mdm/policy-csp-windowsautopilot.md | 99 +++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 109 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-windowsautopilot.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..64af85d07a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8823,6 +8823,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### WindowsAutoPilot policies + +
+
+ WindowsAutoPilot/EnableAgilityPostEnrollment +
+
+ ### WindowsConnectionManager policies
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md new file mode 100644 index 0000000000..4553c96016 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -0,0 +1,99 @@ +--- +title: Policy CSP - WindowsAutoPilot +description: Learn to use the Policy CSP - WindowsAutoPilot setting to enable or disable Autopilot Agility feature. +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: aljupudi +ms.localizationpriority: medium +ms.date: 11/25/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - WindowsAutoPilot + + + +
+ + +## WindowsAutoPilot policies + +
+
+ WindowsAutoPilot/EnableAgilityPostEnrollment +
+
+ + +
+ + +**WindowsAutoPilot/EnableAgilityPostEnrollment** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy enables Windows Autopilot to be kept up-to-date during the out-of-box experience after MDM enrollment. + + + + + + + + + + + + +
+ + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 7a1fa1b52f..f14db2442b 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -833,6 +833,8 @@ items: href: policy-csp-userrights.md - name: Wifi href: policy-csp-wifi.md + - name: WindowsAutoPilot + href: policy-csp-windowsautopilot.md - name: WindowsConnectionManager href: policy-csp-windowsconnectionmanager.md - name: WindowsDefenderSecurityCenter From 4d3e48504f7da7b35778db1a01319e2a0ef3cc7b Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Thu, 25 Nov 2021 19:37:09 +0530 Subject: [PATCH 066/335] fixed suggestions --- smb/cloud-mode-business-setup.md | 12 ++++++------ windows/client-management/mdm/surfacehub-csp.md | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index 50f1527699..035e9d080a 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -50,12 +50,12 @@ Here's a few things to keep in mind before you get started: To set up a cloud infrastructure for your organization, follow the steps in this section. ### 1.1 Set up Office 365 for business -See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to: +See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to: - Plan your setup - Create Office 365 accounts and how to add your domain. - Install Office -To set up your Microsoft 365 for business tenant, see Get Started with Microsoft 365 for business. +To set up your Microsoft 365 for business tenant, see Get Started with Microsoft 365 for business. If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started: @@ -130,7 +130,7 @@ When adding users, you can also assign admin privileges to certain users in your 2. In the **Home > Active users** page, add users individually or in bulk. - To add users one at a time, select **+ Add a user**. - If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in Add users individually or in bulk to Office 365 - Admin Help. + If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in Add users individually or in bulk to Office 365 - Admin Help. **Figure 8** - Add an individual user @@ -138,7 +138,7 @@ When adding users, you can also assign admin privileges to certain users in your - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users. - The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users. + The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users. **Figure 9** - Import multiple users @@ -571,8 +571,8 @@ See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn ### For IT admins To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links: -- Set up Office 365 for business -- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365 +- Set up Office 365 for business +- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365 - More info about managing devices, apps, data, troubleshooting, and more in Intune documentation - Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/). - Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 147c460f3b..a266b3c5bb 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -282,7 +282,7 @@ SurfaceHub

Added in Windows 10, version 1703. Node for the Skype for Business settings. **InBoxApps/SkypeForBusiness/DomainName** -

Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see Set up Skype for Business Online. +

Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see Set up Skype for Business Online.

The data type is string. Supported operation is Get and Replace. From 8266c6d0e65501fbd692a85342e2a4608cdcd4ee Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 11:32:24 +0530 Subject: [PATCH 067/335] check! --- windows/client-management/mdm/policy-csp-windowsautopilot.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index 4553c96016..b03d3cddfe 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -96,4 +96,3 @@ This policy enables Windows Autopilot to be kept up-to-date during the out-of-bo

- From 957b6ad6b4557ada7dc32653a03921bf1a6d4025 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 11:40:21 +0530 Subject: [PATCH 068/335] author name fix --- windows/client-management/mdm/policy-csp-windowsautopilot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index b03d3cddfe..fedfc265ec 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: aljupudi +author: alekyaj ms.localizationpriority: medium ms.date: 11/25/2021 ms.reviewer: From cfbd96d72542491d2145dbcdaa80f1253238456f Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 11:47:25 +0530 Subject: [PATCH 069/335] author name fix --- .../mdm/policy-csp-virtualizationbasedtechnology.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index 0640cb8d99..be76aebb53 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: aljupudi +author: alekyaj ms.localizationpriority: medium ms.date: 11/25/2021 ms.reviewer: From 8fa90e2d4f27b598d32013e2bcb20f058f8810a0 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 28 Nov 2021 21:42:52 +0500 Subject: [PATCH 070/335] Update determine-appropriate-page-file-size.md --- .../client-management/determine-appropriate-page-file-size.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md index da6bb869ab..237c2ed58d 100644 --- a/windows/client-management/determine-appropriate-page-file-size.md +++ b/windows/client-management/determine-appropriate-page-file-size.md @@ -66,7 +66,7 @@ Kernel memory crash dumps require enough page file space or dedicated dump file Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead. -A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file. +A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options). ## System-managed page files From f8f49eb21fb57214ae41e6fad3c026c7e781c7e2 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 29 Nov 2021 10:44:49 +0500 Subject: [PATCH 071/335] Update deploy-whats-new.md --- windows/deployment/deploy-whats-new.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index b092bc6e3c..cb6320f60a 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -92,7 +92,7 @@ The following Delivery Optimization policies are removed in the Windows 10, vers - Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy. - Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds. -- [**Automatic Restart Sign-on (ARSO)**](/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. +- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. - **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. @@ -221,4 +221,4 @@ For more information, see the following guides: [Windows 10 release information](/windows/windows-10/release-information)
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
\ No newline at end of file +[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
From 92da6215770d788f3ff4b6b2afc6fa17b6c9c4a3 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 29 Nov 2021 12:21:59 +0530 Subject: [PATCH 072/335] 5560668 part 3 --- .../credential-guard/credential-guard-known-issues.md | 2 +- .../hello-for-business/feature-multifactor-unlock.md | 2 +- .../hello-hybrid-cert-whfb-settings-policy.md | 2 +- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- .../hello-hybrid-key-whfb-settings-policy.md | 4 ++-- .../hello-for-business/hello-key-trust-policy-settings.md | 2 +- .../bitlocker/bitlocker-management-for-enterprises.md | 2 +- ...e-your-organization-for-bitlocker-planning-and-policies.md | 2 +- .../windows-information-protection/limitations-with-wip.md | 4 ++-- windows/security/threat-protection/auditing/event-1102.md | 2 +- windows/security/threat-protection/auditing/event-4611.md | 2 +- windows/security/threat-protection/auditing/event-4616.md | 2 +- windows/security/threat-protection/auditing/event-4624.md | 4 ++-- windows/security/threat-protection/auditing/event-4625.md | 4 ++-- windows/security/threat-protection/auditing/event-4626.md | 4 ++-- windows/security/threat-protection/auditing/event-4627.md | 4 ++-- windows/security/threat-protection/auditing/event-4634.md | 2 +- windows/security/threat-protection/auditing/event-4647.md | 2 +- windows/security/threat-protection/auditing/event-4648.md | 4 ++-- windows/security/threat-protection/auditing/event-4656.md | 2 +- windows/security/threat-protection/auditing/event-4657.md | 2 +- windows/security/threat-protection/auditing/event-4658.md | 2 +- windows/security/threat-protection/auditing/event-4660.md | 2 +- windows/security/threat-protection/auditing/event-4661.md | 2 +- windows/security/threat-protection/auditing/event-4662.md | 2 +- windows/security/threat-protection/auditing/event-4663.md | 2 +- windows/security/threat-protection/auditing/event-4664.md | 2 +- windows/security/threat-protection/auditing/event-4670.md | 2 +- 28 files changed, 35 insertions(+), 35 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 208a4b22a1..605d74b87f 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -93,7 +93,7 @@ The following issue affects Citrix applications: [1] Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10, Windows 11, Windows Server 2016 or Windows Server 2019 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article: -- [KB4032786 High CPU usage in the LSAISO process on Windows](https://support.microsoft.com/help/4032786) +- [KB4032786 High CPU usage in the LSAISO process on Windows](/troubleshoot/windows-client/performance/lsaiso-process-high-cpu-usage) For further technical information on LSAISO.exe, see the MSDN article: [Isolated User Mode (IUM) Processes](/windows/win32/procthread/isolated-user-mode--ium--processes) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index d1e93b59ef..67f31805bb 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -347,7 +347,7 @@ This example configures Wi-Fi as a trusted signal (Windows 10, version 1803 or l You need at least a Windows 10, version 1709 or later workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1709 or later. -Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. +Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. ### Create the Multifactor Unlock Group Policy object diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 519afac582..fb48ebaa0f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -30,7 +30,7 @@ ms.reviewer: You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. -Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. +Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 95442ae6dd..c2b9a4d68b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -66,7 +66,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). +The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](/troubleshoot/windows-server/windows-security/requirements-domain-controller). * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder. * The certificate Subject section should contain the directory path of the server object (the distinguished name). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 3cdd96f898..3af52a79e8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -30,7 +30,7 @@ ms.reviewer: You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. -Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. +Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. @@ -69,7 +69,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv 3. In the **Select GPO** dialog box, select **Domain Controller Auto Certificate Enrollment** or the name of the domain controller certificate enrollment Group Policy object you previously created and click **OK**. >[!IMPORTANT] ->If you don't find options in GPO, you have to load the [PolicyDefinitions folder](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra). +>If you don't find options in GPO, you have to load the [PolicyDefinitions folder](/troubleshoot/windows-client/group-policy/create-and-manage-central-store). ### Windows Hello for Business Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 116c9ba6ab..9a5ef97a97 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -28,7 +28,7 @@ ms.reviewer: You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. -Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows 10, version 1703 installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. +Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows 10, version 1703 installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. On-premises certificate-based deployments of Windows Hello for Business needs one Group Policy setting: Enable Windows Hello for Business diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index eabe91593f..4429a32426 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -31,7 +31,7 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md). -Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201/) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD). +Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](/lifecycle/products/?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201%2F) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD). ## Managing devices joined to Azure Active Directory diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 8a15267bc2..e13a59a78b 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -180,7 +180,7 @@ Functionality introduced in Windows Server 2012 R2 and Windows 8.1, allows BitLo > [!NOTE] > The United States Federal Information Processing Standard (FIPS) defines security and interoperability requirements for computer systems that are used by the U.S. federal government. The FIPS 140 standard defines approved cryptographic algorithms. The FIPS 140 standard also sets forth requirements for key generation and for key management. The National Institute of Standards and Technology (NIST) uses the Cryptographic Module Validation Program (CMVP) to determine whether a particular implementation of a cryptographic algorithm is compliant with the FIPS 140 standard. An implementation of a cryptographic algorithm is considered FIPS 140-compliant only if it has been submitted for and has passed NIST validation. An algorithm that has not been submitted cannot be considered FIPS-compliant even if the implementation produces identical data as a validated implementation of the same algorithm. -Prior to these supported versions of Windows, when Windows was in FIPS mode, BitLocker prevented the creation or use of recovery passwords and instead forced the user to use recovery keys. For more information about these issues, see the support article [kb947249](https://support.microsoft.com/kb/947249). +Prior to these supported versions of Windows, when Windows was in FIPS mode, BitLocker prevented the creation or use of recovery passwords and instead forced the user to use recovery keys. For more information about these issues, see the support article [kb947249](/troubleshoot/windows-client/windows-security/bitlocker-recovery-password-not-fips-compliant). But on computers running these supported systems with BitLocker enabled: diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 929975aa97..87ea530a6e 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -73,7 +73,7 @@ This table provides info about the most common problems you might encounter whil Redirected folders with Client-Side Caching are not compatible with WIP. Apps might encounter access errors while attempting to read a cached, offline file. - Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

Note
For more info about Work Folders and Offline Files, see the blog, Work Folders and Offline Files support for Windows Information Protection. If you're having trouble opening files offline while using Offline Files and WIP, see the support article, Can't open files offline when you use Offline Files and Windows Information Protection. + Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

Note
For more info about Work Folders and Offline Files, see the blog, Work Folders and Offline Files support for Windows Information Protection. If you're having trouble opening files offline while using Offline Files and WIP, see the support article, Can't open files offline when you use Offline Files and Windows Information Protection. An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device. @@ -114,7 +114,7 @@ This table provides info about the most common problems you might encounter whil WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager. - Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders. You can configure this parameter, as described here.

If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection. + Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders. You can configure this parameter, as described here.

If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection. diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 51ff35f0c9..d21241558c 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -84,7 +84,7 @@ This event generates every time Windows Security audit log was cleared. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index fe6ba0faa7..503c8d0da2 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -89,7 +89,7 @@ You typically see these events during operating system startup or user logon and - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 4e13fb8824..34c71e2c56 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -98,7 +98,7 @@ You will typically see these events with “**Subject\\Security ID**” = “**L - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 985c5b0e59..38faea78d6 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -132,7 +132,7 @@ This event generates when a logon session is created (on destination machine). I - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". @@ -196,7 +196,7 @@ This event generates when a logon session is created (on destination machine). I - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 9f97418b4d..61e190ba1a 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -104,7 +104,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -143,7 +143,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index be7bf13b02..cc5ab9874a 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -98,7 +98,7 @@ This event generates on the computer to which the logon was performed (target co - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -134,7 +134,7 @@ This event generates on the computer to which the logon was performed (target co - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index b484de7d2d..b050838a58 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -97,7 +97,7 @@ Multiple events are generated if the group membership information cannot fit in - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -134,7 +134,7 @@ Multiple events are generated if the group membership information cannot fit in - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 71887eccc4..27f923aeaa 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -89,7 +89,7 @@ It may be positively correlated with a “[4624](event-4624.md): An account was - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index b30de5ea3f..eabd7698b9 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -88,7 +88,7 @@ It may be positively correlated with a “[4624](event-4624.md): An account was - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index 7f4517f3d0..04e69119ac 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -96,7 +96,7 @@ It is also a routine event which periodically occurs during normal operating sys - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -122,7 +122,7 @@ It is also a routine event which periodically occurs during normal operating sys - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 4da92be0ed..7f9dd2557b 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -107,7 +107,7 @@ This event shows that access was requested, and the results of the request, but - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index 9e788eb845..7c8a7b6c54 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -94,7 +94,7 @@ This event generates only if “Set Value" auditing is set in registry key’s [ - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index 8f88502248..957b595d7d 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -90,7 +90,7 @@ Typically this event is needed if you need to know how long the handle to the ob - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 0be89f17f1..7fa92fc68e 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -93,7 +93,7 @@ The advantage of this event is that it’s generated only during real delete ope - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index 2485aae2b6..a254ab803c 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -97,7 +97,7 @@ This event generates only if Success auditing is enabled for the [Audit Handle M - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index 5e9f6832a9..ab5968f778 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -97,7 +97,7 @@ You will get one 4662 for each operation type which was performed. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index 8001bded3b..ada40db01d 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -101,7 +101,7 @@ The main difference with “[4656](event-4656.md): A handle to an object was req - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index e998b508ce..b6a2a10e16 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -85,7 +85,7 @@ This event generates when an NTFS hard link was successfully created. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 059fde7e55..e0477b2e16 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -93,7 +93,7 @@ Before this event can generate, certain ACEs might need to be set in the object - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. From 01289aa8bb55133e587ee4afb9c6d25cc7d3cb71 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 29 Nov 2021 12:37:29 +0530 Subject: [PATCH 073/335] acrolinx score fixed --- .../credential-guard-known-issues.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 605d74b87f..743b97196a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -24,11 +24,11 @@ ms.reviewer: - Windows Server 2016 - Windows Server 2019 -Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). +Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. So applications that require such capabilities won't function when it's enabled. For more information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). The following known issue has been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/help/4051033): -- Scheduled tasks with domain user stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
+- Scheduled tasks with domain user-stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
"Task Scheduler failed to log on ‘\Test’.
Failure occurred in ‘LogonUserExEx’.
User Action: Ensure the credentials for the task are correctly specified.
@@ -70,9 +70,9 @@ The following known issues have been fixed by servicing releases made available The following issue affects the Java GSS API. See the following Oracle bug database article: -- [JDK-8161921: Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921) +- [JDK-8161921: Windows Defender Credential Guard doesn't allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921) -When Windows Defender Credential Guard is enabled on Windows, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). +When Windows Defender Credential Guard is enabled on Windows, the Java GSS API won't authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and won't provide the TGT session key to applications regardless of registry key settings. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). The following issue affects Cisco AnyConnect Secure Mobility Client: @@ -85,13 +85,13 @@ The following issue affects McAfee Application and Change Control (MACC): The following issue affects AppSense Environment Manager. - For further information, see the following Knowledge Base article: + For more information, see the following Knowledge Base article: - [Installing AppSense Environment Manager on Windows machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) [1] \** The following issue affects Citrix applications: - Windows machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. [1] -[1] Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10, Windows 11, Windows Server 2016 or Windows Server 2019 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article: +[1] Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10, Windows 11, Windows Server 2016, or Windows Server 2019 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article: - [KB4032786 High CPU usage in the LSAISO process on Windows](/troubleshoot/windows-client/performance/lsaiso-process-high-cpu-usage) From 4d95be1f7faaaca7e23882f88e8d99f1dd5334df Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 29 Nov 2021 13:13:12 +0530 Subject: [PATCH 074/335] fixed warning --- .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 3af52a79e8..2653fe4d2f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -30,7 +30,7 @@ ms.reviewer: You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. -Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. +Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. From 7056b2edb5e03fbf7cb631382a635771b654af55 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 29 Nov 2021 14:44:26 +0530 Subject: [PATCH 075/335] Updated metadata for privacy topics as per task 5499114 --- ...uired-windows-diagnostic-data-events-and-fields-2004.md | 3 ++- windows/privacy/windows-10-and-privacy-compliance.md | 5 +++-- .../windows-11-endpoints-non-enterprise-editions.md | 6 ++++-- windows/privacy/windows-diagnostic-data-1703.md | 5 +++-- windows/privacy/windows-diagnostic-data.md | 5 +++-- .../windows-endpoints-1709-non-enterprise-editions.md | 7 ++++--- .../windows-endpoints-1803-non-enterprise-editions.md | 5 +++-- .../windows-endpoints-1809-non-enterprise-editions.md | 5 +++-- .../windows-endpoints-1903-non-enterprise-editions.md | 5 +++-- .../windows-endpoints-1909-non-enterprise-editions.md | 5 +++-- .../windows-endpoints-2004-non-enterprise-editions.md | 5 +++-- .../windows-endpoints-20H2-non-enterprise-editions.md | 5 +++-- .../windows-endpoints-21H1-non-enterprise-editions.md | 5 +++-- 13 files changed, 40 insertions(+), 26 deletions(-) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 5c6f22d52c..e6847ce5a3 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -2,7 +2,7 @@ description: Use this article to learn more about what required Windows diagnostic data is gathered. title: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10) keywords: privacy, telemetry -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security @@ -14,6 +14,7 @@ ms.collection: M365-security-compliance ms.topic: article audience: ITPro ms.date: +ms.technology: windows-privacy --- diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 0930e7356b..418784f7f1 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -2,7 +2,7 @@ title: Windows Privacy Compliance Guide description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows. keywords: privacy, GDPR, compliance -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security @@ -13,7 +13,8 @@ ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/04/2021 +ms.date: 11/29/2021 +ms.technology: windows-privacy --- # Windows Privacy Compliance:
A Guide for IT and Compliance Professionals diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md index 1e8dc3c6e9..811e437bbc 100644 --- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md +++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 11 connection endpoints for non-Enterprise editions description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,9 @@ ms.author: v-hakima manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/04/2021 +ms.date: 11/29/2021 +ms.technology: windows-privacy + --- # Windows 11 connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 1137e6a744..199c112c91 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -2,7 +2,7 @@ title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10) description: Use this article to learn about the types of data that is collected the Full diagnostic data level. keywords: privacy,Windows 10 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,8 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/28/2017 +ms.date: 11/29/2021 ms.reviewer: +ms.technology: windows-privacy --- # Windows 10 diagnostic data for the Full diagnostic data level diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md index 711144eaff..08672b5284 100644 --- a/windows/privacy/windows-diagnostic-data.md +++ b/windows/privacy/windows-diagnostic-data.md @@ -2,7 +2,7 @@ title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10) description: Use this article to learn about the types of optional diagnostic data that is collected. keywords: privacy,Windows 10 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,8 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.reviewer: +ms.reviewer: +ms.technology: windows-privacy --- # Windows 10, version 1709 and later and Windows 11 optional diagnostic data diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md index 4d7cae37b2..bfb32a27b7 100644 --- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 1709, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1709. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,8 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 6/26/2018 -ms.reviewer: +ms.date: 11/29/2021 +ms.reviewer: +ms.technology: windows-privacy --- # Windows 10, version 1709, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md index dfc17c31c3..be66e353ad 100644 --- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 1803, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1803. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,8 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 6/26/2018 +ms.date: 11/29/2021 ms.reviewer: +ms.technology: windows-privacy --- # Windows 10, version 1803, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index aea47d78e8..d7a00eee0a 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 1809, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,8 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 6/26/2018 +ms.date: 11/29/2021 ms.reviewer: +ms.technology: windows-privacy --- # Windows 10, version 1809, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index da43880ca5..74e2169a9e 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 1903, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,8 @@ ms.author: obezeajo manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 7/22/2020 +ms.date: 11/29/2021 +ms.technology: windows-privacy --- # Windows 10, version 1903, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 90ab13ce23..88e9411a67 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 1909, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,8 @@ ms.author: v-hakima manager: obezeajo ms.collection: M365-security-compliance ms.topic: article -ms.date: 08/18/2020 +ms.date: 11/29/2021 +ms.technology: windows-privacy --- # Windows 10, version 1909, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md index d0be97841e..d42b91e066 100644 --- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 2004, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,8 @@ ms.author: obezeajo manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 5/11/2020 +ms.date: 11/29/2021 +ms.technology: windows-privacy --- # Windows 10, version 2004, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md index 66a3637398..3024dfb189 100644 --- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,8 @@ ms.author: v-hakima manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 12/17/2020 +ms.date: 11/29/2021 +ms.technology: windows-privacy --- # Windows 10, version 20H2, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md index 6fde4a825a..bf122a9128 100644 --- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md @@ -2,7 +2,7 @@ title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 -ms.prod: w10 +ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high @@ -12,7 +12,8 @@ ms.author: v-hakima manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/04/2021 +ms.date: 11/29/2021 +ms.technology: windows-privacy --- # Windows 10, version 21H1, connection endpoints for non-Enterprise editions From 333a0ccb6a27aab7afb3ab19a2ca749fadfbc47c Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 29 Nov 2021 15:45:27 +0530 Subject: [PATCH 076/335] 5560668-part4 --- windows/security/threat-protection/auditing/event-4672.md | 2 +- windows/security/threat-protection/auditing/event-4673.md | 2 +- windows/security/threat-protection/auditing/event-4674.md | 2 +- windows/security/threat-protection/auditing/event-4688.md | 4 ++-- windows/security/threat-protection/auditing/event-4689.md | 2 +- windows/security/threat-protection/auditing/event-4690.md | 2 +- windows/security/threat-protection/auditing/event-4691.md | 2 +- windows/security/threat-protection/auditing/event-4692.md | 2 +- windows/security/threat-protection/auditing/event-4693.md | 2 +- windows/security/threat-protection/auditing/event-4696.md | 4 ++-- windows/security/threat-protection/auditing/event-4697.md | 2 +- windows/security/threat-protection/auditing/event-4698.md | 2 +- windows/security/threat-protection/auditing/event-4699.md | 2 +- windows/security/threat-protection/auditing/event-4700.md | 2 +- windows/security/threat-protection/auditing/event-4701.md | 2 +- windows/security/threat-protection/auditing/event-4702.md | 2 +- windows/security/threat-protection/auditing/event-4703.md | 4 ++-- windows/security/threat-protection/auditing/event-4704.md | 2 +- windows/security/threat-protection/auditing/event-4705.md | 2 +- windows/security/threat-protection/auditing/event-4706.md | 2 +- windows/security/threat-protection/auditing/event-4707.md | 2 +- windows/security/threat-protection/auditing/event-4713.md | 2 +- windows/security/threat-protection/auditing/event-4715.md | 2 +- windows/security/threat-protection/auditing/event-4716.md | 2 +- windows/security/threat-protection/auditing/event-4717.md | 2 +- windows/security/threat-protection/auditing/event-4718.md | 2 +- windows/security/threat-protection/auditing/event-4719.md | 2 +- windows/security/threat-protection/auditing/event-4720.md | 4 ++-- windows/security/threat-protection/auditing/event-4722.md | 2 +- windows/security/threat-protection/auditing/event-4723.md | 2 +- 30 files changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index af47315a26..863cb342a4 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -110,7 +110,7 @@ You typically will see many of these events in the event log, because every logo - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 6252059b6d..f815be18a8 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -90,7 +90,7 @@ Failure event generates when service call attempt fails. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 9f1b9914da..038e21fa18 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -93,7 +93,7 @@ Failure event generates when operation attempt fails. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index fd44f24170..651edeee10 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -108,7 +108,7 @@ This event generates every time a new process starts. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". @@ -132,7 +132,7 @@ This event generates every time a new process starts. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 74412386d9..3d50a5e80d 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -85,7 +85,7 @@ This event generates every time a process has exited. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index f588b637ce..84686b24aa 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -86,7 +86,7 @@ This event generates if an attempt was made to duplicate a handle to an object. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 45e0209fc6..c8ce062789 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -89,7 +89,7 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index f68457c377..639cac22bf 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -96,7 +96,7 @@ Failure event generates when a Master Key backup operation fails for some reason - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 21e769eae0..e816c4c45b 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -93,7 +93,7 @@ Failure event generates when a Master Key restore operation fails for some reaso - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index 37ca02dd04..dd8e59af94 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -92,7 +92,7 @@ This event generates every time a process runs using the non-current access toke - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -134,7 +134,7 @@ This event generates every time a process runs using the non-current access toke - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 16ace0c0a6..32489e2c4d 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -87,7 +87,7 @@ This event generates when new service was installed in the system. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index fae37ea9f2..32adfda2d6 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -95,7 +95,7 @@ This event generates every time a new scheduled task is created. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index dcea15f17d..4e94788e1f 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task was deleted. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 2a46c16d19..9fb16aefd8 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task is enabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index e7bc488cc8..f6c37f2fde 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task is disabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 78fee18be6..e42e4e116b 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -95,7 +95,7 @@ This event generates every time scheduled task was updated/changed. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index 938491bf3a..692ef083f0 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -94,7 +94,7 @@ Token privileges provide the ability to take certain system-level actions that y - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -116,7 +116,7 @@ Token privileges provide the ability to take certain system-level actions that y - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index b76c240efe..824a755e4b 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -86,7 +86,7 @@ You will see unique event for every user. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index b4ecb04b99..6738fed5c9 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -86,7 +86,7 @@ You will see unique event for every user. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index 5d2f62ef77..cf21247125 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -90,7 +90,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index be0c79ea65..46cc4912f4 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -86,7 +86,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index d54358f133..040a4757be 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -85,7 +85,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 6b6faa90fa..484f51c5ca 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -85,7 +85,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 7f058962db..212334d05a 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -90,7 +90,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 33d3817929..22a4ae6f99 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were granted to mu - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a7e1307af2..a6b2d122b0 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were removed for m - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 1a2dabdc7e..b059b70570 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -88,7 +88,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 7e6fc9cb68..f825fb7830 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -105,7 +105,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -157,7 +157,7 @@ Typically, **Primary Group** field for new user accounts has the following value - 513 (Domain Users. For local accounts this RID means Users) – for domain and local users. - See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. + See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index c29e7669bc..6f79a8db9d 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -89,7 +89,7 @@ For computer accounts, this event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 1246930e5a..9c7be0c550 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -96,7 +96,7 @@ Typically you will see 4723 events with the same **Subject\\Security ID** and ** - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. From 33e5c0751c980b924aa3d74345364756e776b3c3 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 29 Nov 2021 20:26:33 +0530 Subject: [PATCH 077/335] 5560668-part5 --- windows/security/threat-protection/auditing/event-4724.md | 2 +- windows/security/threat-protection/auditing/event-4725.md | 2 +- windows/security/threat-protection/auditing/event-4726.md | 2 +- windows/security/threat-protection/auditing/event-4731.md | 2 +- windows/security/threat-protection/auditing/event-4732.md | 4 ++-- windows/security/threat-protection/auditing/event-4733.md | 4 ++-- windows/security/threat-protection/auditing/event-4734.md | 2 +- windows/security/threat-protection/auditing/event-4735.md | 2 +- windows/security/threat-protection/auditing/event-4738.md | 8 ++++---- windows/security/threat-protection/auditing/event-4739.md | 2 +- windows/security/threat-protection/auditing/event-4740.md | 2 +- windows/security/threat-protection/auditing/event-4741.md | 4 ++-- windows/security/threat-protection/auditing/event-4742.md | 4 ++-- windows/security/threat-protection/auditing/event-4743.md | 2 +- windows/security/threat-protection/auditing/event-4749.md | 2 +- windows/security/threat-protection/auditing/event-4750.md | 2 +- windows/security/threat-protection/auditing/event-4751.md | 4 ++-- windows/security/threat-protection/auditing/event-4752.md | 4 ++-- windows/security/threat-protection/auditing/event-4753.md | 2 +- windows/security/threat-protection/auditing/event-4764.md | 2 +- windows/security/threat-protection/auditing/event-4767.md | 2 +- windows/security/threat-protection/auditing/event-4776.md | 2 +- windows/security/threat-protection/auditing/event-4778.md | 2 +- windows/security/threat-protection/auditing/event-4779.md | 2 +- windows/security/threat-protection/auditing/event-4781.md | 2 +- windows/security/threat-protection/auditing/event-4793.md | 2 +- windows/security/threat-protection/auditing/event-4794.md | 2 +- windows/security/threat-protection/auditing/event-4798.md | 2 +- windows/security/threat-protection/auditing/event-4799.md | 2 +- windows/security/threat-protection/auditing/event-4800.md | 2 +- 30 files changed, 39 insertions(+), 39 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index 02d75f0b1d..f6d92798fe 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -95,7 +95,7 @@ For local accounts, a Failure event generates if the new password fails to meet - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index f5f7dac0af..90c3413e42 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -89,7 +89,7 @@ For computer accounts, this event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index 0b050a132b..a1b3aab4c7 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -88,7 +88,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index b4faf3a540..22c1e6eb40 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -90,7 +90,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index f81e218a6c..aa5565f35a 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -93,7 +93,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -103,7 +103,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - **Security ID** \[Type = SID\]**:** SID of account that was added to the group. Event Viewer automatically tries to resolve SIDs and show the group name. If the SID cannot be resolved, you will see the source data in the event. -- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was added to the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For local groups this field typically has “**-**“ value, even if new member is a domain account. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. +- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was added to the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For local groups this field typically has “**-**“ value, even if new member is a domain account. For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. > diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index a0d46b343b..083f18464e 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -93,7 +93,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -103,7 +103,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group - **Security ID** \[Type = SID\]**:** SID of account that was removed from the group. Event Viewer automatically tries to resolve SIDs and show the group name. If the SID cannot be resolved, you will see the source data in the event. -- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was removed from the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For local groups this field typically has “**-**“ value, even if removed member is a domain account. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. +- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was removed from the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For local groups this field typically has “**-**“ value, even if removed member is a domain account. For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. > diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index 1e677a0bdc..f4780d9ea8 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -88,7 +88,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index a545b2f85b..2362e16e9c 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -97,7 +97,7 @@ From 4735 event you can get information about changes of **sAMAccountName** and - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index d78373e561..719ce9e666 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -113,7 +113,7 @@ Some changes do not invoke a 4738 event. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -171,7 +171,7 @@ Typical **Primary Group** values for user accounts: - 513 (Domain Users. For local accounts this RID means Users) – for domain and local users. - See this article for more information. If the value of **primaryGroupID** attribute of user object was changed, you will see the new value here. + See this article for more information. If the value of **primaryGroupID** attribute of user object was changed, you will see the new value here. @@ -193,7 +193,7 @@ Typical **Primary Group** values for user accounts: - **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. If the value of **userAccountControl** attribute of user object was changed, you will see the new value here. -To decode this value, you can go through the property value definitions in the [User’s or Computer’s account UAC flags.](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. +To decode this value, you can go through the property value definitions in the [User’s or Computer’s account UAC flags.](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. Here's an example: Flags value from event: 0x15 @@ -223,7 +223,7 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. - **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index 23b0cf6823..096dddc311 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -116,7 +116,7 @@ This event generates when one of the following changes was made to local compute - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 834f4b9ed5..8caa677a6c 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -87,7 +87,7 @@ For user accounts, this event generates on domain controllers, member servers, a - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index b35fb7facd..8637623f1b 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -107,7 +107,7 @@ This event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” @@ -159,7 +159,7 @@ Typically, **Primary Group** field for new computer accounts has the following v - 515 (Domain Computers) – for member servers and workstations. - See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new computer object. + See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new computer object. diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 1f1d3bee7a..3ff909ccfe 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -118,7 +118,7 @@ You might see this event without any changes inside, that is, where all **Change - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” @@ -174,7 +174,7 @@ Typical **Primary Group** values for computer accounts: - 515 (Domain Computers) – servers and workstations. - See this article for more information. If the value of **primaryGroupID** attribute of computer object was changed, you will see the new value here. + See this article for more information. If the value of **primaryGroupID** attribute of computer object was changed, you will see the new value here. diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 76be20055b..56741dbe0a 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -88,7 +88,7 @@ This event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index 71f28544ca..6a802579be 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -90,7 +90,7 @@ This event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index 28a17fc94c..167d266933 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -97,7 +97,7 @@ From 4750 event you can get information about changes of **sAMAccountName** and - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index d698721321..1680966da8 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -97,7 +97,7 @@ You will typically see “[4750](event-4750.md): A security-disabled global grou - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. @@ -107,7 +107,7 @@ You will typically see “[4750](event-4750.md): A security-disabled global grou - **Security ID** \[Type = SID\]**:** SID of account that was added to the group. Event Viewer automatically tries to resolve SIDs and show the group name. If the SID cannot be resolved, you will see the source data in the event. -- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was added to the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. +- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was added to the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. > diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index 2aa9dcd01a..33b9da3ea2 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -91,7 +91,7 @@ For every removed member you will get separate 4752 event. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” @@ -99,7 +99,7 @@ For every removed member you will get separate 4752 event. - **Security ID** \[Type = SID\]**:** SID of account that was removed from the group. Event Viewer automatically tries to resolve SIDs and show the group name. If the SID cannot be resolved, you will see the source data in the event. -- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was removed from the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. +- **Account Name** \[Type = UnicodeString\]: distinguished name of account that was removed from the group. For example: “CN=Auditor,CN=Users,DC=contoso,DC=local”. For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “-”. > **Note**  The LDAP API references an LDAP object by its **distinguished name (DN)**. A DN is a sequence of relative distinguished names (RDN) connected by commas. > diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index d8bb64a34a..747fcbd8b4 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -88,7 +88,7 @@ This event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4624](event-4624.md): An account was successfully logged on.” diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 2cd0957d10..1d1a505b4d 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -91,7 +91,7 @@ This event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index a7b6929712..916ad26f9d 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -87,7 +87,7 @@ For user accounts, this event generates on domain controllers, member servers, a - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index 06430da291..aa6c83a26f 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -86,7 +86,7 @@ This event does *not* generate when a domain account logs on locally to a domain > **Note**  **Authentication package** is a DLL that encapsulates the authentication logic used to determine whether to permit a user to log on. [Local Security Authority](/windows/win32/secgloss/l-gly#_security_local_security_authority_gly) (LSA) authenticates a user logon by sending the request to an authentication package. The authentication package then examines the logon information and either authenticates or rejects the user logon attempt. -- **Logon Account** \[Type = UnicodeString\]: the name of the account that had its credentials validated by the **Authentication Package**. Can be user name, computer account name or [well-known security principal](https://support.microsoft.com/kb/243330) account name. Examples: +- **Logon Account** \[Type = UnicodeString\]: the name of the account that had its credentials validated by the **Authentication Package**. Can be user name, computer account name or [well-known security principal](/windows/security/identity-protection/access-control/security-identifiers) account name. Examples: - User example: dadmin diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index 085731bdc1..4d71f59a24 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -82,7 +82,7 @@ This event also generates when user reconnects to virtual host Hyper-V Enhanced - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index ab9e18736c..8a034ed3af 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -82,7 +82,7 @@ This event also generated when user disconnects from virtual host Hyper-V Enhanc - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 9cea675049..a152d41ede 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -91,7 +91,7 @@ For computer accounts, this event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index 13abde059c..570ace947f 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -93,7 +93,7 @@ Note that starting with Microsoft SQL Server 2005, the “SQL Server password po - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index a96c2d8aa5..8f88976a35 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -86,7 +86,7 @@ This event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index d3885f4283..7eeafac41c 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -87,7 +87,7 @@ This event generates when a process enumerates a user's security-enabled local g - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 1bdc01b928..01a317bd52 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -89,7 +89,7 @@ This event doesn't generate when group members were enumerated using Active Dire - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 205a90c987..2b875cfd5d 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -83,7 +83,7 @@ This event is generated when a workstation was locked. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. From 05bfb9b575509f80ea158f8fad34ba4ee7312d97 Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Mon, 29 Nov 2021 09:03:05 -0800 Subject: [PATCH 078/335] Log collection command cab->zip Changed log collection command to output in zip format instead of cab. Enables easier usability. --- .../mdm/diagnose-mdm-failures-in-windows-10.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 92ed52968c..a84c1a4087 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -35,12 +35,12 @@ To help diagnose enrollment or device management issues in Windows 10 devices m You can also collect the MDM Diagnostic Information logs using the following command: ```xml -mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab +mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip ``` - In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report. -### Understanding cab structure -The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub +### Understanding zip structure +The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub - DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls - DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider) From 2e89dfbcb1663306b41f624a789dcf80ffec02c1 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 29 Nov 2021 17:31:15 -0500 Subject: [PATCH 079/335] Create create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 151 ++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md new file mode 100644 index 0000000000..cb61b0bc5b --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -0,0 +1,151 @@ +--- +title: Create WDAC Deny Policy +description: Explains how to configure a custom Manged Installer. +keywords: WDAC, policy +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: m365-security +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +audience: ITPro +ms.collection: M365-security-compliance +author: jgeurten +ms.reviewer: isbrahm +ms.author: dansimp +manager: dansimp +ms.date: 11/29/2021 +ms.technology: windows-sec +--- + +# Guidance on Creating WDAC Deny Policies + +With Windows Defender Application Control (WDAC), you can create applicatoin contorl policies to explicitly deny specific drivers and applications, as well as signatures and certificates and file paths. + +Topics this article will be discussing are: +1. File Rule Precedence Order +2. Adding Allow Rules +3. Singe Policy Considerations +4. Multiple Policy Considerations +5. Best Practices +6. Tutorial/Walkthrough + +## **File Rule Precendence Order** + +To create effective WDAC deny policies, it is crucial to understand how WDAC pares the policy. The WDAC engine evaluates files against the policy in the following order. + +1. Explicit deny rules - if there is an explicit deny rule, do not process the rest of the rules; the file is untrusted. + +2. Explicit allow rules + +3. WDAC will then check for the Managed Installer extended (EA) Allow Apps with a WDAC managed Installer (windows) - Windows security | Microsoft Docs) + +4. Lastly, WDAC will call the ISG to get reputation on file, if the policy has support for the ISG + +Explicit allow and deny rules encompass rules at any level (e.g. has rules, signer rules path rules, attritbute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. + +## **Interaction with Existing Policies** +### **Adding Allow Rules** + +In the scenario where there is not an explicit allow rule, there is not a managed installer or Intelligent Security Graph (ISG) EA and ISG is not configured, WDAC will block the file as there is nothing in the policy vouching for trust of the file. + +If this deny policy is the only policy on the device, the following rule(s) need to be added to the policy in addition ot the deny/block rules to trust for the driver files outside of the intended blocklisted ones: + +```xml + + + + + + + + + + + + +``` + +If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-option, the following section needs to be added to the policy in addition to the deny/block rules to trust for the driver and user mode files outside of the intended blocklisted ones: +```xml + + + + + + + + + + + + + + + + + + + + +``` +## Single Policy Considerations +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard + +```PowerShell +$DenyPolicy = +$ExistingPolicy = +Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $ExistingPolicy +``` + +## Multiple Policy Considerations +If you are currently using multiple policies [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) on a device, there are two options for integrating the deny list into your policy set. + +(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be allowed by both WDAC policies to run on the device [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: + +Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. + +## **Best Practices** + +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the 3077 block events [Understanding Application Control event IDs (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide) + +2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. + +## **Tutorial** + +### Creating a Deny Policy +Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. + +### Software Publisher Based Deny Rule +```Powershell +$DenyRules += New-CIPolicyRule -Level FilePublisher -DriverFilePath -Deny -Fallback FileName,Hash +``` + +### Software Attributes Based Deny Rule +```Powershell +$DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath -Deny -Fallback Hash +``` + +### Hash Based Deny Rule +```PowerShell + New-CIPolicyRule -Level FileName -DriverFilePath -Deny -Fallback Hash + ``` + + ### Adding Allow All Rules +If required, as in the cases listed above, Allow All rules [link to above Allow All section] may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: + +```PowerShell +$DenyPolicy = +$AllowAllPolicy = $Env:windir + "\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml" +Merge-CIPolicy -PolicyPaths $DenyPolicy, $AllowAllPolicy -OutputFilePath $DenyPolicy +``` +### Deploying the Deny Policy +Policies should be thoroughly evaluated and first rolled out in audit mode before strict enforcement. Policies can be deployed via multiple options: + +1. Mobile Device Management (MDM): [Deploy WDAC policies using Mobile Device Management (MDM) (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) + +2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm) + +3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script) + +4. Group Policy: [Deploy WDAC policies via Group Policy (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy) \ No newline at end of file From bbd54aab0e198f444ffa0e049b49f0ea8b995532 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 29 Nov 2021 19:20:52 -0500 Subject: [PATCH 080/335] Changed Index and TOC.yaml --- .../windows-defender-application-control/TOC.yml | 2 ++ .../create-wdac-deny-policy.md | 2 +- .../windows-defender-application-control/index.yml | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 024e87e042..9b5c1a8967 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -50,6 +50,8 @@ href: create-wdac-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices href: create-initial-default-policy.md + - name: Create a WDAC Deny List + href: create-wdac-deny-policy.md - name: Microsoft recommended block rules href: microsoft-recommended-block-rules.md - name: Microsoft recommended driver block rules diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index cb61b0bc5b..47e39411f4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -18,7 +18,7 @@ ms.date: 11/29/2021 ms.technology: windows-sec --- -# Guidance on Creating WDAC Deny Policies +# **Guidance on Creating WDAC Deny Policies** With Windows Defender Application Control (WDAC), you can create applicatoin contorl policies to explicitly deny specific drivers and applications, as well as signatures and certificates and file paths. diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml index ef5892459f..5f66230ab6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/index.yml +++ b/windows/security/threat-protection/windows-defender-application-control/index.yml @@ -52,6 +52,8 @@ landingContent: url: create-wdac-policy-for-fully-managed-devices.md - text: Create a WDAC policy for a fixed-workload url: create-initial-default-policy.md + - text: Create a WDAC Deny List + url: create-wdac-deny-policy.md - text: Deploying catalog files for WDAC management url: deploy-catalog-files-to-support-windows-defender-application-control.md - text: Using the WDAC Wizard From 946f7fc563c65c4e178161b042ba8a468ed42657 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 30 Nov 2021 13:05:44 +0530 Subject: [PATCH 081/335] 5560668-part6 --- windows/security/threat-protection/auditing/event-4801.md | 2 +- windows/security/threat-protection/auditing/event-4802.md | 2 +- windows/security/threat-protection/auditing/event-4803.md | 2 +- windows/security/threat-protection/auditing/event-4817.md | 2 +- windows/security/threat-protection/auditing/event-4818.md | 2 +- windows/security/threat-protection/auditing/event-4819.md | 2 +- windows/security/threat-protection/auditing/event-4865.md | 2 +- windows/security/threat-protection/auditing/event-4866.md | 2 +- windows/security/threat-protection/auditing/event-4867.md | 2 +- windows/security/threat-protection/auditing/event-4904.md | 2 +- windows/security/threat-protection/auditing/event-4907.md | 2 +- windows/security/threat-protection/auditing/event-4911.md | 2 +- windows/security/threat-protection/auditing/event-4912.md | 2 +- windows/security/threat-protection/auditing/event-4913.md | 2 +- windows/security/threat-protection/auditing/event-4937.md | 2 +- windows/security/threat-protection/auditing/event-4964.md | 4 ++-- windows/security/threat-protection/auditing/event-4985.md | 2 +- windows/security/threat-protection/auditing/event-5058.md | 2 +- windows/security/threat-protection/auditing/event-5059.md | 2 +- windows/security/threat-protection/auditing/event-5061.md | 2 +- windows/security/threat-protection/auditing/event-5136.md | 2 +- windows/security/threat-protection/auditing/event-5137.md | 2 +- windows/security/threat-protection/auditing/event-5138.md | 2 +- windows/security/threat-protection/auditing/event-5139.md | 2 +- windows/security/threat-protection/auditing/event-5140.md | 2 +- windows/security/threat-protection/auditing/event-5141.md | 2 +- windows/security/threat-protection/auditing/event-5143.md | 2 +- windows/security/threat-protection/auditing/event-5144.md | 2 +- windows/security/threat-protection/auditing/event-5145.md | 2 +- windows/security/threat-protection/auditing/event-5168.md | 2 +- 30 files changed, 31 insertions(+), 31 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 0bfcfb1278..35ef598149 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -83,7 +83,7 @@ This event is generated when workstation was unlocked. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 78cf0e5d14..e372d5b282 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -83,7 +83,7 @@ This event is generated when screen saver was invoked. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 94aed424ab..3c3e80c86e 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -83,7 +83,7 @@ This event is generated when screen saver was dismissed. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index dc9c07fb24..68708166d7 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -88,7 +88,7 @@ Separate events will be generated for “Registry” and “File system” polic - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index 5ced098023..c1bd31d8f9 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -90,7 +90,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index 882622efa4..af81133616 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -90,7 +90,7 @@ For example, it generates when a new [Central Access Policy](/windows-server/ide - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index a7e2a7189e..5bb092d7a4 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -93,7 +93,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index bd5bfba999..b588e61bbc 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -93,7 +93,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index 170868681f..c080741dd9 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -95,7 +95,7 @@ This event contains new values only, it doesn’t contains old values and it doe - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 02109612fd..658f0b2f7e 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -88,7 +88,7 @@ You can typically see this event during system startup, if specific roles (Inter - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index 3ae2c8793f..f6c5ebea92 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -91,7 +91,7 @@ This event doesn't generate for Active Directory objects. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index aeeaa0fdc0..dae7e74958 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -91,7 +91,7 @@ Resource attributes for file or folder can be changed, for example, using Window - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index 614b73a93f..a9a2a1d9b0 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -89,7 +89,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index bcc4c7eeee..9c173860f4 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -91,7 +91,7 @@ This event always generates, regardless of the object’s [SACL](/windows/win32/ - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index f80f44586e..9bdef69aa8 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -17,7 +17,7 @@ ms.technology: windows-sec # 4937(S): A lingering object was removed from a replica. -This event generates when a [lingering object](https://support.microsoft.com/kb/910205) was removed from a replica. +This event generates when a [lingering object](/troubleshoot/windows-server/identity/information-lingering-objects) was removed from a replica. There is no example of this event in this document. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index 969c9e219b..b153e56a00 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -111,7 +111,7 @@ This event occurs when an account that is a member of any defined [Special Group - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -139,7 +139,7 @@ This event occurs when an account that is a member of any defined [Special Group - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index 6af088c0bd..2f0e374a30 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -87,7 +87,7 @@ This is an informational event from file system [Transaction Manager](/windows/w - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 7d3c14f3cc..eaa7c1b441 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -95,7 +95,7 @@ You can see these events, for example, during certificate renewal or export oper - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 3c79abb5d0..5beef1d24c 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -92,7 +92,7 @@ This event generates when a cryptographic key is exported or imported using a [K - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index f90e6fd02e..af59c9ccb8 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -92,7 +92,7 @@ This event generates when a cryptographic operation (open key, create key, creat - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index 5e7db9c0ed..2d8d45b93a 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -96,7 +96,7 @@ For a change operation you will typically see two 5136 events for one action, wi - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index eea8bf1a17..f5b8f335af 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -90,7 +90,7 @@ This event only generates if the parent object has a particular entry in its [SA - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index d9f97a7475..93dac293aa 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -91,7 +91,7 @@ This event only generates if the container to which the Active Directory object - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index 3333139144..00145f3a61 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -91,7 +91,7 @@ This event only generates if the destination object has a particular entry in it - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index 29641fcca5..067637aa9b 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -92,7 +92,7 @@ This event generates once per session, when first access attempt was made. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index 11cada8ab0..f69e095286 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -91,7 +91,7 @@ This event only generates if the deleted object has a particular entry in its [S - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index bf370fffc3..636a19a1bd 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -92,7 +92,7 @@ This event generates every time network share object was modified. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 6d117910a1..c440efc29d 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -83,7 +83,7 @@ This event generates every time a network share object is deleted. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 8584f3f782..9c980ce0f3 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -92,7 +92,7 @@ This event generates every time network share object (file or folder) was access - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 2fcad0a7f5..570974bec3 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -89,7 +89,7 @@ It often happens because of NTLMv1 or LM protocols usage from client side when - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. From 05da0a4d72ea29d814cd086a1bc52f1b090cc245 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 30 Nov 2021 17:22:03 +0530 Subject: [PATCH 082/335] Update policy-csp-update.md --- .../mdm/policy-csp-update.md | 101 ++++++++++++++++-- 1 file changed, 90 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c38caf5830..edc685637d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -72,6 +72,9 @@ manager: dansimp
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -1333,8 +1336,7 @@ The following list shows the supported values: - -Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. +Allows admins to specify the number of days before feature updates are installed on the device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After the deadline passes, restarts will occur regardless of active hours and users will not be able to reschedule. ADMX Info: @@ -1346,7 +1348,7 @@ ADMX Info: -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. +Supports a numeric value from 0-30 (2-30 in Windows 10, versions 1803 and 1709), which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. Note that when set to 0, the update will download and install immediately upon offering, but might not finish within the day due to device availability and network connectivity. Default value is 7. @@ -1410,8 +1412,7 @@ Default value is 7. - -Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. +Allows admins to specify the number of days before quality updates are installed on a device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After deadline passes, restarts will occur regardless of active hours and users will not be able to reschedule. ADMX Info: @@ -1423,7 +1424,7 @@ ADMX Info: -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. +Supports a numeric value from 0-30 (2-30 in Windows 10, versions 1803 and 1709), which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. Note that when set to 0, the update will download and install immediately upon offering, but might not finish within the day due to device availability and network connectivity. Default value is 7. @@ -1487,8 +1488,7 @@ Default value is 7. - -Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies. +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) is configured but this policy is not, then the default value of 2 will be used. @@ -1501,7 +1501,7 @@ ADMX Info: -Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. +Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required quality update. Default value is 2. @@ -1515,6 +1515,84 @@ Default value is 2.
+ +**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy is not, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used. + + + +ADMX Info: +- GP Friendly name: *Specify deadlines for automatic updates and restarts* +- GP name: *ConfigureDeadlineGracePeriodForFeatureUpdates* +- GP element: *ConfigureDeadlineGracePeriodForFeatureUpdates* +- GP path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required feature update. +Default value is 2. + + + + + + + + + + +
+ **Update/ConfigureDeadlineNoAutoReboot** @@ -1565,10 +1643,11 @@ Default value is 2. +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will delay automatically restarting until both the deadline and grace period have expired, even if applicable updates are already installed and pending a restart. -If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart. +When disabled, if the device has installed updates and is outside of active hours, it might attempt an automatic restart before the deadline. -When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. + ADMX Info: From 17e5a127a6771ee69d1d87bdca68e3a99bf35ec9 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Wed, 1 Dec 2021 10:09:12 +0530 Subject: [PATCH 083/335] Metadata updated --- ...required-windows-diagnostic-data-events-and-fields-2004.md | 2 +- windows/privacy/windows-10-and-privacy-compliance.md | 4 ++-- .../privacy/windows-11-endpoints-non-enterprise-editions.md | 4 ++-- windows/privacy/windows-diagnostic-data-1703.md | 4 ++-- windows/privacy/windows-diagnostic-data.md | 2 +- .../privacy/windows-endpoints-1709-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-1803-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-1809-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-1903-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-1909-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-2004-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-20H2-non-enterprise-editions.md | 4 ++-- .../privacy/windows-endpoints-21H1-non-enterprise-editions.md | 4 ++-- 13 files changed, 24 insertions(+), 24 deletions(-) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 2d2ebbc742..029b3c691d 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -16,7 +16,7 @@ ms.collection: ms.topic: article audience: ITPro ms.date: -ms.technology: windows-privacy +ms.technology: privacy --- diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 418784f7f1..0e97842d03 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -13,8 +13,8 @@ ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows Privacy Compliance:
A Guide for IT and Compliance Professionals diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md index a0bc17edbe..46077125ab 100644 --- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md +++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md @@ -14,8 +14,8 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows 11 connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 199c112c91..0ccee01ea1 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -12,9 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 +ms.date: 12/01/2021 ms.reviewer: -ms.technology: windows-privacy +ms.technology: privacy --- # Windows 10 diagnostic data for the Full diagnostic data level diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md index eb60227617..88faf6a75d 100644 --- a/windows/privacy/windows-diagnostic-data.md +++ b/windows/privacy/windows-diagnostic-data.md @@ -15,7 +15,7 @@ ms.collection: - highpri ms.topic: article ms.reviewer: -ms.technology: windows-privacy +ms.technology: privacy --- diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md index bfb32a27b7..b3c1cee7bb 100644 --- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md @@ -12,9 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 +ms.date: 12/01/2021 ms.reviewer: -ms.technology: windows-privacy +ms.technology: privacy --- # Windows 10, version 1709, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md index be66e353ad..b3ec01bc64 100644 --- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md @@ -12,9 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 +ms.date: 12/01/2021 ms.reviewer: -ms.technology: windows-privacy +ms.technology: privacy --- # Windows 10, version 1803, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index d7a00eee0a..ff4d97cb72 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -12,9 +12,9 @@ ms.author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 +ms.date: 12/01/2021 ms.reviewer: -ms.technology: windows-privacy +ms.technology: privacy --- # Windows 10, version 1809, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index 74e2169a9e..35c45a23cf 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -12,8 +12,8 @@ ms.author: obezeajo manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows 10, version 1903, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 88e9411a67..bf8ec55031 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -12,8 +12,8 @@ ms.author: v-hakima manager: obezeajo ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows 10, version 1909, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md index d42b91e066..70a1ae17e9 100644 --- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md @@ -12,8 +12,8 @@ ms.author: obezeajo manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows 10, version 2004, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md index 3024dfb189..71627402ca 100644 --- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md @@ -12,8 +12,8 @@ ms.author: v-hakima manager: robsize ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows 10, version 20H2, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md index eeb32358b5..79c248ce6d 100644 --- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md @@ -14,8 +14,8 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -ms.date: 11/29/2021 -ms.technology: windows-privacy +ms.date: 12/01/2021 +ms.technology: privacy --- # Windows 10, version 21H1, connection endpoints for non-Enterprise editions From df1e8e191cf8dc74c6d301a0538ba5f286cc44d0 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 1 Dec 2021 13:01:51 +0530 Subject: [PATCH 084/335] Update bitlocker-use-bitlocker-recovery-password-viewer.md --- .../bitlocker-use-bitlocker-recovery-password-viewer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index f43c66e0be..0b6fd177e7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -29,7 +29,7 @@ ms.custom: bitlocker This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. -The BitLocker Recovery Password Viewer tool is an optional tool included with the Remote Server Administration Tools (RSAT). It lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. You can also search for a password by password identifier (ID). +The BitLocker Recovery Password Viewer tool is an optional tool included with the Remote Server Administration Tools (RSAT). It lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. You can also search for a password by password identifier (ID). ## Before you start From 3e477297696b80030a485af2fa22dba2360b8519 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Wed, 1 Dec 2021 14:34:46 +0530 Subject: [PATCH 085/335] 5560668-part7 --- windows/security/threat-protection/auditing/event-4905.md | 2 +- windows/security/threat-protection/auditing/event-5142.md | 2 +- windows/security/threat-protection/auditing/event-5376.md | 2 +- windows/security/threat-protection/auditing/event-5377.md | 2 +- windows/security/threat-protection/auditing/event-5378.md | 2 +- windows/security/threat-protection/auditing/event-5632.md | 2 +- windows/security/threat-protection/auditing/event-5633.md | 2 +- windows/security/threat-protection/auditing/event-5888.md | 2 +- windows/security/threat-protection/auditing/event-5889.md | 2 +- windows/security/threat-protection/auditing/event-5890.md | 2 +- windows/security/threat-protection/auditing/event-6416.md | 2 +- windows/security/threat-protection/auditing/event-6419.md | 2 +- windows/security/threat-protection/auditing/event-6420.md | 2 +- windows/security/threat-protection/auditing/event-6421.md | 2 +- windows/security/threat-protection/auditing/event-6422.md | 2 +- windows/security/threat-protection/auditing/event-6423.md | 2 +- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- .../threat-protection/intelligence/safety-scanner-download.md | 2 +- .../security-policy-settings/account-lockout-policy.md | 2 +- ...-access-restrict-clients-allowed-to-make-remote-sam-calls.md | 2 +- ...-security-configure-encryption-types-allowed-for-kerberos.md | 2 +- ...osoft-network-client-digitally-sign-communications-always.md | 2 +- ...ork-client-digitally-sign-communications-if-server-agrees.md | 2 +- ...osoft-network-server-digitally-sign-communications-always.md | 2 +- ...ork-server-digitally-sign-communications-if-client-agrees.md | 2 +- windows/whats-new/whats-new-windows-10-version-1703.md | 2 +- windows/whats-new/whats-new-windows-10-version-1909.md | 2 +- windows/whats-new/whats-new-windows-10-version-20H2.md | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index ead69b632a..a7fdfa4dfa 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -88,7 +88,7 @@ You typically see this event if specific roles were removed, for example, Intern - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index c5503ee4fa..706a6ab1a0 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -83,7 +83,7 @@ This event generates every time network share object was added. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index bc903c2a89..ef83094d63 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -86,7 +86,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index 0041df606e..d6440e7a09 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -86,7 +86,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index 10f783e194..e84e1932e0 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -88,7 +88,7 @@ It typically occurs when [CredSSP](/openspecs/windows_protocols/ms-cssp/85f57821 - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index 565ff56e44..08210802e3 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -93,7 +93,7 @@ It typically generates when network adapter connects to new wireless network. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index 8c8496f31b..e968128cb7 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -87,7 +87,7 @@ It typically generates when network adapter connects to new wired network. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 13679d5290..1f26806087 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -87,7 +87,7 @@ For some reason this event belongs to [Audit System Integrity](event-5890.md) su - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index afcf23ffbe..5b2c268093 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -87,7 +87,7 @@ For some reason this event belongs to [Audit System Integrity](event-5890.md) su - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index 8bf8b1a673..e79e3d6362 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -87,7 +87,7 @@ For some reason this event belongs to [Audit System Integrity](event-5890.md) su - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index add5982ef7..2fc25d6efc 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -101,7 +101,7 @@ This event generates, for example, when a new external device is connected or en - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 0e7f44d997..3af676c307 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -91,7 +91,7 @@ This event doesn’t mean that device was disabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index f8cccf22a7..62e0bb14da 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -89,7 +89,7 @@ This event generates every time specific device was disabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index 5b0e22342b..4be9a3ae41 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -91,7 +91,7 @@ This event doesn’t mean that device was enabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 70ba147ede..1ef19e5f52 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -89,7 +89,7 @@ This event generates every time specific device was enabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index 10cf86de89..cb4e2566fb 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -91,7 +91,7 @@ Device installation restriction group policies are located here: **\\Computer Co - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index f5ee250869..5a62d23894 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -30,7 +30,7 @@ To keep Microsoft software up to date, ensure that [automatic Microsoft Updates] Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. -* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering. +* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection?view=o365-worldwide) has built-in antimalware, link protection, and spam filtering. For more information, see [phishing](phishing.md). diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index b271e43bca..64d069d398 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -39,7 +39,7 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from ## System requirements -Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/lifecycle). +Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](/lifecycle/). ## How to run a scan diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md index 5f8c91006d..4832fd093b 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md @@ -30,7 +30,7 @@ Someone who attempts to use more than a few unsuccessful passwords while trying The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures. >[!NOTE] ->Account lockout settings for remote access clients can be configured separately by editing the Registry on the server that manages the remote access. For more information, see [How to configure remote access client account lockout](https://support.microsoft.com/help/816118/how-to-configure-remote-access-client-account-lockout-in-windows-serve). +>Account lockout settings for remote access clients can be configured separately by editing the Registry on the server that manages the remote access. For more information, see [How to configure remote access client account lockout](/troubleshoot/windows-server/networking/configure-remote-access-client-account-lockout). ## In this section diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index e6ec3878c7..9ffa1041c1 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -39,7 +39,7 @@ This means that if you have a mix of computers, such as member servers that run This topic also covers related events, and how to enable audit mode before constraining the security principals that are allowed to remotely enumerate users and groups so that your environment remains secure without impacting application compatibility. > [!NOTE] -> Implementation of this policy [could affect offline address book generation](https://support.microsoft.com/help/4055652/access-checks-fail-because-of-authz-access-denied-error-in-windows-ser) on servers running Microsoft Exchange 2016 or Microsoft Exchange 2013. +> Implementation of this policy [could affect offline address book generation](/troubleshoot/windows-server/group-policy/authz-fails-access-denied-error-application-access-check) on servers running Microsoft Exchange 2016 or Microsoft Exchange 2013. ## Reference diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index 034a2762ea..bcaef6d811 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -29,7 +29,7 @@ Describes the best practices, location, values, and security considerations for This policy setting allows you to set the encryption types that the Kerberos protocol is allowed to use. If it isn't selected, the encryption type won't be allowed. This setting might affect compatibility with client computers or services and applications. Multiple selections are permitted. -For more information, see [article 977321](https://support.microsoft.com/kb/977321) in the Microsoft Knowledge Base. +For more information, see [article 977321](/troubleshoot/windows-server/windows-security/kdc-event-16-27-des-encryption-disabled) in the Microsoft Knowledge Base. The following table lists and explains the allowed encryption types. diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index 204a5206ba..d5ebfdefe1 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -23,7 +23,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). +This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md). diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index 9ef171ea55..b1dc905ad5 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -22,7 +22,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). +This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). The rest of this topic describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-always.md). diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md index ffedfe0697..e091179e64 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md @@ -23,7 +23,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMB v1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). +This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMB v1 is not installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. Fore more information, see [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md). diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md index 48bbab1f2f..228cd2ec2b 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md @@ -23,7 +23,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 -This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). +This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows). The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-always.md). diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 2cc76a97e8..9afb045cb7 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -21,7 +21,7 @@ Below is a list of some of what's new in Information Technology (IT) pro feature For more general info about Windows 10 features, see [Features available only on Windows 10](https://www.microsoft.com/windows/features). For info about previous versions of Windows 10, see [What's New in Windows 10](./index.yml). Also see this blog post: [What’s new for IT pros in the Windows 10 Creators Update](https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/). >[!NOTE] ->Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update). +>Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](/windows/deployment/planning/windows-10-removed-features). ## Configuration diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index 06ab700d68..712131a5fc 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -28,7 +28,7 @@ To deliver these updates in an optimal fashion, we are providing this feature up If you are updating from an older version of Windows 10 (version 1809 or earlier), the process of updating to the current version will be the same as it has been for previous Windows 10 feature updates. For more information, see [Evolving Windows 10 servicing and quality: the next steps](https://blogs.windows.com/windowsexperience/2019/07/01/evolving-windows-10-servicing-and-quality-the-next-steps/#rl2G5ETPhkhMvDeX.97). -**Note**: Devices running the Enterprise, IoT Enterprise, or Education editions of Windows 10, version 1909 receive 30 months of support. For more information about the Windows servicing lifecycle, please see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet). +**Note**: Devices running the Enterprise, IoT Enterprise, or Education editions of Windows 10, version 1909 receive 30 months of support. For more information about the Windows servicing lifecycle, please see the [Windows lifecycle fact sheet](/lifecycle/faq/windows). ### Windows Server Update Services (WSUS) diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index dbb8acd827..ea48658387 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -24,7 +24,7 @@ This article lists new and updated features and content that is of interest to I > [!NOTE] > With this release and future releases, the Windows 10 release nomenclature is changing from a year and month pattern (YYMM) to a year and half-year pattern (YYH1, YYH2). -As with previous fall releases, Windows 10, version 20H2 is a scoped set of features for select performance improvements, enterprise features, and quality enhancements. As an [H2-targeted release](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet), 20H2 is serviced for 30 months from the release date for devices running Windows 10 Enterprise or Windows 10 Education editions. +As with previous fall releases, Windows 10, version 20H2 is a scoped set of features for select performance improvements, enterprise features, and quality enhancements. As an [H2-targeted release](/lifecycle/faq/windows), 20H2 is serviced for 30 months from the release date for devices running Windows 10 Enterprise or Windows 10 Education editions. To download and install Windows 10, version 20H2, use Windows Update (**Settings > Update & Security > Windows Update**). For more information, including a video, see [How to get the Windows 10 October 2020 Update](https://community.windows.com/videos/how-to-get-the-windows-10-october-2020-update/7c7_mWN0wi8). From 2a31864d120a84bed0699d16df43a7d16d3b8048 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Wed, 1 Dec 2021 14:43:10 +0530 Subject: [PATCH 086/335] fixed suggestion --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 5a62d23894..a92433d11c 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -30,7 +30,7 @@ To keep Microsoft software up to date, ensure that [automatic Microsoft Updates] Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. -* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection?view=o365-worldwide) has built-in antimalware, link protection, and spam filtering. +* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection) has built-in antimalware, link protection, and spam filtering. For more information, see [phishing](phishing.md). From 591e6df50b4d4478cce3d7415a8419ae0627b9c3 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 1 Dec 2021 15:44:20 +0530 Subject: [PATCH 087/335] changes --- ...a-structures-windows-store-for-business.md | 187 ++---------------- 1 file changed, 19 insertions(+), 168 deletions(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index ef58d974e0..4621e9a56d 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -97,60 +97,15 @@ Specifies the properties of the alternate identifier. ## InventoryEntryDetails - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescription

productKey

ProductKey

Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.

seatCapacity

integer-64

Total number of seats that have been purchased for an application.

availableSeats

integer-64

Number of available seats remaining for an application.

lastModified

dateTime

Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.

licenseType

LicenseType

Indicates whether the set of seats for a given application supports online or offline licensing.

distributionPolicy

InventoryDistributionPolicy

status

InventoryStatus

- - +|Name|Type|Description| +|--- |--- |--- | +|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.| +|seatCapacity|integer-64|Total number of seats that have been purchased for an application.| +|availableSeats|integer-64|Number of available seats remaining for an application.| +|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.| +|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.| +|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)|| +|status|[InventoryStatus](#inventorystatus)|| ## InventoryResultSet @@ -236,124 +191,20 @@ Specifies the properties of the localized product. |packageFamilyName|String|| |supportedPlatforms|Collection of [ProductPlatform](#productplatform)|| - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescription

productKey

ProductKey

Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.

productType

string

Type of product.

supportedLanguages

collection of string

The set of localized languages for an application.

publisherId

string

Publisher identifier.

category

string

Application category.

alternateIds

collection of AlternateIdentifier

The identifiers that can be used to instantiate the installation of on online application.

packageFamilyName

string

supportedPlatforms

collection of ProductPlatform

- - ## ProductImage Specifies the properties of the product image. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescription

location

URI

Location of the download image.

purpose

string

Tag for the image, for example "screenshot" or "logo".

height

string

Height of the image in pixels.

width

string

Width of the image in pixels.

caption

string

Unlimited length.

backgroundColor

string

Format "#RRGGBB"

foregroundColor

string

Format "#RRGGBB"

fileSize

integer-64

Size of the file.

+|Name|Type|Description| +|--- |--- |--- | +|location|URI|Location of the download image.| +|purpose|string|Tag for the image, for example "screenshot" or "logo".| +|height|string|Height of the image in pixels.| +|width|string|Width of the image in pixels.| +|caption|string|Unlimited length.| +|backgroundColor|string|Format "#RRGGBB"| +|foregroundColor|string|Format "#RRGGBB"| +|fileSize|integer-64|Size of the file.| ## ProductKey From 8d780c6d7546cdaa5f0bd13a1b43e3a351f26361 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Wed, 1 Dec 2021 11:54:55 -0500 Subject: [PATCH 088/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 47e39411f4..651c208dcc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -18,9 +18,9 @@ ms.date: 11/29/2021 ms.technology: windows-sec --- -# **Guidance on Creating WDAC Deny Policies** +# Guidance on Creating WDAC Deny Policies -With Windows Defender Application Control (WDAC), you can create applicatoin contorl policies to explicitly deny specific drivers and applications, as well as signatures and certificates and file paths. +With Windows Defender Application Control (WDAC), you can create applicatoin control policies to explicitly deny specific drivers and applications, as well as signatures and certificates and file paths. Topics this article will be discussing are: 1. File Rule Precedence Order @@ -30,7 +30,7 @@ Topics this article will be discussing are: 5. Best Practices 6. Tutorial/Walkthrough -## **File Rule Precendence Order** +## File Rule Precendence Order To create effective WDAC deny policies, it is crucial to understand how WDAC pares the policy. The WDAC engine evaluates files against the policy in the following order. @@ -38,18 +38,18 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 2. Explicit allow rules -3. WDAC will then check for the Managed Installer extended (EA) Allow Apps with a WDAC managed Installer (windows) - Windows security | Microsoft Docs) +3. WDAC will then check for the Managed Installer extended (EA) [Allow Apps with a WDAC managed Installer (windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer) -4. Lastly, WDAC will call the ISG to get reputation on file, if the policy has support for the ISG +4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG Explicit allow and deny rules encompass rules at any level (e.g. has rules, signer rules path rules, attritbute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. -## **Interaction with Existing Policies** -### **Adding Allow Rules** +## Interaction with Existing Policies +### Adding Allow Rules -In the scenario where there is not an explicit allow rule, there is not a managed installer or Intelligent Security Graph (ISG) EA and ISG is not configured, WDAC will block the file as there is nothing in the policy vouching for trust of the file. +In the scenario where there is not an explicit allow rule, there is not a managed installer or ISG EA and ISG is not configured, WDAC will block the file as there is nothing in the policy vouching for trust of the file. -If this deny policy is the only policy on the device, the following rule(s) need to be added to the policy in addition ot the deny/block rules to trust for the driver files outside of the intended blocklisted ones: +If this deny policy is the only policy on the device, the following rule(s) need to be added to the policy in addition to the deny/block rules to trust for the driver files outside of the intended blocklisted ones: ```xml @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard. ```PowerShell $DenyPolicy = @@ -105,13 +105,13 @@ If you are currently using multiple policies [Use multiple Windows Defender Appl Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. -## **Best Practices** +## Best Practices 1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the 3077 block events [Understanding Application Control event IDs (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide) 2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. -## **Tutorial** +## Tutorial ### Creating a Deny Policy Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. From 422ac0cb1fe9936aff3b8e20b80df64d985b3629 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Wed, 1 Dec 2021 12:06:47 -0500 Subject: [PATCH 089/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 651c208dcc..7fcfcb1c90 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -20,7 +20,7 @@ ms.technology: windows-sec # Guidance on Creating WDAC Deny Policies -With Windows Defender Application Control (WDAC), you can create applicatoin control policies to explicitly deny specific drivers and applications, as well as signatures and certificates and file paths. +With Windows Defender Application Control (WDAC), you can create application control policies to explicitly deny specific drivers and applications, as well as signatures and certificates and file paths. Topics this article will be discussing are: 1. File Rule Precedence Order @@ -36,11 +36,11 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 1. Explicit deny rules - if there is an explicit deny rule, do not process the rest of the rules; the file is untrusted. -2. Explicit allow rules +2. Explicit allow rules. -3. WDAC will then check for the Managed Installer extended (EA) [Allow Apps with a WDAC managed Installer (windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer) +3. WDAC will then check for the Managed Installer extended (EA) [Allow Apps with a WDAC managed Installer (windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer). -4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG +4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. Explicit allow and deny rules encompass rules at any level (e.g. has rules, signer rules path rules, attritbute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. From 7a93c7863a796a82d682e2f13561df61397a8ed6 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Wed, 1 Dec 2021 12:13:57 -0500 Subject: [PATCH 090/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 7fcfcb1c90..180cb7b8c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -132,7 +132,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If required, as in the cases listed above, Allow All rules [link to above Allow All section] may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: +If required, as in the cases listed above, [Allow All rules](48) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = From e5e0379ab62872f0e73944d24cc7d678c7eaad7a Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 2 Dec 2021 17:29:44 +0530 Subject: [PATCH 091/335] Html to md table conversion - batch 26 --- .../deployment/upgrade/upgrade-error-codes.md | 106 +++-- .../access-control/local-accounts.md | 190 ++------- .../hello-manage-in-organization.md | 368 +++--------------- .../how-user-account-control-works.md | 190 ++------- .../vpn/vpn-authentication.md | 15 +- .../bitlocker/bitlocker-basic-deployment.md | 140 +------ ...ve-encryption-tools-to-manage-bitlocker.md | 142 +------ ...nd-storage-area-networks-with-bitlocker.md | 121 +----- .../app-behavior-with-wip.md | 105 +---- .../create-wip-policy-using-configmgr.md | 94 +---- .../create-wip-policy-using-intune-azure.md | 43 +- .../limitations-with-wip.md | 148 +------ .../testing-scenarios-for-wip.md | 149 +------ ...iew-of-threat-mitigations-in-windows-10.md | 59 +-- ...-the-health-of-windows-10-based-devices.md | 83 +--- 15 files changed, 302 insertions(+), 1651 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 2286a7ec90..8af8acdd00 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -88,67 +88,57 @@ Extend codes can be matched to the phase and operation when an error occurred. T The following tables provide the corresponding phase and operation for values of an extend code: -
+### Extend code: phase - - -
Extend code: phase
HexPhase -
0SP_EXECUTION_UNKNOWN -
1SP_EXECUTION_DOWNLEVEL -
2SP_EXECUTION_SAFE_OS -
3SP_EXECUTION_FIRST_BOOT -
4SP_EXECUTION_OOBE_BOOT -
5SP_EXECUTION_UNINSTALL -
+|Hex|Phase| +|--- |--- | +|0|SP_EXECUTION_UNKNOWN| +|1|SP_EXECUTION_DOWNLEVEL| +|2|SP_EXECUTION_SAFE_OS| +|3|SP_EXECUTION_FIRST_BOOT| +|4|SP_EXECUTION_OOBE_BOOT| +|5|SP_EXECUTION_UNINSTALL| +### Extend code: Operation - - - - - -
Extend code: operation
- -
HexOperation -
0SP_EXECUTION_OP_UNKNOWN -
1SP_EXECUTION_OP_COPY_PAYLOAD -
2SP_EXECUTION_OP_DOWNLOAD_UPDATES -
3SP_EXECUTION_OP_INSTALL_UPDATES -
4SP_EXECUTION_OP_INSTALL_RECOVERY_ENVIRONMENT -
5SP_EXECUTION_OP_INSTALL_RECOVERY_IMAGE -
6SP_EXECUTION_OP_REPLICATE_OC -
7SP_EXECUTION_OP_INSTALL_DRVIERS -
8SP_EXECUTION_OP_PREPARE_SAFE_OS -
9SP_EXECUTION_OP_PREPARE_ROLLBACK -
ASP_EXECUTION_OP_PREPARE_FIRST_BOOT -
BSP_EXECUTION_OP_PREPARE_OOBE_BOOT -
CSP_EXECUTION_OP_APPLY_IMAGE -
DSP_EXECUTION_OP_MIGRATE_DATA -
ESP_EXECUTION_OP_SET_PRODUCT_KEY -
FSP_EXECUTION_OP_ADD_UNATTEND -
-		 - -
HexOperation -
10SP_EXECUTION_OP_ADD_DRIVER -
11SP_EXECUTION_OP_ENABLE_FEATURE -
12SP_EXECUTION_OP_DISABLE_FEATURE -
13SP_EXECUTION_OP_REGISTER_ASYNC_PROCESS -
14SP_EXECUTION_OP_REGISTER_SYNC_PROCESS -
15SP_EXECUTION_OP_CREATE_FILE -
16SP_EXECUTION_OP_CREATE_REGISTRY -
17SP_EXECUTION_OP_BOOT -
18SP_EXECUTION_OP_SYSPREP -
19SP_EXECUTION_OP_OOBE -
1ASP_EXECUTION_OP_BEGIN_FIRST_BOOT -
1BSP_EXECUTION_OP_END_FIRST_BOOT -
1CSP_EXECUTION_OP_BEGIN_OOBE_BOOT -
1DSP_EXECUTION_OP_END_OOBE_BOOT -
1ESP_EXECUTION_OP_PRE_OOBE -
1FSP_EXECUTION_OP_POST_OOBE -
20SP_EXECUTION_OP_ADD_PROVISIONING_PACKAGE -
-
+|Hex|Operation| +|--- |--- | +|0|SP_EXECUTION_OP_UNKNOWN| +|1|SP_EXECUTION_OP_COPY_PAYLOAD| +|2|SP_EXECUTION_OP_DOWNLOAD_UPDATES| +|3|SP_EXECUTION_OP_INSTALL_UPDATES| +|4|SP_EXECUTION_OP_INSTALL_RECOVERY_ENVIRONMENT| +|5|SP_EXECUTION_OP_INSTALL_RECOVERY_IMAGE| +|6|SP_EXECUTION_OP_REPLICATE_OC| +|7|SP_EXECUTION_OP_INSTALL_DRIVERS| +|8|SP_EXECUTION_OP_PREPARE_SAFE_OS| +|9|SP_EXECUTION_OP_PREPARE_ROLLBACK| +|A|SP_EXECUTION_OP_PREPARE_FIRST_BOOT| +|B|SP_EXECUTION_OP_PREPARE_OOBE_BOOT| +|C|SP_EXECUTION_OP_APPLY_IMAGE| +|D|SP_EXECUTION_OP_MIGRATE_DATA| +|E|SP_EXECUTION_OP_SET_PRODUCT_KEY| +|F|SP_EXECUTION_OP_ADD_UNATTEND| + +|Hex|Operation| +|--- |--- | +|10|SP_EXECUTION_OP_ADD_DRIVER| +|11|SP_EXECUTION_OP_ENABLE_FEATURE| +|12|SP_EXECUTION_OP_DISABLE_FEATURE| +|13|SP_EXECUTION_OP_REGISTER_ASYNC_PROCESS| +|14|SP_EXECUTION_OP_REGISTER_SYNC_PROCESS| +|15|SP_EXECUTION_OP_CREATE_FILE| +|16|SP_EXECUTION_OP_CREATE_REGISTRY| +|17|SP_EXECUTION_OP_BOOT| +|18|SP_EXECUTION_OP_SYSPREP| +|19|SP_EXECUTION_OP_OOBE| +|1A|SP_EXECUTION_OP_BEGIN_FIRST_BOOT| +|1B|SP_EXECUTION_OP_END_FIRST_BOOT| +|1C|SP_EXECUTION_OP_BEGIN_OOBE_BOOT| +|1D|SP_EXECUTION_OP_END_OOBE_BOOT| +|1E|SP_EXECUTION_OP_PRE_OOBE| +|1F|SP_EXECUTION_OP_POST_OOBE| +|20|SP_EXECUTION_OP_ADD_PROVISIONING_PACKAGE| For example: An extend code of **0x4000D**, represents a problem during phase 4 (**0x4**) with data migration (**000D**). diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 2126be498a..b2a5460671 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -139,53 +139,16 @@ For details about the HelpAssistant account attributes, see the following table. **HelpAssistant account attributes** - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-<domain>-13 (Terminal Server User), S-1-5-<domain>-14 (Remote Interactive Logon)

Type

User

Default container

CN=Users, DC=<domain>, DC=

Default members

None

Default member of

Domain Guests

-

Guests

Protected by ADMINSDHOLDER?

No

Safe to move out of default container?

Can be moved out, but we do not recommend it.

Safe to delegate management of this group to non-Service admins?

No

+|Attribute|Value| +|--- |--- | +|Well-Known SID/RID|S-1-5--13 (Terminal Server User), S-1-5--14 (Remote Interactive Logon)| +|Type|User| +|Default container|CN=Users, DC=, DC=| +|Default members|None| +|Default member of|Domain Guests

Guests| +|Protected by ADMINSDHOLDER?|No| +|Safe to move out of default container?|Can be moved out, but we do not recommend it.| +|Safe to delegate management of this group to non-Service admins?|No| ### DefaultAccount @@ -290,71 +253,18 @@ For more information about UAC, see [User Account Control](/windows/access-prote The following table shows the Group Policy and registry settings that are used to enforce local account restrictions for remote access. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

No.

Setting

Detailed Description

Policy location

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

1

Policy name

User Account Control: Run all administrators in Admin Approval Mode

Policy setting

Enabled

2

Policy location

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Policy name

User Account Control: Run all administrators in Admin Approval Mode

Policy setting

Enabled

3

Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Registry value name

LocalAccountTokenFilterPolicy

Registry value type

DWORD

Registry value data

0

- +|No.|Setting|Detailed Description| +|--- |--- |--- | +||Policy location|Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options| +|1|Policy name|[User Account Control: Run all administrators in Admin Approval Mode](/windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode)| +||Policy setting|Enabled| +|2|Policy location|Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options| +||Policy name|[User Account Control: Run all administrators in Admin Approval Mode](/windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode)| +||Policy setting|Enabled| +|3|Registry key|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System| +||Registry value name|LocalAccountTokenFilterPolicy| +||Registry value type|DWORD| +||Registry value data|0| >[!NOTE] >You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. @@ -437,54 +347,14 @@ In order to perform this procedure, you must first identify the name of the loca The following table shows the Group Policy settings that are used to deny network logon for all local Administrator accounts. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

No.

Setting

Detailed Description

Policy location

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

1

Policy name

Deny access to this computer from the network

Policy setting

Local account and member of Administrators group

-

2

Policy location

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Policy name

Deny log on through Remote Desktop Services

Policy setting

Local account and member of Administrators group

-
- - +|No.|Setting|Detailed Description| +|--- |--- |--- | +||Policy location|Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment| +|1|Policy name|[Deny access to this computer from the network](/windows/device-security/security-policy-settings/deny-access-to-this-computer-from-the-network)| +||Policy setting|Local account and member of Administrators group| +|2|Policy location|Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment| +||Policy name|[Deny log on through Remote Desktop Services](/windows/device-security/security-policy-settings/deny-log-on-through-remote-desktop-services)| +||Policy setting|Local account and member of Administrators group| **To deny network logon to all local administrator accounts** diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index de574128e5..a585e796ba 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -41,151 +41,32 @@ The following table lists the Group Policy settings that you can configure for W > [!NOTE] > Starting with Windows 10, version 1709, the location of the PIN complexity section of the Group Policy is: **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity**. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyScopeOptions
Use Windows Hello for BusinessComputer or user -

Not configured: Device does not provision Windows Hello for Business for any user.

-

Enabled: Device provisions Windows Hello for Business using keys or certificates for all users.

-

Disabled: Device does not provision Windows Hello for Business for any user.

-
Use a hardware security deviceComputer -

Not configured: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.

-

Enabled: Windows Hello for Business will only be provisioned using TPM. This feature will provision Windows Hello for Business using TPM 1.2 unless the option to exclude them is explicitly set.

-

Disabled: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.

-
Use certificate for on-premises authenticationComputer or user -

Not configured: Windows Hello for Business enrolls a key that is used for on-premises authentication.

-

Enabled: Windows Hello for Business enrolls a sign-in certificate using ADFS that is used for on-premises authentication.

-

Disabled: Windows Hello for Business enrolls a key that is used for on-premises authentication.

-
Use PIN recoveryComputer -

Added in Windows 10, version 1703

-

Not configured: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.

-

Enabled: Windows Hello for Business uses the Azure-based PIN recovery service for PIN reset.

-

Disabled: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.

-

+|Policy|Scope|Options| +|--- |--- |--- | +|Use Windows Hello for Business|Computer or user|

Not configured: Device does not provision Windows Hello for Business for any user.

Enabled: Device provisions Windows Hello for Business using keys or certificates for all users.

Disabled: Device does not provision Windows Hello for Business for any user.| +|Use a hardware security device|Computer|

Not configured: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.

Enabled: Windows Hello for Business will only be provisioned using TPM. This feature will provision Windows Hello for Business using TPM 1.2 unless the option to exclude them is explicitly set.

Disabled: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.| +|Use certificate for on-premises authentication|Computer or user|

Not configured: Windows Hello for Business enrolls a key that is used for on-premises authentication.

Enabled: Windows Hello for Business enrolls a sign-in certificate using ADFS that is used for on-premises authentication.

Disabled: Windows Hello for Business enrolls a key that is used for on-premises authentication.| +|Use PIN recovery|Computer|

Added in Windows 10, version 1703

Not configured: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service

Enabled: Windows Hello for Business uses the Azure-based PIN recovery service for PIN reset

Disabled: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.

For more information about using the PIN recovery service for PIN reset see [Windows Hello for Business PIN Reset](hello-feature-pin-reset.md).| +|Use biometrics|Computer|

Not configured: Biometrics can be used as a gesture in place of a PIN

Enabled: Biometrics can be used as a gesture in place of a PIN.

Disabled: Only a PIN can be used as a gesture.| -For more information about using the PIN recovery service for PIN reset see [Windows Hello for Business PIN Reset](hello-feature-pin-reset.md). -

-
Use biometricsComputer -

Not configured: Biometrics can be used as a gesture in place of a PIN.

-

Enabled: Biometrics can be used as a gesture in place of a PIN.

-

Disabled: Only a PIN can be used as a gesture.

-
PIN ComplexityRequire digitsComputer -

Not configured: Users must include a digit in their PIN.

-

Enabled: Users must include a digit in their PIN.

-

Disabled: Users cannot use digits in their PIN.

-
Require lowercase lettersComputer -

Not configured: Users cannot use lowercase letters in their PIN.

-

Enabled: Users must include at least one lowercase letter in their PIN.

-

Disabled: Users cannot use lowercase letters in their PIN.

-
Maximum PIN lengthComputer -

Not configured: PIN length must be less than or equal to 127.

-

Enabled: PIN length must be less than or equal to the number you specify.

-

Disabled: PIN length must be less than or equal to 127.

-
Minimum PIN lengthComputer -

Not configured: PIN length must be greater than or equal to 4.

-

Enabled: PIN length must be greater than or equal to the number you specify.

-

Disabled: PIN length must be greater than or equal to 4.

-
ExpirationComputer -

Not configured: PIN does not expire.

-

Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.

-

Disabled: PIN does not expire.

-
HistoryComputer -

Not configured: Previous PINs are not stored.

-

Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.

-

Disabled: Previous PINs are not stored.

-
Note  Current PIN is included in PIN history.
-
 
-
Require special charactersComputer -

Not configured: Users cannot include a special character in their PIN.

-

Enabled: Users must include at least one special character in their PIN.

-

Disabled: Users cannot include a special character in their PIN.

-
Require uppercase lettersComputer -

Not configured: Users cannot include an uppercase letter in their PIN.

-

Enabled: Users must include at least one uppercase letter in their PIN.

-

Disabled: Users cannot include an uppercase letter in their PIN.

-
Phone Sign-inUse Phone Sign-inComputer -

Not currently supported.

-
+### PIN Complexity + +|Policy|Scope|Options| +|--- |--- |--- | +|Require digits|Computer|

Not configured: Users must include a digit in their PIN.

Enabled: Users must include a digit in their PIN.

Disabled: Users cannot use digits in their PIN.| +|Require lowercase letters|Computer|

Not configured: Users cannot use lowercase letters in their PIN

Enabled: Users must include at least one lowercase letter in their PIN.

Disabled: Users cannot use lowercase letters in their PIN.| +|Maximum PIN length|Computer|

Not configured: PIN length must be less than or equal to 127.

Enabled: PIN length must be less than or equal to the number you specify.

Disabled: PIN length must be less than or equal to 127.| +|Minimum PIN length|Computer|

Not configured: PIN length must be greater than or equal to 4.

Enabled: PIN length must be greater than or equal to the number you specify.

Disabled: PIN length must be greater than or equal to 4.| +|Expiration|Computer|

Not configured: PIN does not expire.

Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.

Disabled: PIN does not expire.| +|History|Computer|

Not configured: Previous PINs are not stored.

Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.

Disabled: Previous PINs are not stored.

Note  Current PIN is included in PIN history.
| +|Require special characters|Computer|

Not configured: Users cannot include a special character in their PIN

Enabled: Users must include at least one special character in their PIN.

Disabled: Users cannot include a special character in their PIN.| +|Require uppercase letters|Computer|

Not configured: Users cannot include an uppercase letter in their PIN.

Enabled: Users must include at least one uppercase letter in their PIN.

Disabled: Users cannot include an uppercase letter in their PIN.| + +### Phone Sign-in + +|Policy|Scope|Options| +|--- |--- |--- | +|Use Phone Sign-in|Computer|Not currently supported.| ## MDM policy settings for Windows Hello for Business @@ -194,175 +75,38 @@ The following table lists the MDM policy settings that you can configure for Win >[!IMPORTANT] >Starting in Windows 10, version 1607, all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyScopeDefaultOptions
UsePassportForWorkDevice or userTrue -

True: Windows Hello for Business will be provisioned for all users on the device.

-

False: Users will not be able to provision Windows Hello for Business.

-
Note  If Windows Hello for Business is enabled, and then the policy is changed to False, users who previously set up Windows Hello for Business can continue to use it, but will not be able to set up Windows Hello for Business on other devices.
-
 
-
RequireSecurityDeviceDevice or userFalse -

True: Windows Hello for Business will only be provisioned using TPM.

-

False: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.

-
ExcludeSecurityDeviceTPM12DeviceFalse -

Added in Windows 10, version 1703

-

True: TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.

-

False: TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business.

-
EnablePinRecoveryDevice or userFalse -

Added in Windows 10, version 1703

-

True: Windows Hello for Business uses the Azure-based PIN recovery service for PIN reset.

-

False: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.

-

+|Policy|Scope|Default|Options| +|--- |--- |--- |--- | +|UsePassportForWork|Device or user|True|

True: Windows Hello for Business will be provisioned for all users on the device.

False: Users will not be able to provision Windows Hello for Business.

**Note:** If Windows Hello for Business is enabled, and then the policy is changed to False, users who previously set up Windows Hello for Business can continue to use it, but will not be able to set up Windows Hello for Business on other devices
| +|RequireSecurityDevice|Device or user|False|

True: Windows Hello for Business will only be provisioned using TPM.

False: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.| +|ExcludeSecurityDevice

TPM12|Device|False|Added in Windows 10, version 1703

True: TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.

False: TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business.| +|EnablePinRecovery|Device or use|False|

Added in Windows 10, version 1703

True: Windows Hello for Business uses the Azure-based PIN recovery service for PIN reset.

False: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.For more information about using the PIN recovery service for PIN reset see [Windows Hello for Business PIN Reset](hello-feature-pin-reset.md).| -For more information about using the PIN recovery service for PIN reset see [Windows Hello for Business PIN Reset](hello-feature-pin-reset.md). -

-
Biometrics -

UseBiometrics

-		Device False -

True: Biometrics can be used as a gesture in place of a PIN for domain sign-in.

-

False: Only a PIN can be used as a gesture for domain sign-in.

-
-

FacialFeaturesUser

-

EnhancedAntiSpoofing

-		DeviceNot configured -

Not configured: users can choose whether to turn on enhanced anti-spoofing.

-

True: Enhanced anti-spoofing is required on devices which support it.

-

False: Users cannot turn on enhanced anti-spoofing.

-
PINComplexity
Digits Device or user1 -

0: Digits are allowed.

-

1: At least one digit is required.

-

2: Digits are not allowed.

-
Lowercase letters Device or user2 -

0: Lowercase letters are allowed.

-

1: At least one lowercase letter is required.

-

2: Lowercase letters are not allowed.

-
Special charactersDevice or user2 -

0: Special characters are allowed.

-

1: At least one special character is required.

-

2: Special characters are not allowed.

-
Uppercase lettersDevice or user2 -

0: Uppercase letters are allowed.

-

1: At least one uppercase letter is required.

-

2: Uppercase letters are not allowed.

-
Maximum PIN length Device or user127 -

Maximum length that can be set is 127. Maximum length cannot be less than minimum setting.

-
Minimum PIN lengthDevice or user4 -

Minimum length that can be set is 4. Minimum length cannot be greater than maximum setting.

-
Expiration Device or user0 -

Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire. -

-
HistoryDevice or user0 -

Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. -

-
Remote -

UseRemotePassport

-		Device or userFalse -

Not currently supported.

-
+### Biometrics + +|Policy|Scope|Default|Options| +|--- |--- |--- |--- | +|UseBiometrics|Device |False|

True: Biometrics can be used as a gesture in place of a PIN for domain sign-in.

False: Only a PIN can be used as a gesture for domain sign-in.| +|

FacialFeaturesUser

EnhancedAntiSpoofing|Device|Not configured|

Not configured: users can choose whether to turn on enhanced anti-spoofing.

True: Enhanced anti-spoofing is required on devices which support it.

False: Users cannot turn on enhanced anti-spoofing.| + +### PINComplexity + +|Policy|Scope|Default|Options| +|--- |--- |--- |--- | +|Digits |Device or user|1 |

0: Digits are allowed.

1: At least one digit is required.

2: Digits are not allowed.| +|Lowercase letters |Device or user|2|

0: Lowercase letters are allowed.

1: At least one lowercase letter is required.

2: Lowercase letters are not allowed.| +|Special characters|Device or user|2|

0: Special characters are allowed.

1: At least one special character is required.

2: Special characters are not allowed.| +|Uppercase letters|Device or user|2|

0: Uppercase letters are allowed.

1: At least one uppercase letter is required.

2: Uppercase letters are not allowed.| +|Maximum PIN length |Device or user|127 |

Maximum length that can be set is 127. Maximum length cannot be less than minimum setting.| +|Minimum PIN length|Device or user|4|

Minimum length that can be set is 4. Minimum length cannot be greater than maximum setting.| +|Expiration |Device or user|0|

Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire.| +|History|Device or user|0|

Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required.| + +### Remote + +|Policy|Scope|Default|Options| +|--- |--- |--- |--- | +|UseRemotePassport|Device or user|False|Not currently supported.| >[!NOTE] > In Windows 10, version 1709 and later, if policy is not configured to explicitly require letters or special characters, users can optionally set an alphanumeric PIN. Prior to version 1709 the user is required to set a numeric PIN. diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index e9f7b85291..edf3452542 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -106,169 +106,35 @@ The following diagram details the UAC architecture. To better understand each component, review the table below: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentDescription
User
-

User performs operation requiring privilege

-		 -

If the operation changes the file system or registry, Virtualization is called. All other operations call ShellExecute.

-
-

ShellExecute

-		 -

ShellExecute calls CreateProcess. ShellExecute looks for the ERROR_ELEVATION_REQUIRED error from CreateProcess. If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.

-
-

CreateProcess

-		 -

If the application requires elevation, CreateProcess rejects the call with ERROR_ELEVATION_REQUIRED.

-
System
-

Application Information service

-		 -

A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required and (depending on Group Policy) consent is given by the user to do so.

-
-

Elevating an ActiveX install

-		 -

If ActiveX is not installed, the system checks the UAC slider level. If ActiveX is installed, the User Account Control: Switch to the secure desktop when prompting for elevation Group Policy setting is checked.

-
-

Check UAC slider level

-		 -

UAC has a slider to select from four levels of notification.

-
    -

  • Always notify will:

    -
      -
    • Notify you when programs try to install software or make changes to your computer.
      • -
    • Notify you when you make changes to Windows settings.
      • -
    • Freeze other tasks until you respond.
      • -
    -

    Recommended if you often install new software or visit unfamiliar websites.


    -
    • -

  • Notify me only when programs try to make changes to my computer will:

    -
      -
    • Notify you when programs try to install software or make changes to your computer.
      • -
    • Not notify you when you make changes to Windows settings.
      • -
    • Freeze other tasks until you respond.
      • -
    -

    Recommended if you do not often install apps or visit unfamiliar websites.


    -
    • -

  • Notify me only when programs try to make changes to my computer (do not dim my desktop) will:

    -
      -
    • Notify you when programs try to install software or make changes to your computer.
      • -
    • Not notify you when you make changes to Windows settings.
      • -
    • Not freeze other tasks until you respond.
      • -
    -

    Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.


    -
    • -

  • Never notify (Disable UAC prompts) will:

    -
      -
    • Not notify you when programs try to install software or make changes to your computer.
      • -
    • Not notify you when you make changes to Windows settings.
      • -
    • Not freeze other tasks until you respond.
      • -
    -

    Not recommended due to security concerns.

    -
-
-

Secure desktop enabled

-		 -

The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is checked:

-
    -
  • -

    If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.

    -
    • -
  • -

    If the secure desktop is not enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.

    -
    • -
-
-

CreateProcess

-		 -

CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the app requires elevation. The file is then inspected to determine its requested execution level, which is stored in the application manifest for the file. CreateProcess fails if the requested execution level specified in the manifest does not match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.

-
-

AppCompat

-		 -

The AppCompat database stores information in the application compatibility fix entries for an application.

-
-

Fusion

-		 -

The Fusion database stores information from application manifests that describe the applications. The manifest schema is updated to add a new requested execution level field.

-
-

Installer detection

-		 -

Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.

-
Kernel
-

Virtualization

-		 -

Virtualization technology ensures that non-compliant apps do not silently fail to run or fail in a way that the cause cannot be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.

-
-

File system and registry

-		 -

The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.

-
+### User + +|Component|Description| +|--- |--- | +|

User performs operation requiring privilege|

If the operation changes the file system or registry, Virtualization is called. All other operations call ShellExecute.| +|

ShellExecute|

ShellExecute calls CreateProcess. ShellExecute looks for the ERROR_ELEVATION_REQUIRED error from CreateProcess. If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.| +|

CreateProcess|

If the application requires elevation, CreateProcess rejects the call with ERROR_ELEVATION_REQUIRED.| + +### System + +|Component|Description| +|--- |--- | +|

Application Information service|

A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required and (depending on Group Policy) consent is given by the user to do so.| +|

Elevating an ActiveX install|

If ActiveX is not installed, the system checks the UAC slider level. If ActiveX is installed, the **User Account Control: Switch to the secure desktop when prompting for elevation** Group Policy setting is checked.| +|

Check UAC slider level|

UAC has a slider to select from four levels of notification.

  • **Always notify** will:

    • Notify you when programs try to install software or make changes to your computer.
    • Notify you when you make changes to Windows settings.
    • Freeze other tasks until you respond.

    Recommended if you often install new software or visit unfamiliar websites.

  • **Notify me only when programs try to make changes to my computer** will:

    • Notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
    • Freeze other tasks until you respond.

    Recommended if you do not often install apps or visit unfamiliar websites.

  • **Notify me only when programs try to make changes to my computer (do not dim my desktop)** will:

    • Notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
    • Not freeze other tasks until you respond.

    Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.

  • **Never notify (Disable UAC prompts)** will:

    • Not notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
    • Not freeze other tasks until you respond.

    Not recommended due to security concerns.| +|

    Secure desktop enabled|

    The **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is checked:

    • If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.

    • If the secure desktop is not enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.| +|

      CreateProcess|

      CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the app requires elevation. The file is then inspected to determine its requested execution level, which is stored in the application manifest for the file. CreateProcess fails if the requested execution level specified in the manifest does not match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.| +|

      AppCompat|

      The AppCompat database stores information in the application compatibility fix entries for an application.| +|

      Fusion|

      The Fusion database stores information from application manifests that describe the applications. The manifest schema is updated to add a new requested execution level field.| +|

      Installer detection|

      Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.| + +### Kernel + +|Component|Description| +|--- |--- | +|

      Virtualization|

      Virtualization technology ensures that non-compliant apps do not silently fail to run or fail in a way that the cause cannot be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.| +|

      File system and registry|

      The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.| -The slider will never turn UAC completely off. If you set it to Never notify, it will: +The slider will never turn UAC completely off. If you set it to **Never notify**, it will: - Keep the UAC service running. - Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt. diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 77824138a9..b646e90f3e 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -23,15 +23,12 @@ In addition to older and less-secure password-based authentication methods (whic Windows supports a number of EAP authentication methods. - - - - - - - -
      MethodDetails
      EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)
      • User name and password authentication
      • Winlogon credentials - can specify authentication with computer sign-in credentials
      EAP-Transport Layer Security (EAP-TLS)
      • Supports the following types of certificate authentication
        • Certificate with keys in the software Key Storage Provider (KSP)
        • Certificate with keys in Trusted Platform Module (TPM) KSP
        • Smart card certificates
        • Windows Hello for Business certificate
      • Certificate filtering
        • Certificate filtering can be enabled to search for a particular certificate to use to authenticate with
        • Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based
      • Server validation - with TLS, server validation can be toggled on or off
        • Server name - specify the server to validate
        • Server certificate - trusted root certificate to validate the server
        • Notification - specify if the user should get a notification asking whether to trust the server or not
      Protected Extensible Authentication Protocol (PEAP)
      • Server validation - with PEAP, server validation can be toggled on or off
        • Server name - specify the server to validate
        • Server certificate - trusted root certificate to validate the server
        • Notification - specify if the user should get a notification asking whether to trust the server or not
      • Inner method - the outer method creates a secure tunnel inside while the inner method is used to complete the authentication
        • EAP-MSCHAPv2
        • EAP-TLS
      • Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.
      • Cryptobinding: By deriving and exchanging values from the PEAP phase 1 key material (Tunnel Key) and from the PEAP phase 2 inner EAP method key material (Inner Session Key), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
      Tunneled Transport Layer Security (TTLS)
      • Inner method
        • Non-EAP
          • Password Authentication Protocol (PAP)
          • CHAP
          • MSCHAP
          • MSCHAPv2
        • EAP
          • MSCHAPv2
          • TLS
      • Server validation: in TTLS, the server must be validated. The following can be configured:
        • Server name
        • Trusted root certificate for server certificate
        • Whether there should be a server validation notification
      -
      +|Method|Details| +|--- |--- | +|EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)|

    • User name and password authentication
    • Winlogon credentials- can specify authentication with computer sign-in credentials| +|EAP-Transport Layer Security (EAP-TLS)|

      Supports the following types of certificate authentication

    • Certificate with keys in the software Key Storage Provider (KSP)
    • Certificate with keys in Trusted Platform Module (TPM) KSP
    • Smart card certificates
    • Windows Hello for Business certificate

      Certificate filtering

    • Certificate filtering can be enabled to search for a particular certificate to use to authenticate with
    • Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based

      Server validation- with TLS, server validation can be toggled on or off

    • Server name-specify the server to validate
    • Server certificate- trusted root certificate to validate the server
    • Notification-specify if the user should get a notification asking whether to trust the server or not| +|[Protected Extensible Authentication Protocol (PEAP)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754179(v=ws.11))|

      Server validation with PEAP,- server validation can be toggled on or off

    • Server name- specify the server to validate
    • Server certificate- trusted root certificate to validate the server
    • Notification- specify if the user should get a notification asking whether to trust the server or not

      Inner method- the outer method creates a secure tunnel inside while the inner method is used to complete the authentication

    • EAP-MSCHAPv2
    • EAP-TLS

      Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.

      [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.| +|Tunneled Transport Layer Security (TTLS)|**Inner method**

      Non-EAP

    • Password Authentication Protocol (PAP)
    • CHAP
    • MSCHAP
    • MSCHAPv2

      EAP

    • MSCHAPv2
    • TLS

      Server validation: in TTLS, the server must be validated. The following can be configured:

    • Server name
    • Trusted root certificate for server certificate
    • Whether there should be a server validation notification| For a UWP VPN plug-in, the app vendor controls the authentication method to be used. The following credential types can be used: diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index d43cdb899b..887293791c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -184,132 +184,20 @@ manage-bde -on C: Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Using Windows PowerShell's scripting capabilities, administrators can integrate BitLocker options into existing scripts with ease. The list below displays the available BitLocker cmdlets. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Name

      Parameters

      Add-BitLockerKeyProtector

      -ADAccountOrGroup

      -

      -ADAccountOrGroupProtector

      -

      -Confirm

      -

      -MountPoint

      -

      -Password

      -

      -PasswordProtector

      -

      -Pin

      -

      -RecoveryKeyPath

      -

      -RecoveryKeyProtector

      -

      -RecoveryPassword

      -

      -RecoveryPasswordProtector

      -

      -Service

      -

      -StartupKeyPath

      -

      -StartupKeyProtector

      -

      -TpmAndPinAndStartupKeyProtector

      -

      -TpmAndPinProtector

      -

      -TpmAndStartupKeyProtector

      -

      -TpmProtector

      -

      -WhatIf

      Backup-BitLockerKeyProtector

      -Confirm

      -

      -KeyProtectorId

      -

      -MountPoint

      -

      -WhatIf

      Disable-BitLocker

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Disable-BitLockerAutoUnlock

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Enable-BitLocker

      -AdAccountOrGroup

      -

      -AdAccountOrGroupProtector

      -

      -Confirm

      -

      -EncryptionMethod

      -

      -HardwareEncryption

      -

      -Password

      -

      -PasswordProtector

      -

      -Pin

      -

      -RecoveryKeyPath

      -

      -RecoveryKeyProtector

      -

      -RecoveryPassword

      -

      -RecoveryPasswordProtector

      -

      -Service

      -

      -SkipHardwareTest

      -

      -StartupKeyPath

      -

      -StartupKeyProtector

      -

      -TpmAndPinAndStartupKeyProtector

      -

      -TpmAndPinProtector

      -

      -TpmAndStartupKeyProtector

      -

      -TpmProtector

      -

      -UsedSpaceOnly

      -

      -WhatIf

      Enable-BitLockerAutoUnlock

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Get-BitLockerVolume

      -MountPoint

      Lock-BitLocker

      -Confirm

      -

      -ForceDismount

      -

      -MountPoint

      -

      -WhatIf

      Remove-BitLockerKeyProtector

      -Confirm

      -

      -KeyProtectorId

      -

      -MountPoint

      -

      -WhatIf

      Resume-BitLocker

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Suspend-BitLocker

      -Confirm

      -

      -MountPoint

      -

      -RebootCount

      -

      -WhatIf

      Unlock-BitLocker

      -AdAccountOrGroup

      -

      -Confirm

      -

      -MountPoint

      -

      -Password

      -

      -RecoveryKeyPath

      -

      -RecoveryPassword

      -

      -RecoveryPassword

      -

      -WhatIf

      +|Name|Parameters| +|--- |--- | +|**Add-BitLockerKeyProtector**|
    • ADAccountOrGroup
    • ADAccountOrGroupProtector
    • Confirm
    • MountPoint
    • Password
    • PasswordProtector
    • Pin
    • RecoveryKeyPath
    • RecoveryKeyProtector
    • RecoveryPassword
    • RecoveryPasswordProtector
    • Service
    • StartupKeyPath
    • StartupKeyProtector
    • TpmAndPinAndStartupKeyProtector
    • TpmAndPinProtector
    • TpmAndStartupKeyProtector
    • TpmProtector
    • WhatIf| +|**Backup-BitLockerKeyProtector**|
    • Confirm
    • KeyProtectorId
    • MountPoint
    • WhatIf| +|**Disable-BitLocker**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Disable-BitLockerAutoUnlock**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Enable-BitLocker**|
    • AdAccountOrGroup
    • AdAccountOrGroupProtector
    • Confirm
    • EncryptionMethod
    • HardwareEncryption
    • Password
    • PasswordProtector
    • Pin
    • RecoveryKeyPath
    • RecoveryKeyProtector
    • RecoveryPassword
    • RecoveryPasswordProtector
    • Service
    • SkipHardwareTest
    • StartupKeyPath
    • StartupKeyProtector
    • TpmAndPinAndStartupKeyProtector
    • TpmAndPinProtector
    • TpmAndStartupKeyProtector
    • TpmProtector
    • UsedSpaceOnly
    • WhatIf| +|**Enable-BitLockerAutoUnlock**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Get-BitLockerVolume**|
    • MountPoint| +|**Lock-BitLocker**|
    • Confirm
    • ForceDismount
    • MountPoint
    • WhatIf| +|**Remove-BitLockerKeyProtector**|
    • Confirm
    • KeyProtectorId
    • MountPoint
    • WhatIf| +|**Resume-BitLocker**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Suspend-BitLocker**|
    • Confirm
    • MountPoint
    • RebootCount
    • WhatIf| +|**Unlock-BitLocker**|
    • AdAccountOrGroup
    • Confirm
    • MountPoint
    • Password
    • RecoveryKeyPath
    • RecoveryPassword
    • RecoveryPassword
    • WhatIf| Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index c70a1373ec..300f1f911d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -128,134 +128,20 @@ For more information about using repair-bde, see [Repair-bde](/previous-versions Windows PowerShell cmdlets provide a new way for administrators to use when working with BitLocker. Using Windows PowerShell's scripting capabilities, administrators can integrate BitLocker options into existing scripts with ease. The list below displays the available BitLocker cmdlets. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Name

      Parameters

      Add-BitLockerKeyProtector

      -ADAccountOrGroup

      -

      -ADAccountOrGroupProtector

      -

      -Confirm

      -

      -MountPoint

      -

      -Password

      -

      -PasswordProtector

      -

      -Pin

      -

      -RecoveryKeyPath

      -

      -RecoveryKeyProtector

      -

      -RecoveryPassword

      -

      -RecoveryPasswordProtector

      -

      -Service

      -

      -StartupKeyPath

      -

      -StartupKeyProtector

      -

      -TpmAndPinAndStartupKeyProtector

      -

      -TpmAndPinProtector

      -

      -TpmAndStartupKeyProtector

      -

      -TpmProtector

      -

      -WhatIf

      Backup-BitLockerKeyProtector

      -Confirm

      -

      -KeyProtectorId

      -

      -MountPoint

      -

      -WhatIf

      Disable-BitLocker

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Disable-BitLockerAutoUnlock

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Enable-BitLocker

      -AdAccountOrGroup

      -

      -AdAccountOrGroupProtector

      -

      -Confirm

      -

      -EncryptionMethod

      -

      -HardwareEncryption

      -

      -Password

      -

      -PasswordProtector

      -

      -Pin

      -

      -RecoveryKeyPath

      -

      -RecoveryKeyProtector

      -

      -RecoveryPassword

      -

      -RecoveryPasswordProtector

      -

      -Service

      -

      -SkipHardwareTest

      -

      -StartupKeyPath

      -

      -StartupKeyProtector

      -

      -TpmAndPinAndStartupKeyProtector

      -

      -TpmAndPinProtector

      -

      -TpmAndStartupKeyProtector

      -

      -TpmProtector

      -

      -UsedSpaceOnly

      -

      -WhatIf

      Enable-BitLockerAutoUnlock

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Get-BitLockerVolume

      -MountPoint

      Lock-BitLocker

      -Confirm

      -

      -ForceDismount

      -

      -MountPoint

      -

      -WhatIf

      Remove-BitLockerKeyProtector

      -Confirm

      -

      -KeyProtectorId

      -

      -MountPoint

      -

      -WhatIf

      Resume-BitLocker

      -Confirm

      -

      -MountPoint

      -

      -WhatIf

      Suspend-BitLocker

      -Confirm

      -

      -MountPoint

      -

      -RebootCount

      -

      -WhatIf

      Unlock-BitLocker

      -AdAccountOrGroup

      -

      -Confirm

      -

      -MountPoint

      -

      -Password

      -

      -RecoveryKeyPath

      -

      -RecoveryPassword

      -

      -RecoveryPassword

      -

      -WhatIf

      +|Name|Parameters| +|--- |--- | +|**Add-BitLockerKeyProtector**|
    • ADAccountOrGroup
    • ADAccountOrGroupProtector
    • Confirm
    • MountPoint
    • Password
    • PasswordProtector
    • Pin
    • RecoveryKeyPath
    • RecoveryKeyProtector
    • RecoveryPassword
    • RecoveryPasswordProtector
    • Service
    • StartupKeyPath
    • StartupKeyProtector
    • TpmAndPinAndStartupKeyProtector
    • TpmAndPinProtector
    • TpmAndStartupKeyProtector
    • TpmProtector
    • WhatIf| +|**Backup-BitLockerKeyProtector**|
    • Confirm
    • KeyProtectorId
    • MountPoint
    • WhatIf| +|**Disable-BitLocker**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Disable-BitLockerAutoUnlock**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Enable-BitLocker**|
    • AdAccountOrGroup
    • AdAccountOrGroupProtector
    • Confirm
    • EncryptionMethod
    • HardwareEncryption
    • Password
    • PasswordProtector
    • Pin
    • RecoveryKeyPath
    • RecoveryKeyProtector
    • RecoveryPassword
    • RecoveryPasswordProtector
    • Service
    • SkipHardwareTest
    • StartupKeyPath
    • StartupKeyProtector
    • TpmAndPinAndStartupKeyProtector
    • TpmAndPinProtector
    • TpmAndStartupKeyProtector
    • TpmProtector
    • UsedSpaceOnly
    • WhatIf| +|**Enable-BitLockerAutoUnlock**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Get-BitLockerVolume**|
    • MountPoint| +|**Lock-BitLocker**|
    • Confirm
    • ForceDismount
    • MountPoint
    • WhatIf| +|**Remove-BitLockerKeyProtector**|
    • Confirm
    • KeyProtectorId
    • MountPoint
    • WhatIf| +|**Resume-BitLocker**|
    • Confirm
    • MountPoint
    • WhatIf| +|**Suspend-BitLocker**|
    • Confirm
    • MountPoint
    • RebootCount
    • WhatIf| +|**Unlock-BitLocker**|
    • AdAccountOrGroup
    • Confirm
    • MountPoint
    • Password
    • RecoveryKeyPath
    • RecoveryPassword
    • RecoveryPassword
    • WhatIf| Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index ac8caab616..8eb564b9c2 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -160,110 +160,23 @@ Unlike CSV2.0 volumes, physical disk resources can only be accessed by one clust The following table contains information about both Physical Disk Resources (that is, traditional failover cluster volumes) and Cluster Shared Volumes (CSV) and the actions that are allowed by BitLocker in each situation. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Action

      On owner node of failover volume

      On Metadata Server (MDS) of CSV

      On (Data Server) DS of CSV

      Maintenance Mode

      Manage-bde –on

      Blocked

      Blocked

      Blocked

      Allowed

      Manage-bde –off

      Blocked

      Blocked

      Blocked

      Allowed

      Manage-bde Pause/Resume

      Blocked

      Blocked

      Blocked

      Allowed

      Manage-bde –lock

      Blocked

      Blocked

      Blocked

      Allowed

      manage-bde –wipe

      Blocked

      Blocked

      Blocked

      Allowed

      Unlock

      Automatic via cluster service

      Automatic via cluster service

      Automatic via cluster service

      Allowed

      manage-bde –protector –add

      Allowed

      Allowed

      Blocked

      Allowed

      manage-bde -protector -delete

      Allowed

      Allowed

      Blocked

      Allowed

      manage-bde –autounlock

      Allowed (not recommended)

      Allowed (not recommended)

      Blocked

      Allowed (not recommended)

      Manage-bde -upgrade

      Allowed

      Allowed

      Blocked

      Allowed

      Shrink

      Allowed

      Allowed

      Blocked

      Allowed

      Extend

      Allowed

      Allowed

      Blocked

      Allowed

      - ->      Note:** Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node +|**Action**|**On owner node of failover volume**|**On Metadata Server (MDS) of CSV**|**On (Data Server) DS of CSV**|**Maintenance Mode**| +|--- |--- |--- |--- |--- | +|**Manage-bde –on**|Blocked|Blocked|Blocked|Allowed| +|**Manage-bde –off**|Blocked|Blocked|Blocked|Allowed| +|**Manage-bde Pause/Resume**|Blocked|Blocked**|Blocked|Allowed| +|**Manage-bde –lock**|Blocked|Blocked|Blocked|Allowed| +|**manage-bde –wipe**|Blocked|Blocked|Blocked|Allowed| +|**Unlock**|Automatic via cluster service|Automatic via cluster service|Automatic via cluster service|Allowed| +|**manage-bde –protector –add**|Allowed|Allowed|Blocked|Allowed| +|**manage-bde -protector -delete**|Allowed|Allowed|Blocked|Allowed| +|**manage-bde –autounlock**|Allowed (not recommended)|Allowed (not recommended)|Blocked|Allowed (not recommended)| +|**Manage-bde -upgrade**|Allowed|Allowed|Blocked|Allowed| +|**Shrink**|Allowed|Allowed|Blocked|Allowed| +|**Extend**|Allowed|Allowed|Blocked|Allowed| + +>[!NOTE] +> Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node In the case where a physical disk resource experiences a failover event during conversion, the new owning node will detect the conversion is not complete and will complete the conversion process. diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index f1bededfaf..a2dde84f60 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -42,104 +42,21 @@ We strongly suggest that the only unenlightened apps you add to your allowed app ## Unenlightened app behavior This table includes info about how unenlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      App rule settingNetworking policy configuration
       Name-based policies, without the /*AppCompat*/ stringName-based policies, using the /*AppCompat*/ string or proxy-based policies
      Not required. App connects to enterprise cloud resources directly, using an IP address. -
        -
      • App is entirely blocked from both personal and enterprise cloud resources.
        • -
      • No encryption is applied.
        • -
      • App can’t access local Work files.
        • -
      -       		-
        -
      • App can access both personal and enterprise cloud resources. However, you might encounter apps using policies that restrict access to enterprise cloud resources.
        • -
      • No encryption is applied.
        • -
      • App can’t access local Work files.
        • -
      -
      Not required. App connects to enterprise cloud resources, using a hostname. -
        -
      • App is blocked from accessing enterprise cloud resources, but can access other network resources.
        • -
      • No encryption is applied.
        • -
      • App can’t access local Work files.
        • -
      -
      Allow. App connects to enterprise cloud resources, using an IP address or a hostname. -
        -
      • App can access both personal and enterprise cloud resources.
        • -
      • Auto-encryption is applied.
        • -
      • App can access local Work files.
        • -
      -
      Exempt. App connects to enterprise cloud resources, using an IP address or a hostname. -
        -
      • App can access both personal and enterprise cloud resources.
        • -
      • No encryption is applied.
        • -
      • App can access local Work files.
        • -
      -
      +|App rule setting|Networking policy configuration| +|--- |--- | +|**Not required.** App connects to enterprise cloud resources directly, using an IP address.|

      **Name-based policies, without the /*AppCompat*/ string:**

    • App is entirely blocked from both personal and enterprise cloud resources.
    • No encryption is applied.
    • App can’t access local Work files.

      **Name-based policies, using the /*AppCompat*/ string or proxy-based policies:**

    • App can access both personal and enterprise cloud resources. However, you might encounter apps using policies that restrict access to enterprise cloud resources.
    • No encryption is applied.
    • App can’t access local Work files.| +|**Not required.** App connects to enterprise cloud resources, using a hostname.|
    • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • No encryption is applied.
    • App can’t access local Work files.| +|**Allow.** App connects to enterprise cloud resources, using an IP address or a hostname.|
    • App can access both personal and enterprise cloud resources.
    • Auto-encryption is applied.
    • App can access local Work files.| +|**Exempt.** App connects to enterprise cloud resources, using an IP address or a hostname.|
    • App can access both personal and enterprise cloud resources.
    • No encryption is applied.
    • App can access local Work files.| ## Enlightened app behavior This table includes info about how enlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. - - - - - - - - - - - - - - - - - -
      App rule settingNetworking policy configuration for name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
      Not required. App connects to enterprise cloud resources, using an IP address or a hostname. -
        -
      • App is blocked from accessing enterprise cloud resources, but can access other network resources.
        • -
      • No encryption is applied.
        • -
      • App can't access local Work files.
        • -
      -
      Allow. App connects to enterprise cloud resources, using an IP address or a hostname. -
        -
      • App can access both personal and enterprise cloud resources.
        • -
      • App protects work data and leaves personal data unprotected.
        • -
      • App can access local Work files.
        • -
      -
      Exempt. App connects to enterprise cloud resources, using an IP address or a hostname. -
        -
      • App can access both personal and enterprise cloud resources.
        • -
      • App protects work data and leaves personal data unprotected.
        • -
      • App can access local Work files.
        • -
      -
      +|App rule setting|Networking policy configuration for name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies| +|--- |--- | +|**Not required.** App connects to enterprise cloud resources, using an IP address or a hostname.|
    • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • No encryption is applied.
    • App can't access local Work files.| +|**Allow.** App connects to enterprise cloud resources, using an IP address or a hostname.|
    • App can access both personal and enterprise cloud resources.
    • App protects work data and leaves personal data unprotected.
    • App can access local Work files.| +|**Exempt.** App connects to enterprise cloud resources, using an IP address or a hostname.|
    • App can access both personal and enterprise cloud resources.
    • App protects work data and leaves personal data unprotected.
    • App can access local Work files.| >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index 32511b9cd5..43da21cd72 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -155,40 +155,15 @@ For this example, we're going to add Internet Explorer, a desktop app, to the ** 5. Pick the options you want to include for the app rule (see table), and then click **OK**. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      OptionManages
      All fields left as "*"All files signed by any publisher. (Not recommended.)
      Publisher selectedAll files signed by the named publisher.

      This might be useful if your company is the publisher and signer of internal line-of-business apps.

      Publisher and Product Name selectedAll files for the specified product, signed by the named publisher.
      Publisher, Product Name, and Binary name selectedAny version of the named file or package for the specified product, signed by the named publisher.
      Publisher, Product Name, Binary name, and File Version, and above, selectedSpecified version or newer releases of the named file or package for the specified product, signed by the named publisher.

      This option is recommended for enlightened apps that weren't previously enlightened.

      Publisher, Product Name, Binary name, and File Version, And below selectedSpecified version or older releases of the named file or package for the specified product, signed by the named publisher.
      Publisher, Product Name, Binary name, and File Version, Exactly selectedSpecified version of the named file or package for the specified product, signed by the named publisher.
      + |Option|Manages| + |--- |--- | + |All fields left as "*"|All files signed by any publisher. (Not recommended.)| + |**Publisher** selected|All files signed by the named publisher.This might be useful if your company is the publisher and signer of internal line-of-business apps.| + |**Publisher** and **Product Name** selected|All files for the specified product, signed by the named publisher.| + |**Publisher**, **Product Name**, and **Binary name** selected|Any version of the named file or package for the specified product, signed by the named publisher.| + |**Publisher**, **Product Name**, **Binary name**, and **File Version, and above**, selected|Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.This option is recommended for enlightened apps that weren't previously enlightened.| + |**Publisher**, **Product Name**, **Binary name**, and **File Version, And below** selected|Specified version or older releases of the named file or package for the specified product, signed by the named publisher.| + |**Publisher**, **Product Name**, **Binary name**, and **File Version, Exactly** selected|Specified version of the named file or package for the specified product, signed by the named publisher.| If you're unsure about what to include for the publisher, you can run this PowerShell command: @@ -374,47 +349,16 @@ There are no default locations included with WIP, you must add each of your netw ![Add or edit corporate network definition box, Add your enterprise network locations.](images/wip-configmgr-add-network-domain.png) - - - - - - - - - - - - - - - - - - - - - - - - -
      - - - - - - - - - - - - - - -
      Network location typeFormatDescription
      Enterprise Cloud ResourcesWith proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
      contoso.visualstudio.com,contoso.internalproxy2.com

      Without proxy: contoso.sharepoint.com|contoso.visualstudio.com

      		Specify the cloud resources to be treated as corporate and protected by WIP.

      For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

      If you have multiple resources, you must separate them using the "|" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

      Important
      In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

      Enterprise Network Domain Names (Required)corp.contoso.com,region.contoso.comSpecify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

      This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.

      If you have multiple resources, you must separate them using the "," delimiter.

      Proxy serversproxy.contoso.com:80;proxy2.contoso.com:443Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

      This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

      If you have multiple resources, you must separate them using the ";" delimiter.
      Internal proxy serverscontoso.internalproxy1.com;contoso.internalproxy2.comSpecify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

      This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

      If you have multiple resources, you must separate them using the ";" delimiter.
      Enterprise IPv4 Range (Required)Starting IPv4 Address: 3.4.0.1
      Ending IPv4 Address: 3.4.255.254
      Custom URI: 3.4.0.1-3.4.255.254,
      10.0.0.1-10.255.255.254      		Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

      If you have multiple ranges, you must separate them using the "," delimiter.

      Enterprise IPv6 RangeStarting IPv6 Address: 2a01:110::
      Ending IPv6 Address: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
      Custom URI: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
      fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff      		Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

      If you have multiple ranges, you must separate them using the "," delimiter.

      Neutral Resourcessts.contoso.com,sts.contoso2.comSpecify your authentication redirection endpoints for your company.

      These locations are considered enterprise or personal, based on the context of the connection before the redirection.

      If you have multiple resources, you must separate them using the "," delimiter.

      - + |Network location type|Format|Description| + |--- |--- |--- | + |Enterprise Cloud Resources|With proxy: contoso.sharepoint.com,contoso.internalproxy1.com,
      contoso.visualstudio.com,contoso.internalproxy2.com

      Without proxy: contoso.sharepoint.com,contoso.visualstudio.com|Specify the cloud resources to be treated as corporate and protected by WIP.

      For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

      If you have multiple resources, you must separate them using the "I" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "I". For example: URL <,proxy>|URL <,proxy>

      Important
      In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.| + |Enterprise Network Domain Names (Required)|corp.contoso.com,region.contoso.com|Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

      This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.

      If you have multiple resources, you must separate them using the "," delimiter.| + |Proxy servers|proxy.contoso.com:80;proxy2.contoso.com:443|Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

      This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

      If you have multiple resources, you must separate them using the ";" delimiter.| + |Internal proxy servers|contoso.internalproxy1.com;contoso.internalproxy2.com|Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

      This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

      If you have multiple resources, you must separate them using the ";" delimiter.| + |Enterprise IPv4 Range (Required)|Starting IPv4 Address: 3.4.0.1
      Ending IPv4 Address: 3.4.255.254
      Custom URI: 3.4.0.1-3.4.255.254,
      10.0.0.1-10.255.255.254|Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

      If you have multiple ranges, you must separate them using the "," delimiter.| + |Enterprise IPv6 Range|Starting IPv6 Address: 2a01:110::
      Ending IPv6 Address: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
      Custom URI: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
      fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff|Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

      If you have multiple ranges, you must separate them using the "," delimiter.| + |Neutral Resources|sts.contoso.com,sts.contoso2.com|Specify your authentication redirection endpoints for your company.

      These locations are considered enterprise or personal, based on the context of the connection before the redirection.

      If you have multiple resources, you must separate them using the "," delimiter.| + 3. Add as many locations as you need, and then click **OK**. The **Add or edit corporate network definition** box closes. diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 0442c3778a..370455c093 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -164,40 +164,15 @@ If you don't know the Store app publisher or product name, you can find them by To add **Desktop apps**, complete the following fields, based on what results you want returned. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      FieldManages
      All fields marked as “*”All files signed by any publisher. (Not recommended and may not work)
      Publisher onlyIf you only fill out this field, you’ll get all files signed by the named publisher.

      This might be useful if your company is the publisher and signer of internal line-of-business apps.
      Publisher and Name onlyIf you only fill out these fields, you’ll get all files for the specified product, signed by the named publisher.
      Publisher, Name, and File onlyIf you only fill out these fields, you’ll get any version of the named file or package for the specified product, signed by the named publisher.
      Publisher, Name, File, and Min version onlyIf you only fill out these fields, you’ll get the specified version or newer releases of the named file or package for the specified product, signed by the named publisher.

      This option is recommended for enlightened apps that weren't previously enlightened.
      Publisher, Name, File, and Max version onlyIf you only fill out these fields, you’ll get the specified version or older releases of the named file or package for the specified product, signed by the named publisher.
      All fields completedIf you fill out all fields, you’ll get the specified version of the named file or package for the specified product, signed by the named publisher.
      +|Field|Manages| +|--- |--- | +|All fields marked as “*”|All files signed by any publisher. (Not recommended and may not work)| +|Publisher only|If you only fill out this field, you’ll get all files signed by the named publisher.This might be useful if your company is the publisher and signer of internal line-of-business apps.| +|Publisher and Name only|If you only fill out these fields, you’ll get all files for the specified product, signed by the named publisher.| +|Publisher, Name, and File only|If you only fill out these fields, you’ll get any version of the named file or package for the specified product, signed by the named publisher.| +|Publisher, Name, File, and Min version only|If you only fill out these fields, you’ll get the specified version or newer releases of the named file or package for the specified product, signed by the named publisher.This option is recommended for enlightened apps that weren't previously enlightened.| +|Publisher, Name, File, and Max version only|If you only fill out these fields, you’ll get the specified version or older releases of the named file or package for the specified product, signed by the named publisher.| +|All fields completed|If you fill out all fields, you’ll get the specified version of the named file or package for the specified product, signed by the named publisher.| To add another Desktop app, click the ellipsis **…**. After you’ve entered the info into the fields, click **OK**. diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 929975aa97..15b0f9f1f8 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -24,138 +24,28 @@ ms.localizationpriority: medium This table provides info about the most common problems you might encounter while running WIP in your organization. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      LimitationHow it appearsWorkaround
      Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.

      If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.      		Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

      We strongly recommend educating employees about how to limit or eliminate the need for this decryption.
      Direct Access is incompatible with WIP.Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource.We recommend that you use VPN for client access to your intranet resources.

      Note
      VPN is optional and isn’t required by WIP.
      NetworkIsolation Group Policy setting takes precedence over MDM Policy settings.The NetworkIsolation Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.If you use both Group Policy and MDM to configure your NetworkIsolation settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.
      Cortana can potentially allow data leakage if it’s on the allowed apps list.If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.
      WIP is designed for use by a single user per device.A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process.We recommend only having one user per managed device.
      Installers copied from an enterprise network file share might not work properly.An app might fail to properly install because it can’t read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action.To fix this, you can: -
        -
      • Start the installer directly from the file share.

        -OR-

        • -
      • Decrypt the locally copied files needed by the installer.

        -OR-

        • -
      • Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as Authoritative and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.
        • -
      Changing your primary Corporate Identity isn’t supported.You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access.Turn off WIP for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying.
      Redirected folders with Client-Side Caching are not compatible with WIP.Apps might encounter access errors while attempting to read a cached, offline file.Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

      Note
      For more info about Work Folders and Offline Files, see the blog, Work Folders and Offline Files support for Windows Information Protection. If you're having trouble opening files offline while using Offline Files and WIP, see the support article, Can't open files offline when you use Offline Files and Windows Information Protection.
      An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.

      Data copied from the WIP-managed device is marked as Work.

      Data copied to the WIP-managed device is not marked as Work.

      Local Work data copied to the WIP-managed device remains Work data.

      Work data that is copied between two apps in the same session remains data.

      		Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default.
      You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.A message appears stating that the content is marked as Work and the user isn't given an option to override to Personal.Open File Explorer and change the file ownership to Personal before you upload.
      ActiveX controls should be used with caution.Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP.We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.

      For more info, see Out-of-date ActiveX control blocking.
      Resilient File System (ReFS) isn't currently supported with WIP.Trying to save or transfer WIP files to ReFS will fail.Format drive for NTFS, or use a different drive.
      WIP isn’t turned on if any of the following folders have the MakeFolderAvailableOfflineDisabled option set to False: -
        -
      • AppDataRoaming
        • -
      • Desktop
        • -
      • StartMenu
        • -
      • Documents
        • -
      • Pictures
        • -
      • Music
        • -
      • Videos
        • -
      • Favorites
        • -
      • Contacts
        • -
      • Downloads
        • -
      • Links
        • -
      • Searches
        • -
      • SavedGames
        • -
      -       		WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager.Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders. You can configure this parameter, as described here.

      If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection. -
      Only enlightened apps can be managed without device enrollment - If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.If all apps need to be managed, enroll the device for MDM. -
      By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.
      		Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner. - If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it. -
      OneNote notebooks on OneDrive for Business must be properly configured to work with WIP.OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it."OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps: -1. Close the notebook in OneNote. -2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop. -3. Copy the notebook folder and Paste it back into the OneDrive for Business folder. - -Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button.
      Microsoft Office Outlook offline data files (PST and OST files) are not marked as Work files, and are therefore not protected. - If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected. - It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually. -
      +|Limitation|How it appears|Workaround| +|--- |--- |--- | +|Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.|**If you’re using Azure RMS:** Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.**If you’re not using Azure RMS:** Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.|Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.We strongly recommend educating employees about how to limit or eliminate the need for this decryption.| +|Direct Access is incompatible with WIP.|Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource.|We recommend that you use VPN for client access to your intranet resources.

      **Note** VPN is optional and isn’t required by WIP.| +|**NetworkIsolation** Group Policy setting takes precedence over MDM Policy settings.|The **NetworkIsolation** Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.|If you use both Group Policy and MDM to configure your **NetworkIsolation** settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.| +|Cortana can potentially allow data leakage if it’s on the allowed apps list.|If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.|We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.| +|WIP is designed for use by a single user per device.|A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process.|We recommend only having one user per managed device.| +|Installers copied from an enterprise network file share might not work properly.|An app might fail to properly install because it can’t read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action.|To fix this, you can:

    • Start the installer directly from the file share.

      -OR-

    • Decrypt the locally copied files needed by the installer.

      -OR-

    • Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as **Authoritative** and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.| +|Changing your primary Corporate Identity isn’t supported.|You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access.|Turn off WIP for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying.| +|Redirected folders with Client-Side Caching are not compatible with WIP.|Apps might encounter access errors while attempting to read a cached, offline file.|Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

      **Note** For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/)". If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045).| +|An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.|Data copied from the WIP-managed device is marked as **Work**.Data copied to the WIP-managed device is not marked as **Work**.Local **Work** data copied to the WIP-managed device remains **Work** data.**Work** data that is copied between two apps in the same session remains ** data.|Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default.| +|You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.|A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**.|Open File Explorer and change the file ownership to **Personal** before you upload.| +|ActiveX controls should be used with caution.|Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP.|We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).| +|Resilient File System (ReFS) isn't currently supported with WIP.|Trying to save or transfer WIP files to ReFS will fail.|Format drive for NTFS, or use a different drive.| +|WIP isn’t turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**:

    • AppDataRoaming
    • Desktop
    • StartMenu
    • Documents
    • Pictures
    • Music
    • Videos
    • Favorites
    • Contacts
    • Downloads
    • Links
    • Searches
    • SavedGames|WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager.|Don’t set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders. You can configure this parameter, as described [here](/windows-server/storage/folder-redirection/disable-offline-files-on-folders)".If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection)".| +|Only enlightened apps can be managed without device enrollment|If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.|If all apps need to be managed, enroll the device for MDM.| +|By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.|Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.|If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.| +|OneNote notebooks on OneDrive for Business must be properly configured to work with WIP.|OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it.|"OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps:
      1. Close the notebook in OneNote.
      2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop.
      3. Copy the notebook folder and Paste it back into the OneDrive for Business folder.

      Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button.| +|Microsoft Office Outlook offline data files (PST and OST files) are not marked as **Work** files, and are therefore not protected.|If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected.|It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually.| > [!NOTE] > When corporate data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. - - - > [!NOTE] > Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index c2b7cb2188..0bc4cc6341 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -31,141 +31,20 @@ You can try any of the processes included in these scenarios, but you should foc >[!IMPORTANT] >If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted. - - - - - - - - - - - -
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      ScenarioProcesses
      Encrypt and decrypt files using File Explorer.For desktop:

      -
        -
      1. Open File Explorer, right-click a work document, and then click Work from the File Ownership menu.
        Make sure the file is encrypted by right-clicking the file again, clicking Advanced from the General tab, and then clicking Details from the Compress or Encrypt attributes area. The file should show up under the heading, This enterprise domain can remove or revoke access: <your_enterprise_identity>. For example, contoso.com.
        2. -
      2. In File Explorer, right-click the same document, and then click Personal from the File Ownership menu.
        Make sure the file is decrypted by right-clicking the file again, clicking Advanced from the General tab, and then verifying that the Details button is unavailable.
        3. -
      - For mobile:

      -
        -
      1. Open the File Explorer app, browse to a file location, click the elipsis (...), and then click Select to mark at least one file as work-related.
        2. -
      2. Click the elipsis (...) again, click File ownership from the drop down menu, and then click Work.
        Make sure the file is encrypted, by locating the Briefcase icon next to the file name.
        3. -
      3. Select the same file, click File ownership from the drop down menu, and then click Personal.
        Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
        4. -
      -
      Create work documents in enterprise-allowed apps.For desktop:

      - - For mobile:

      -
        -
      1. Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as Work to a local, work-related location.
        Make sure the document is encrypted, by locating the Briefcase icon next to the file name.
        2. -
      2. Open the same document and attempt to save it to a non-work-related location.
        WIP should stop you from saving the file to this location.
        3. -
      3. Open the same document one last time, make a change to the contents, and then save it again using the Personal option.
        Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
        4. -
      -
      Block enterprise data from non-enterprise apps. -
        -
      1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
        The app shouldn't be able to access the file.
        2. -
      2. Try double-clicking or tapping on the work-encrypted file.
        If your default app association is an app not on your allowed apps list, you should get an Access Denied error message.
        3. -
      -
      Copy and paste from enterprise apps to non-enterprise apps. -
        -
      1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
        You should see a WIP-related warning box, asking you to click either Change to personal or Keep at work.
        2. -
      2. Click Keep at work.
        The content isn't pasted into the non-enterprise app.
        3. -
      3. Repeat Step 1, but this time click Change to personal, and try to paste the content again.
        The content is pasted into the non-enterprise app.
        4. -
      4. Try copying and pasting content between apps on your allowed apps list.
        The content should copy and paste between apps without any warning messages.
        5. -
      -
      Drag and drop from enterprise apps to non-enterprise apps. -
        -
      1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
        You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
        2. -
      2. Click Keep at work.
        The content isn't dropped into the non-enterprise app.
        3. -
      3. Repeat Step 1, but this time click Change to personal, and try to drop the content again.
        The content is dropped into the non-enterprise app.
        4. -
      4. Try dragging and dropping content between apps on your allowed apps list.
        The content should move between the apps without any warning messages.
        5. -
      -
      Share between enterprise apps and non-enterprise apps. -
        -
      1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
        You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
        2. -
      2. Click Keep at work.
        The content isn't shared into Facebook.
        3. -
      3. Repeat Step 1, but this time click Change to personal, and try to share the content again.
        The content is shared into Facebook.
        4. -
      4. Try sharing content between apps on your allowed apps list.
        The content should share between the apps without any warning messages.
        5. -
      -
      Verify that Windows system components can use WIP. -
        -
      1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
        Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
        2. -
      2. Open File Explorer and make sure your modified files are appearing with a Lock icon.
        3. -
      3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

        Note
        Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.

        A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
        4. -
      -
      Use WIP on NTFS, FAT, and exFAT systems. -
        -
      1. Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list.
        2. -
      2. Create, edit, write, save, copy, and move files.
        Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.
        3. -
      -
      Verify your shared files can use WIP. -
        -
      1. Download a file from a protected file share, making sure the file is encrypted by locating the Briefcase icon next to the file name.
        2. -
      2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
        3. -
      3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
        The app shouldn't be able to access the file share.
        4. -
      -
      Verify your cloud resources can use WIP. -
        -
      1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
        2. -
      2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
        Both browsers should respect the enterprise and personal boundary.
        3. -
      3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
        IE11 shouldn't be able to access the sites.

        Note
        Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
        4. -
      -
      Verify your Virtual Private Network (VPN) can be auto-triggered. -
        -
      1. Set up your VPN network to start based on the WIPModeID setting.
        For specific info about how to do this, see the Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune topic.
        2. -
      2. Start an app from your allowed apps list.
        The VPN network should automatically start.
        3. -
      3. Disconnect from your network and then start an app that isn't on your allowed apps list.
        The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
        4. -
      -
      Unenroll client devices from WIP. -
        -
      • Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
        The device should be removed and all of the enterprise content for that managed account should be gone.

        Important
        On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
        • -
      -
      +|Scenario|Processes| +|--- |--- | +|Encrypt and decrypt files using File Explorer.|**For desktop:**

      1. Open File Explorer, right-click a work document, and then click **Work** from the **File Ownership** menu.
        Make sure the file is encrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then clicking **Details** from the **Compress or Encrypt attributes** area. The file should show up under the heading, **This enterprise domain can remove or revoke access:** <your_enterprise_identity>. For example, contoso.com.
      2. In File Explorer, right-click the same document, and then click **Personal** from the **File Ownership** menu.
        Make sure the file is decrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then verifying that the **Details** button is unavailable.
      **For mobile:**

      1. Open the File Explorer app, browse to a file location, click the elipsis (...), and then click **Select** to mark at least one file as work-related.
      2. Click the elipsis (...) again, click **File ownership** from the drop down menu, and then click **Work**.
        Make sure the file is encrypted, by locating the **Briefcase** icon next to the file name.
      3. Select the same file, click **File ownership** from the drop down menu, and then click **Personal**.
        Make sure the file is decrypted and that you're no longer seeing the **Briefcase** icon next to file name.
      | +|Create work documents in enterprise-allowed apps.|**For desktop:**

      • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
        Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

        **Important**
        Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

        For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md), based on your deployment system.
      **For mobile:**

      1. Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as **Work** to a local, work-related location.
        Make sure the document is encrypted, by locating the **Briefcase** icon next to the file name.
      2. Open the same document and attempt to save it to a non-work-related location.
        WIP should stop you from saving the file to this location.
      3. Open the same document one last time, make a change to the contents, and then save it again using the **Personal** option.
        Make sure the file is decrypted and that you're no longer seeing the **Briefcase** icon next to file name.
      | +|Block enterprise data from non-enterprise apps.|
      1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
        The app shouldn't be able to access the file.
      2. Try double-clicking or tapping on the work-encrypted file.
        If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message.
      | +|Copy and paste from enterprise apps to non-enterprise apps.|
      1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
        You should see a WIP-related warning box, asking you to click either **Change to personal** or **Keep at work**.
      2. Click **Keep at work**.
        The content isn't pasted into the non-enterprise app.
      3. Repeat Step 1, but this time click **Change to personal**, and try to paste the content again.
        The content is pasted into the non-enterprise app.
      4. Try copying and pasting content between apps on your allowed apps list.
        The content should copy and paste between apps without any warning messages.
      | +|Drag and drop from enterprise apps to non-enterprise apps.|
      1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
        You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**.
      2. Click **Keep at work**.
        The content isn't dropped into the non-enterprise app.
      3. Repeat Step 1, but this time click **Change to personal**, and try to drop the content again.
        The content is dropped into the non-enterprise app.
      4. Try dragging and dropping content between apps on your allowed apps list.
        The content should move between the apps without any warning messages.
      | +|Share between enterprise apps and non-enterprise apps.|
      1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
        You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**.
      2. Click **Keep at work**.
        The content isn't shared into Facebook.
      3. Repeat Step 1, but this time click **Change to personal**, and try to share the content again.
        The content is shared into Facebook.
      4. Try sharing content between apps on your allowed apps list.
        The content should share between the apps without any warning messages.
      | +|Verify that Windows system components can use WIP.|
      1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
        Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
      2. Open File Explorer and make sure your modified files are appearing with a **Lock** icon.
      3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

        **Note**
        Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.

        A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
      | +|Use WIP on NTFS, FAT, and exFAT systems.|
      1. Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list.
      2. Create, edit, write, save, copy, and move files.
        Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.
      | +|Verify your shared files can use WIP.|
      1. Download a file from a protected file share, making sure the file is encrypted by locating the **Briefcase** icon next to the file name.
      2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
      3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
        The app shouldn't be able to access the file share.
      | +|Verify your cloud resources can use WIP.|
      1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
      2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
        Both browsers should respect the enterprise and personal boundary.
      3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
        IE11 shouldn't be able to access the sites.

        **Note**
        Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as **Work**.
      | +|Verify your Virtual Private Network (VPN) can be auto-triggered.|
      1. Set up your VPN network to start based on the **WIPModeID** setting.
        For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md) topic.
      2. Start an app from your allowed apps list.
        The VPN network should automatically start.
      3. Disconnect from your network and then start an app that isn't on your allowed apps list.
        The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
      | +|Unenroll client devices from WIP.|
      • Unenroll a device from WIP by going to **Settings**, click **Accounts**, click **Work**, click the name of the device you want to unenroll, and then click **Remove**.
        The device should be removed and all of the enterprise content for that managed account should be gone.

        **Important**
        On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as **Revoked** and that access is denied for the employee. On mobile devices, the data is removed.| >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index fdd4c1c7d4..d75785dec2 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -308,58 +308,13 @@ The following table lists EMET features in relation to Windows 10 features. ### Table 5   EMET features in relation to Windows 10 features - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Specific EMET featuresHow these EMET features map
        -to Windows 10 features
          -

        • DEP

          • -

        • SEHOP

          • -

        • ASLR (Force ASLR, Bottom-up ASLR)

          • -

        DEP, SEHOP, and ASLR are included in Windows 10 as configurable features. See Table 2, earlier in this topic.

        -

        You can install the ProcessMitigations PowerShell module to convert your EMET settings for these features into policies that you can apply to Windows 10.

          -

        • Load Library Check (LoadLib)

          • -

        • Memory Protection Check (MemProt)

          • -
        		LoadLib and MemProt are supported in Windows 10, for all applications that are written to use these functions. See Table 4, earlier in this topic.
          -

        • Null Page

          • -
        		Mitigations for this threat are built into Windows 10, as described in the "Memory reservations" item in Kernel pool protections, earlier in this topic.
          -

        • Heap Spray

          • -

        • EAF

          • -

        • EAF+

          • -
        		Windows 10 does not include mitigations that map specifically to these EMET features because they have low impact in the current threat landscape, and do not significantly increase the difficulty of exploiting vulnerabilities. Microsoft remains committed to monitoring the security environment as new exploits appear and taking steps to harden the operating system against them.
          -

        • Caller Check

          • -

        • Simulate Execution Flow

          • -

        • Stack Pivot

          • -

        • Deep Hooks (an ROP "Advanced Mitigation")

          • -

        • Anti Detours (an ROP "Advanced Mitigation")

          • -

        • Banned Functions (an ROP "Advanced Mitigation")

          • -
        		Mitigated in Windows 10 with applications compiled with Control Flow Guard, as described in Control Flow Guard, earlier in this topic.
        +|Specific EMET features|How these EMET features map to Windows 10 features| +|--- |--- | +|
      • DEP
      • SEHOP
      • ASLR (Force ASLR, Bottom-up ASLR)|DEP, SEHOP, and ASLR are included in Windows 10 as configurable features. See [Table 2](#table-2), earlier in this topic.You can install the ProcessMitigations PowerShell module to convert your EMET settings for these features into policies that you can apply to Windows 10.| +|
      • Load Library Check (LoadLib)
      • Memory Protection Check (MemProt)|LoadLib and MemProt are supported in Windows 10, for all applications that are written to use these functions. See [Table 4](#functions-that-software-vendors-can-use-to-build-mitigations-into-apps), earlier in this topic.| +|Null Page|Mitigations for this threat are built into Windows 10, as described in the "Memory reservations" item in [Kernel pool protections](#kernel-pool-protections), earlier in this topic.| +|
      • Heap Spray
      • EAF
      • EAF+|Windows 10 does not include mitigations that map specifically to these EMET features because they have low impact in the current threat landscape, and do not significantly increase the difficulty of exploiting vulnerabilities. Microsoft remains committed to monitoring the security environment as new exploits appear and taking steps to harden the operating system against them.| +|
      • Caller Check
      • Simulate Execution Flow
      • Stack Pivot
      • Deep Hooks (an ROP "Advanced Mitigation")
      • Anti Detours (an ROP "Advanced Mitigation")
      • Banned Functions (an ROP "Advanced Mitigation")|Mitigated in Windows 10 with applications compiled with Control Flow Guard, as described in [Control Flow Guard](#control-flow-guard), earlier in this topic.| ### Converting an EMET XML settings file into Windows 10 mitigation policies diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 7794832d3e..da336ab0f6 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -336,49 +336,13 @@ For more information on device health attestation, see the [Detect an unhealthy The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview). - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        HardwareMotivation

        UEFI 2.3.1 or later firmware with Secure Boot enabled

        Required to support UEFI Secure Boot.

        -

        UEFI Secure Boot ensures that the device boots only authorized code.

        -

        Additionally, Boot Integrity (Platform Secure Boot) must be supported following the requirements in Hardware Compatibility Specification for Systems for Windows 10 under the subsection: “System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby”

        Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled

        Required to support virtualization-based security.

        -
        -Note

        Device Guard can be enabled without using virtualization-based security.

        -
        -
        - -

        X64 processor

        Required to support virtualization-based security that uses Windows Hypervisor. Hyper-V is supported only on x64 processor (and not on x86).

        -

        Direct Memory Access (DMA) protection can be enabled to provide additional memory protection but requires processors to include DMA protection technologies.

        IOMMU, such as Intel VT-d, AMD-Vi

        Support for the IOMMU in Windows 10 enhances system resiliency against DMA attacks.

        Trusted Platform Module (TPM)

        Required to support health attestation and necessary for additional key protections for virtualization-based security. TPM 2.0 is supported. Support for TPM 1.2 was added beginning in Windows 10, version 1607 (RS1)

        +|Hardware|Motivation| +|--- |--- | +|UEFI 2.3.1 or later firmware with Secure Boot enabled|Required to support UEFI Secure Boot.

        UEFI Secure Boot ensures that the device boots only authorized code.

        Additionally, Boot Integrity (Platform Secure Boot) must be supported following the requirements in Hardware Compatibility Specification for Systems for Windows 10 under the subsection: “System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby”| +|Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled|Required to support virtualization-based security.

        **Note:** Device Guard can be enabled without using virtualization-based security.
        | +|X64 processor|Required to support virtualization-based security that uses Windows Hypervisor. Hyper-V is supported only on x64 processor (and not on x86).

        Direct Memory Access (DMA) protection can be enabled to provide additional memory protection but requires processors to include DMA protection technologies.| +|IOMMU, such as Intel VT-d, AMD-Vi|Support for the IOMMU in Windows 10 enhances system resiliency against DMA attacks.| +|Trusted Platform Module (TPM)|Required to support health attestation and necessary for additional key protections for virtualization-based security. TPM 2.0 is supported. Support for TPM 1.2 was added beginning in Windows 10, version 1607 (RS1)| This section presented information about several closely related controls in Windows 10. The multi-layer defenses and in-depth approach helps to eradicate low-level malware during boot sequence. Virtualization-based security is a fundamental operating system architecture change that adds a new security boundary. Device Guard and Credential Guard respectively help to block untrusted code and protect corporate domain credentials from theft and reuse. This section also briefly discussed the importance of managing devices and patching vulnerabilities. All these technologies can be used to harden and lock down devices while limiting the risk of attackers compromising them. @@ -591,36 +555,9 @@ For completeness of the measurements, see [Health Attestation CSP](/windows/clie The following table presents some key items that can be reported back to MDM depending on the type of Windows 10-based device. - ---- - - - - - - - - - - - - - -
        OS typeKey items that can be reported

        Windows 10 for desktop editions

          -

        • PCR0 measurement

          • -

        • Secure Boot Enabled

          • -

        • Secure Boot db matches Expected

          • -

        • Secure Boot dbx is up to date

          • -

        • Secure Boot policy GUID matches Expected

          • -

        • BitLocker enabled

          • -

        • Virtualization-based security enabled

          • -

        • ELAM was loaded

          • -

        • Code Integrity version is up to date

          • -

        • Code Integrity policy hash matches Expected

          • -
        +|OS type|Key items that can be reported| +|--- |--- | +|Windows 10 for desktop editions|

      • PCR0 measurement
      • Secure Boot Enabled
      • Secure Boot db matches Expected
      • Secure Boot dbx is up to date
      • Secure Boot policy GUID matches Expected
      • BitLocker enabled
      • Virtualization-based security enabled
      • ELAM was loaded
      • Code Integrity version is up to date
      • Code Integrity policy hash matches Expected| ### Leverage MDM and the Health Attestation Service From eaf7c0b71e578f1818b01788ebab144bc09e3892 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 2 Dec 2021 17:46:37 +0530 Subject: [PATCH 092/335] Fixing suggestions --- .../identity-protection/access-control/local-accounts.md | 6 +++--- .../create-wip-policy-using-configmgr.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index b2a5460671..b95ead31fa 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -141,11 +141,11 @@ For details about the HelpAssistant account attributes, see the following table. |Attribute|Value| |--- |--- | -|Well-Known SID/RID|S-1-5--13 (Terminal Server User), S-1-5--14 (Remote Interactive Logon)| +|Well-Known SID/RID|S-1-5-<domain>-13 (Terminal Server User), S-1-5-<domain>-14 (Remote Interactive Logon)| |Type|User| -|Default container|CN=Users, DC=, DC=| +|Default container|CN=Users, DC=<domain>, DC=| |Default members|None| -|Default member of|Domain Guests

        Guests| +|Default member of|Domain Guests<p>Guests| |Protected by ADMINSDHOLDER?|No| |Safe to move out of default container?|Can be moved out, but we do not recommend it.| |Safe to delegate management of this group to non-Service admins?|No| diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index 43da21cd72..0022b16eb4 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -351,7 +351,7 @@ There are no default locations included with WIP, you must add each of your netw |Network location type|Format|Description| |--- |--- |--- | - |Enterprise Cloud Resources|With proxy: contoso.sharepoint.com,contoso.internalproxy1.com,
        contoso.visualstudio.com,contoso.internalproxy2.com

        Without proxy: contoso.sharepoint.com,contoso.visualstudio.com|Specify the cloud resources to be treated as corporate and protected by WIP.

        For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

        If you have multiple resources, you must separate them using the "I" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "I". For example: URL <,proxy>|URL <,proxy>

        Important
        In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.| + |Enterprise Cloud Resources|With proxy: contoso.sharepoint.com,contoso.internalproxy1.com,
        contoso.visualstudio.com,contoso.internalproxy2.com

        Without proxy: contoso.sharepoint.com,contoso.visualstudio.com|Specify the cloud resources to be treated as corporate and protected by WIP.

        For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

        If you have multiple resources, you must separate them using the "I" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "I". For example: URL <,proxy>, URL <,proxy>

        Important
        In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>,URL <,proxy>,/*AppCompat*/.| |Enterprise Network Domain Names (Required)|corp.contoso.com,region.contoso.com|Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

        This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.

        If you have multiple resources, you must separate them using the "," delimiter.| |Proxy servers|proxy.contoso.com:80;proxy2.contoso.com:443|Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

        This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

        If you have multiple resources, you must separate them using the ";" delimiter.| |Internal proxy servers|contoso.internalproxy1.com;contoso.internalproxy2.com|Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

        This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

        If you have multiple resources, you must separate them using the ";" delimiter.| From 4e85d8e867bb81efba39131e547e0167c325bd45 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 2 Dec 2021 18:11:37 +0530 Subject: [PATCH 093/335] added windows 10 latest links --- windows/client-management/troubleshoot-stop-errors.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 13ad63c974..e5443eceaa 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -49,6 +49,9 @@ To troubleshoot Stop error messages, follow these general steps: 1. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: + - [Windows 10, version 21H2](https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb) + - [Windows 10, version 21H1](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11) + - [Windows 10, version 20H2](https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3) - [Windows 10, version 2004](https://support.microsoft.com/help/4555932) - [Windows 10, version 1909](https://support.microsoft.com/help/4529964) - [Windows 10, version 1903](https://support.microsoft.com/help/4498140) From 6cdb6455eb09b8e107afbf7013487ec30fa3e85e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 2 Dec 2021 18:55:53 +0530 Subject: [PATCH 094/335] Html to md table conversion- batch 27 --- ...defender-smartscreen-available-settings.md | 213 +++--------------- ...iately-if-unable-to-log-security-audits.md | 15 +- .../windows-10-mobile-security-guide.md | 66 ++---- .../create-a-rule-for-packaged-apps.md | 83 ++----- ...ine-your-application-control-objectives.md | 150 ++---------- ...tructure-and-applocker-rule-enforcement.md | 100 +------- .../document-your-application-list.md | 76 +------ .../document-your-applocker-rules.md | 87 +------ .../plan-for-applocker-policy-management.md | 192 ++-------------- ...ements-for-deploying-applocker-policies.md | 185 ++------------- ...stand-applocker-policy-design-decisions.md | 54 +---- ...ng-the-path-rule-condition-in-applocker.md | 27 +-- ...e-publisher-rule-condition-in-applocker.md | 29 +-- ...restriction-policies-in-the-same-domain.md | 153 ++----------- .../applocker/what-is-applocker.md | 156 ++----------- 15 files changed, 203 insertions(+), 1383 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 14c78b9fa8..db2db95ffd 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -26,193 +26,54 @@ See [Windows 10 (and Windows 11) settings to protect devices using Intune](/intu ## Group Policy settings SmartScreen uses registry-based Administrative Template policy settings. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        SettingSupported onDescription
        Windows 10, version 2004:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

        -

        		Windows 10, version 1703:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

        Windows 10, Version 1607 and earlier:
        Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen

        -At least Windows Server 2012, Windows 8 or Windows RT

        		This policy setting turns on Microsoft Defender SmartScreen.

        If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

        If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

        If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.

        Windows 10, version 2004:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control        		Windows 10, version 1703:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control        		This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

        This setting does not protect against malicious content from USB devices, network shares, or other non-internet sources.

        Important: Using a trustworthy browser helps ensure that these protections work as expected.

        Windows 10, version 2004:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

        Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

        Windows 10, version 1703:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

        Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

        Windows 10, Version 1607 and earlier:
        Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen

        		Microsoft Edge on Windows 10 or Windows 11This policy setting turns on Microsoft Defender SmartScreen.

        If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.

        If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

        If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.

        Windows 10, version 2004:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

        Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

        Windows 10, version 1703:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

        Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

        Windows 10, Version 1511 and 1607:
        Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files

        		Microsoft Edge on Windows 10, version 1511 or laterThis policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.

        If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

        If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.

        Windows 10, version 2004:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

        Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

        Windows 10, version 1703:
        Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

        Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

        Windows 10, Version 1511 and 1607:
        Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites

        		Microsoft Edge on Windows 10, version 1511 or laterThis policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.

        If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

        If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.

        Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen FilterInternet Explorer 9 or laterThis policy setting prevents the employee from managing Microsoft Defender SmartScreen.

        If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.

        If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.

        Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warningsInternet Explorer 8 or laterThis policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.

        If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

        If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.

        Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the InternetInternet Explorer 9 or laterThis policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.

        If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

        If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.

        + +Setting|Supported on|Description| +|--- |--- |--- | +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

        **Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen

        **At least Windows Server 2012, Windows 8 or Windows RT**|This policy setting turns on Microsoft Defender SmartScreen.

        If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

        If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet. This setting does not protect against malicious content from USB devices, network shares, or other non-internet sources.

        **Important:** Using a trustworthy browser helps ensure that these protections work as expected.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

        **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

        **Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen|Microsoft Edge on Windows 10 or Windows 11|This policy setting turns on Microsoft Defender SmartScreen.

        If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.

        If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

        **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

        **Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.

        If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

        If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

        **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

        **Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.

        If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

        If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.| +|Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter|Internet Explorer 9 or later|This policy setting prevents the employee from managing Microsoft Defender SmartScreen.If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.

        If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.| +|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings|Internet Explorer 8 or later|This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.

        If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

        If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.| +|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet|Internet Explorer 9 or later|This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.

        If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

        If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.| + ## MDM settings If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support desktop computers running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune.

        For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](/windows/client-management/mdm/policy-csp-browser). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        SettingSupported versionsDetails
        AllowSmartScreenWindows 10 -
          -
        • URI full path. ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
          • -
        • Data type. Integer
          • -
        • Allowed values:
            -
          • 0 . Turns off Microsoft Defender SmartScreen in Edge.
            • -
          • 1. Turns on Microsoft Defender SmartScreen in Edge.
        -
        EnableAppInstallControlWindows 10, version 1703 -
          -
        • URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl
          • -
        • Data type. Integer
          • -
        • Allowed values:
            -
          • 0 . Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
            • -
          • 1. Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.
        -
        EnableSmartScreenInShellWindows 10, version 1703 -
          -
        • URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
          • -
        • Data type. Integer
          • -
        • Allowed values:
            -
          • 0 . Turns off Microsoft Defender SmartScreen in Windows for app and file execution.
            • -
          • 1. Turns on Microsoft Defender SmartScreen in Windows for app and file execution.
        -
        PreventOverrideForFilesInShellWindows 10, version 1703 -
          -
        • URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
          • -
        • Data type. Integer
          • -
        • Allowed values:
            -
          • 0 . Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.
            • -
          • 1. Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.
        -
        PreventSmartScreenPromptOverrideWindows 10, Version 1511 and Windows 11 -
          -
        • URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
          • -
        • Data type. Integer
          • -
        • Allowed values:
            -
          • 0 . Employees can ignore Microsoft Defender SmartScreen warnings.
            • -
          • 1. Employees can't ignore Microsoft Defender SmartScreen warnings.
        -
        PreventSmartScreenPromptOverrideForFilesWindows 10, Version 1511 and Windows 11 -
          -
        • URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
          • -
        • Data type. Integer
          • -
        • Allowed values:
            -
          • 0 . Employees can ignore Microsoft Defender SmartScreen warnings for files.
            • -
          • 1. Employees can't ignore Microsoft Defender SmartScreen warnings for files.
        -
        + +|Setting|Supported versions|Details| +|--- |--- |--- | +|AllowSmartScreen|Windows 10|

      • **URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
      • **Data type.** Integer**Allowed values:**
        • **0 .** Turns off Microsoft Defender SmartScreen in Edge.
        • **1.** Turns on Microsoft Defender SmartScreen in Edge.| +|EnableAppInstallControl|Windows 10, version 1703|
        • **URI full path.** ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl
        • **Data type.** Integer**Allowed values:**
          • **0 .** Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
          • **1.** Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.| +|EnableSmartScreenInShell|Windows 10, version 1703|
          • **URI full path.** ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
          • **Data type.** Integer**Allowed values:**
            • **0 .** Turns off Microsoft Defender SmartScreen in Windows for app and file execution.
            • **1.** Turns on Microsoft Defender SmartScreen in Windows for app and file execution.| +|PreventOverrideForFilesInShell|Windows 10, version 1703|
            • **URI full path.** ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
            • **Data type.** Integer**Allowed values:**
              • **0 .** Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.
              • **1.** Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.| +|PreventSmartScreenPromptOverride|Windows 10, Version 1511 and Windows 11|
              • **URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
              • **Data type.** Integer**Allowed values:**
                • **0 .** Employees can ignore Microsoft Defender SmartScreen warnings.
                • **1.** Employees can't ignore Microsoft Defender SmartScreen warnings.| +|PreventSmartScreenPromptOverrideForFiles|Windows 10, Version 1511 and Windows 11|
                • **URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
                • **Data type.** Integer**Allowed values:**
                  • **0 .** Employees can ignore Microsoft Defender SmartScreen warnings for files.
                  • **1.** Employees can't ignore Microsoft Defender SmartScreen warnings for files.| ## Recommended Group Policy and MDM settings for your organization By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this feature can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning. To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings. - - - - - - - - - - - - - - - - - - - - - -
                    Group Policy settingRecommendation
                    Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

                    Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

                    		Enable. Turns on Microsoft Defender SmartScreen.
                    Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

                    Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

                    		Enable. Stops employees from ignoring warning messages and continuing to a potentially malicious website.
                    Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

                    Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

                    		Enable. Stops employees from ignoring warning messages and continuing to download potentially malicious files.
                    Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreenEnable with the Warn and prevent bypass option. Stops employees from ignoring warning messages about malicious files downloaded from the Internet.
                    -

                    - - - - - - - - - - - - - - - - - - - - - - - - - -
                    MDM settingRecommendation
                    Browser/AllowSmartScreen1. Turns on Microsoft Defender SmartScreen.
                    Browser/PreventSmartScreenPromptOverride1. Stops employees from ignoring warning messages and continuing to a potentially malicious website.
                    Browser/PreventSmartScreenPromptOverrideForFiles1. Stops employees from ignoring warning messages and continuing to download potentially malicious files.
                    SmartScreen/EnableSmartScreenInShell1. Turns on Microsoft Defender SmartScreen in Windows.

                    Requires at least Windows 10, version 1703.

                    SmartScreen/PreventOverrideForFilesInShell1. Stops employees from ignoring warning messages about malicious files downloaded from the Internet.

                    Requires at least Windows 10, version 1703.

                    + +|Group Policy setting|Recommendation| +|--- |--- | +|Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

                    dministrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)|**Enable.** Turns on Microsoft Defender SmartScreen.| +|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

                    dministrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)|**Enable.** Stops employees from ignoring warning messages and continuing to a potentially malicious website.| +|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

                    dministrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)|**Enable.** Stops employees from ignoring warning messages and continuing to download potentially malicious files.| +|Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen|**Enable with the Warn and prevent bypass option.** Stops employees from ignoring warning messages about malicious files downloaded from the Internet.| + +|MDM setting|Recommendation| +|--- |--- | +|Browser/AllowSmartScreen|**1.** Turns on Microsoft Defender SmartScreen.| +|Browser/PreventSmartScreenPromptOverride|**1.** Stops employees from ignoring warning messages and continuing to a potentially malicious website.| +|Browser/PreventSmartScreenPromptOverrideForFiles|**1.** Stops employees from ignoring warning messages and continuing to download potentially malicious files.| +|SmartScreen/EnableSmartScreenInShell|**1.** Turns on Microsoft Defender SmartScreen in Windows.

                    Requires at least Windows 10, version 1703.| +|SmartScreen/PreventOverrideForFilesInShell|**1.** Stops employees from ignoring warning messages about malicious files downloaded from the Internet.

                    Requires at least Windows 10, version 1703.| ## Related topics + - [Threat protection](../index.md) - [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md) diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md index dc462f0224..7cc7a09a81 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md @@ -30,18 +30,9 @@ Describes the best practices, location, values, management practices, and securi The **Audit: Shut down system immediately if unable to log security audits** policy setting determines whether the system shuts down if it is unable to log security events. This policy setting is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Common Criteria certification to prevent auditable events from occurring if the audit system is unable to log those events. Microsoft has chosen to meet this requirement by halting the system and displaying a Stop message in the case of a failure of the auditing system. Enabling this policy setting stops the system if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full and the value of **Retention method for security log** is **Do not overwrite events (clear log manually)** or **Overwrite events by days**. With **Audit: Shut down system immediately if unable to log security audits** set to **Enabled**, if the security log is full and an existing entry cannot be overwritten, the following Stop message appears: - --- - - - - - -

                    STOP: C0000244 {Audit Failed}

                    -

                    An attempt to generate a security audit failed.

                    - + +**STOP: C0000244 {Audit Failed}**: An attempt to generate a security audit failed. + To recover, you must log on, archive the log (optional), clear the log, and reset this option as desired. If the computer is unable to record events to the security log, critical evidence or important troubleshooting information might not be available for review after a security incident. diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 264a762b9c..8f680ea6ff 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -156,59 +156,21 @@ Windows 10 Mobile supports both [FIPS 140 standards](http://csrc.nist.gov/groups The best way to fight malware is prevention. Windows 10 Mobile provides strong malware resistance through secured hardware, startup process defenses, core operating system architecture, and application-level protections. The table below outlines how Windows 10 Mobile mitigates specific malware threats. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    ThreatWindows 10 Mobile mitigation

                    Firmware bootkits replace the firmware with malware.

                    All certified devices include Unified Extensible Firmware (UEFI) with Secure Boot, which requires signed firmware for updates to UEFI and Option ROMs.

                    Bootkits start malware before Windows starts.

                    UEFI with Secure Boot verifies Windows bootloader integrity to help ensure that no malicious operating system can start before Windows.

                    System or driver rootkits (typically malicious software that hides from the operating system) start kernel- level malware while Windows is starting, before antimalware solutions can start.

                    Windows Trusted Boot verifies Windows boot components, including Microsoft drivers. Measured Boot runs in parallel with Trusted Boot and can provide information to a remote server that verifies the boot state of the device to help ensure that Trusted Boot and other boot components successfully checked the system.

                    An app infects other apps or the operating system with malware.

                    All Windows 10 Mobile apps run inside an AppContainer that isolates them from all other processes and sensitive operating system components. Apps cannot access any resources outside their AppContainer.

                    An unauthorized app or malware attempts to start on the device.

                    All Windows 10 Mobile apps must come from Microsoft Store or Microsoft Store for Business. Device Guard enforces administrative policies to select exactly which apps are allowed to run.

                    User-level malware exploits a vulnerability in the system or an application and owns the device.

                    Improvements to address space layout randomization (ASLR), Data Execution Prevention (DEP), the heap architecture, and memory-management algorithms reduce the likelihood that vulnerabilities can enable successful exploits.

                    -

                    Protected Processes isolates non-trusted processes from each other and from sensitive operating system components.

                    Users access a dangerous website without knowledge of the risk.

                    The Windows Defender SmartScreen URL Reputation feature prevents users from going to a malicious website that may try to exploit the browser and take control of the device.

                    Malware exploits a vulnerability in a browser add-on.

                    Microsoft Edge is an app built on the Universal Windows Platform (UWP) that does not run legacy binary extensions, including Microsoft ActiveX and browser helper objects frequently used for toolbars, which eliminates these risks.

                    A website that includes malicious code exploits a vulnerability in the web browser to run malware on the client device.

                    Microsoft Edge includes Enhanced Protected Mode, which uses AppContainer-based sandboxing to help protect the system against vulnerabilities that at attacker may discover in the extensions running in the browser (for example, Adobe Flash, Java) or the browser itself.

                    +|Threat|Windows 10 Mobile mitigation| +|--- |--- | +|Firmware bootkits replace the firmware with malware.|All certified devices include Unified Extensible Firmware (UEFI) with Secure Boot, which requires signed firmware for updates to UEFI and Option ROMs.| +|Bootkits start malware before Windows starts.|UEFI with Secure Boot verifies Windows bootloader integrity to help ensure that no malicious operating system can start before Windows.| +|System or driver rootkits (typically malicious software that hides from the operating system) start kernel- level malware while Windows is starting, before antimalware solutions can start.|Windows Trusted Boot verifies Windows boot components, including Microsoft drivers. Measured Boot runs in parallel with Trusted Boot and can provide information to a remote server that verifies the boot state of the device to help ensure that Trusted Boot and other boot components successfully checked the system.| +|An app infects other apps or the operating system with malware.|All Windows 10 Mobile apps run inside an AppContainer that isolates them from all other processes and sensitive operating system components. Apps cannot access any resources outside their AppContainer.| +|An unauthorized app or malware attempts to start on the device.|All Windows 10 Mobile apps must come from Microsoft Store or Microsoft Store for Business. Device Guard enforces administrative policies to select exactly which apps are allowed to run.| +|User-level malware exploits a vulnerability in the system or an application and owns the device.|Improvements to address space layout randomization (ASLR), Data Execution Prevention (DEP), the heap architecture, and memory-management algorithms reduce the likelihood that vulnerabilities can enable successful exploits.

                    Protected Processes isolates non-trusted processes from each other and from sensitive operating system components.| +|Users access a dangerous website without knowledge of the risk.|The Windows Defender SmartScreen URL Reputation feature prevents users from going to a malicious website that may try to exploit the browser and take control of the device.| +|Malware exploits a vulnerability in a browser add-on.|Microsoft Edge is an app built on the Universal Windows Platform (UWP) that does not run legacy binary extensions, including Microsoft ActiveX and browser helper objects frequently used for toolbars, which eliminates these risks.| +|A website that includes malicious code exploits a vulnerability in the web browser to run malware on the client device.|Microsoft Edge includes Enhanced Protected Mode, which uses AppContainer-based sandboxing to help protect the system against vulnerabilities that at attacker may discover in the extensions running in the browser (for example, Adobe Flash, Java) or the browser itself.| ->**Note:** The Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [www.uefi.org/specs]( http://www.uefi.org/specs). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed. + +>[!NOTE] +> The Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [www.uefi.org/specs]( http://www.uefi.org/specs). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed. ### UEFI with Secure Boot diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index f983e81eba..9c9dc7f558 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -50,76 +50,21 @@ You can perform this task by using the Group Policy Management Console for an Ap 3. On the **Before You Begin** page, select **Next**. 4. On the **Permissions** page, select the action (allow or deny) and the user or group that the rule should apply to, and then select **Next**. 5. On the **Publisher** page, you can select a specific reference for the packaged app rule and set the scope for the rule. The following table describes the reference options. - - - - - - - - - - - - - - - - - - - - - - - - - -
                    SelectionDescriptionExample

                    Use an installed packaged app as a reference

                    If selected, AppLocker requires you to choose an app that is already installed on which to base your new rule. AppLocker uses the publisher, package name and package version to define the rule.

                    You want the Sales group only to use the app named Microsoft.BingMaps for its outside sales calls. The Microsoft.BingMaps app is already installed on the device where you are creating the rule, so you choose this option, and select the app from the list of apps installed on the computer and create the rule using this app as a reference.

                    Use a packaged app installer as a reference

                    If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name, and package version of the installer to define the rule.

                    Your company has developed many internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.

                    -   + + |Selection|Description|Example| + |--- |--- |--- | + |**Use an installed packaged app as a reference**|If selected, AppLocker requires you to choose an app that is already installed on which to base your new rule. AppLocker uses the publisher, package name and package version to define the rule.|You want the Sales group only to use the app named Microsoft.BingMaps for its outside sales calls. The Microsoft.BingMaps app is already installed on the device where you are creating the rule, so you choose this option, and select the app from the list of apps installed on the computer and create the rule using this app as a reference.| + |**Use a packaged app installer as a reference**|If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name, and package version of the installer to define the rule.|Your company has developed many internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.| + The following table describes setting the scope for the packaged app rule. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    SelectionDescriptionExample

                    Applies to Any publisher

                    This is the least restrictive scope condition for an Allow rule. It permits every packaged app to run or install.

                    -

                    Conversely, if this is a Deny rule, then this option is the most restrictive because it denies all apps from installing or running.

                    You want the Sales group to use any packaged app from any signed publisher. You set the permissions to allow the Sales group to be able to run any app.

                    Applies to a specific Publisher

                    This scopes the rule to all apps published by a particular publisher.

                    You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope.

                    Applies to a Package name

                    This scopes the rule to all packages that share the publisher name and package name as the reference file.

                    You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope.

                    Applies to a Package version

                    This scopes the rule to a particular version of the package.

                    You want to be very selective in what you allow. You do not want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer.

                    Applying custom values to the rule

                    Selecting the Use custom values check box allows you to adjust the scope fields for your particular circumstance.

                    You want to allow users to install all Microsoft.Bing* applications, which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the Use custom values check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.

                    + + |Selection|Description|Example| + |--- |--- |--- | + |Applies to **Any publisher**|This is the least restrictive scope condition for an **Allow** rule. It permits every packaged app to run or install.

                    Conversely, if this is a **Deny** rule, then this option is the most restrictive because it denies all apps from installing or running.|You want the Sales group to use any packaged app from any signed publisher. You set the permissions to allow the Sales group to be able to run any app.| + |Applies to a specific **Publisher**|This scopes the rule to all apps published by a particular publisher.|You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope.| + |Applies to a **Package name**|This scopes the rule to all packages that share the publisher name and package name as the reference file.|You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope.| + |Applies to a **Package version**|This scopes the rule to a particular version of the package.|You want to be very selective in what you allow. You do not want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer.| + |Applying custom values to the rule|Selecting the **Use custom values** check box allows you to adjust the scope fields for your particular circumstance.|You want to allow users to install all *Microsoft.Bing* applications, which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the **Use custom values** check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.|   6. Select **Next**. 7. (Optional) On the **Exceptions** page, specify conditions by which to exclude files from being affected by the rule. This allows you to add exceptions based on the same rule reference and rule scope as you set before. Select **Next**. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index e4bdbbc2b7..594f737b63 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -37,137 +37,23 @@ There are management and maintenance costs associated with a list of allowed app Use the following table to develop your own objectives and determine which application control feature best addresses those objectives. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Application control functionSRPAppLocker

                    Scope

                    SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.

                    AppLocker policies apply only to the support versions of Windows listed in Requirements to use AppLocker.

                    Policy creation

                    SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.

                    AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                    -

                    AppLocker permits customization of error messages to direct users to a Web page for help.

                    Policy maintenance

                    SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).

                    AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally, or the GPMC, or the Windows PowerShell AppLocker cmdlets.

                    Policy application

                    SRP policies are distributed through Group Policy.

                    AppLocker policies are distributed through Group Policy.

                    Enforcement mode

                    SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.

                    -

                    SRP can also be configured in the “allow list mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.

                    By default, AppLocker works in allow list mode. Only those files are allowed to run for which there's a matching allow rule.

                    File types that can be controlled

                    SRP can control the following file types:

                    -
                      -

                    • Executables

                      • -

                    • DLLs

                      • -

                    • Scripts

                      • -

                    • Windows Installers

                      • -
                    -

                    SRP cannot control each file type separately. All SRP rules are in a single rule collection.

                    AppLocker can control the following file types:

                    -
                      -

                    • Executables

                      • -

                    • DLLs

                      • -

                    • Scripts

                      • -

                    • Windows Installers

                      • -

                    • Packaged apps and installers

                      • -
                    -

                    AppLocker maintains a separate rule collection for each of the five file types.

                    Designated file types

                    SRP supports an extensible list of file types that are considered executable. You can add extensions for files that should be considered executable.

                    AppLocker doesn't support this. AppLocker currently supports the following file extensions:

                    -
                      -

                    • Executables (.exe, .com)

                      • -

                    • DLLs (.ocx, .dll)

                      • -

                    • Scripts (.vbs, .js, .ps1, .cmd, .bat)

                      • -

                    • Windows Installers (.msi, .mst, .msp)

                      • -

                    • Packaged app installers (.appx)

                      • -

                    Rule types

                    SRP supports four types of rules:

                    -
                      -

                    • Hash

                      • -

                    • Path

                      • -

                    • Signature

                      • -

                    • Internet zone

                      • -

                    AppLocker supports three types of rules:

                    -
                      -

                    • Hash

                      • -

                    • Path

                      • -

                    • Publisher

                      • -

                    Editing the hash value

                    SRP allows you to select a file to hash.

                    AppLocker computes the hash value itself. Internally it uses the SHA2 Authenticode hash for Portable Executables (exe and DLL) and Windows Installers and an SHA2 flat file hash for the rest.

                    Support for different security levels

                    With SRP, you can specify the permissions with which an app can run. Then configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                    -

                    SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).

                    AppLocker does not support security levels.

                    Manage Packaged apps and Packaged app installers.

                    Unable

                    .appx is a valid file type which AppLocker can manage.

                    Targeting a rule to a user or a group of users

                    SRP rules apply to all users on a particular computer.

                    AppLocker rules can be targeted to a specific user or a group of users.

                    Support for rule exceptions

                    SRP does not support rule exceptions

                    AppLocker rules can have exceptions that allow administrators to create rules such as “Allow everything from Windows except for Regedit.exe”.

                    Support for audit mode

                    SRP doesn't support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.

                    AppLocker supports audit mode that allows administrators to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.

                    Support for exporting and importing policies

                    SRP does not support policy import/export.

                    AppLocker supports the importing and exporting of policies. This allows you to create AppLocker policy on a sample computer, test it out and then export that policy and import it back into the desired GPO.

                    Rule enforcement

                    Internally, SRP rules enforcement happens in user-mode, which is less secure.

                    Internally, AppLocker rules for exes and dlls are enforced in kernel-mode, which is more secure than enforcing them in the user-mode.

                    +|Application control function|SRP|AppLocker| +|--- |--- |--- | +|Scope|SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.|AppLocker policies apply only to the support versions of Windows listed in[Requirements to use AppLocker](requirements-to-use-applocker.md).| +|Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                    AppLocker permits customization of error messages to direct users to a Web page for help.| +|Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally, or the GPMC, or the Windows PowerShell AppLocker cmdlets.| +|Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.| +|Enforcement mode|SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.

                    SRP can also be configured in the “allow list mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|By default, AppLocker works in allow list mode. Only those files are allowed to run for which there's a matching allow rule.| +|File types that can be controlled|SRP can control the following file types:

                  • Executables
                  • DLLs
                  • Scripts
                  • Windows Installers

                    SRP cannot control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:

                  • Executables
                  • DLLs
                  • Scripts
                  • Windows Installers
                  • Packaged apps and installers

                    AppLocker maintains a separate rule collection for each of the five file types.| +|Designated file types|SRP supports an extensible list of file types that are considered executable. You can add extensions for files that should be considered executable.|AppLocker doesn't support this. AppLocker currently supports the following file extensions:

                  • Executables (.exe, .com)
                  • DLLs (.ocx, .dll)
                  • Scripts (.vbs, .js, .ps1, .cmd, .bat)
                  • Windows Installers (.msi, .mst, .msp)
                  • Packaged app installers (.appx)| +|Rule types|SRP supports four types of rules:
                  • Hash
                  • Path
                  • Signature

                    Internet zone|AppLocker supports three types of rules:

                  • Hash
                  • Path
                  • Publisher| +|Editing the hash value|SRP allows you to select a file to hash.|AppLocker computes the hash value itself. Internally it uses the SHA2 Authenticode hash for Portable Executables (exe and DLL) and Windows Installers and an SHA2 flat file hash for the rest.| +|Support for different security levels|With SRP, you can specify the permissions with which an app can run. Then configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                    SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.| +|Manage Packaged apps and Packaged app installers.|Unable|.appx is a valid file type which AppLocker can manage.| +|Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.| +|Support for rule exceptions|SRP does not support rule exceptions|AppLocker rules can have exceptions that allow administrators to create rules such as “Allow everything from Windows except for Regedit.exe”.| +|Support for audit mode|SRP doesn't support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode that allows administrators to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.| +|Support for exporting and importing policies|SRP does not support policy import/export.|AppLocker supports the importing and exporting of policies. This allows you to create AppLocker policy on a sample computer, test it out and then export that policy and import it back into the desired GPO.| +|Rule enforcement|Internally, SRP rules enforcement happens in user-mode, which is less secure.|Internally, AppLocker rules for exes and dlls are enforced in kernel-mode, which is more secure than enforcing them in the user-mode.| For more general info, see AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 252fb96ede..f21a48c714 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -43,96 +43,16 @@ To complete this AppLocker planning document, you should first complete the foll After you determine how to structure your Group Policy Objects (GPOs) so that you can apply AppLocker policies, you should record your findings. You can use the following table to determine how many GPOs to create (or edit) and which objects they are linked to. If you decided to create custom rules to allow system files to run, note the high-level rule configuration in the **Use default rule or define new rule condition** column. The following table includes the sample data that was collected when you determined your enforcement settings and the GPO structure for your AppLocker policies. - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupOrganizational unitImplement AppLocker?AppsInstallation pathUse default rule or define new rule conditionAllow or denyGPO name

                    Bank Tellers

                    Teller-East and Teller-West

                    Yes

                    Teller Software

                    C:\Program Files\Woodgrove\Teller.exe

                    File is signed; create a publisher condition

                    Allow

                    Tellers-AppLockerTellerRules

                    Windows files

                    C:\Windows

                    Create a path exception to the default rule to exclude \Windows\Temp

                    Allow

                    Human Resources

                    HR-All

                    Yes

                    Check Payout

                    C:\Program Files\Woodgrove\HR\Checkcut.exe

                    File is signed; create a publisher condition

                    Allow

                    HR-AppLockerHRRules

                    Time Sheet Organizer

                    -

                    C:\Program Files\Woodgrove\HR\Timesheet.exe

                    -

                    File is not signed; create a file hash condition

                    -

                    Allow

                    Internet Explorer 7

                    C:\Program Files\Internet Explorer</p>

                    File is signed; create a publisher condition

                    Deny

                    Windows files

                    C:\Windows

                    Use a default rule for the Windows path

                    Allow

                    - + +|Business group|Organizational unit|Implement AppLocker?|Apps|Installation path|Use default rule or define new rule condition|Allow or deny|GPO name| +|--- |--- |--- |--- |--- |--- |--- |--- | +|Bank Tellers|Teller-East and Teller-West|Yes|Teller Software|C:\Program Files\Woodgrove\Teller.exe|File is signed; create a publisher condition|Allow|Tellers-AppLockerTellerRules| +||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|Allow|| +|Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|Allow|HR-AppLockerHRRules| +||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File is not signed; create a file hash condition|Allow|| +||||Internet Explorer 7|C:\Program Files\Internet Explorer

                    |File is signed; create a publisher condition|Deny|| +||||Windows files|C:\Windows|Use a default rule for the Windows path|Allow|| + ## Next steps After you have determined the Group Policy structure and rule enforcement strategy for each business group's apps, the following tasks remain: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md index 33ffa59ce9..5f360731db 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md @@ -42,70 +42,18 @@ Record the name of the app, whether it is signed as indicated by the publisher's Record the installation path of the apps. For example, Microsoft Office 2016 installs files to *%programfiles%\\Microsoft Office\\Office16\\*, which is *C:\\Program Files\\Microsoft Office\\Office16\\* on most devices. The following table provides an example of how to list applications for each business group at the early stage of designing your application control policies. Eventually, as more planning information is added to the list, the information can be used to build AppLocker rules. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupOrganizational unitImplement AppLocker?AppsInstallation path

                    Bank Tellers

                    Teller-East and Teller-West

                    Yes

                    Teller Software

                    C:\Program Files\Woodgrove\Teller.exe

                    Windows files

                    C:\Windows

                    Human Resources

                    HR-All

                    Yes

                    Check Payout

                    C:\Program Files\Woodgrove\HR\Checkcut.exe

                    Time Sheet Organizer

                    C:\Program Files\Woodgrove\HR\Timesheet.exe

                    Internet Explorer 7

                    C:\Program Files\Internet Explorer</p>

                    Windows files

                    C:\Windows

                    - ->Note: AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary. + +|Business group|Organizational unit|Implement AppLocker?|Apps|Installation path| +|--- |--- |--- |--- |--- | +|Bank Tellers|Teller-East and Teller-West|Yes|Teller Software|C:\Program Files\Woodgrove\Teller.exe| +||||Windows files|C:\Windows| +|Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe| +||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe| +||||Internet Explorer 7|C:\Program Files\Internet Explorer

                    | +||||Windows files|C:\Windows| + +>[!NOTE] +>AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary. Event processing diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index 2db8ca7042..151e00dc31 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -46,86 +46,15 @@ Document the following items for each business group or organizational unit: The following table details sample data for documenting rule type and rule condition findings. In addition, you should now consider whether to allow an app to run or deny permission for it to run. For info about these settings, see [Understanding AppLocker allow and deny actions on rules](understanding-applocker-allow-and-deny-actions-on-rules.md). - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupOrganizational unitImplement AppLocker?ApplicationsInstallation pathUse default rule or define new rule conditionAllow or deny

                    Bank Tellers

                    Teller-East and Teller-West

                    Yes

                    Teller Software

                    C:\Program Files\Woodgrove\Teller.exe

                    File is signed; create a publisher condition

                    Windows files

                    C:\Windows

                    Create a path exception to the default rule to exclude \Windows\Temp

                    Human Resources

                    HR-All

                    Yes

                    Check Payout

                    C:\Program Files\Woodgrove\HR\Checkcut.exe

                    File is signed; create a publisher condition

                    Time Sheet Organizer

                    C:\Program Files\Woodgrove\HR\Timesheet.exe

                    File is not signed; create a file hash condition

                    Internet Explorer 7

                    C:\Program Files\Internet Explorer</p>

                    File is signed; create a publisher condition

                    Windows files

                    C:\Windows

                    Use the default rule for the Windows path

                    +|Business group|Organizational unit|Implement AppLocker?|Applications|Installation path|Use default rule or define new rule condition|Allow or deny| +|--- |--- |--- |--- |--- |--- |--- | +|Bank Tellers|Teller-East and Teller-West|Yes|Teller Software|C:\Program Files\Woodgrove\Teller.exe|File is signed; create a publisher condition|| +||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|| +|Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|| +||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File is not signed; create a file hash condition|| +||||Internet Explorer 7|C:\Program Files\Internet Explorer

                    |File is signed; create a publisher condition|| +||||Windows files|C:\Windows|Use the default rule for the Windows path|| - ## Next steps For each rule, determine whether to use the allow or deny option, and then complete the following tasks: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index b114297f17..44d6d198a7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -143,103 +143,15 @@ The three key areas to determine for AppLocker policy management are: The following table contains the added sample data that was collected when determining how to maintain and manage AppLocker policies. - ----------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupOrganizational unitImplement AppLocker?AppsInstallation pathUse default rule or define new rule conditionAllow or denyGPO nameSupport policy

                    Bank Tellers

                    Teller-East and Teller-West

                    Yes

                    Teller Software

                    C:\Program Files\Woodgrove\Teller.exe

                    File is signed; create a publisher condition

                    Allow

                    Tellers-AppLockerTellerRules

                    Web help

                    Windows files

                    -

                    C:\Windows

                    Create a path exception to the default rule to exclude \Windows\Temp

                    Allow

                    Help desk

                    Human Resources

                    HR-All

                    Yes

                    Check Payout

                    C:\Program Files\Woodgrove\HR\Checkcut.exe

                    File is signed; create a publisher condition

                    Allow

                    HR-AppLockerHRRules

                    Web help

                    Time Sheet Organizer

                    C:\Program Files\Woodgrove\HR\Timesheet.exe

                    File is not signed; create a file hash condition

                    Allow

                    Web help

                    Internet Explorer 7

                    C:\Program Files\Internet Explorer</p>

                    File is signed; create a publisher condition

                    Deny

                    Web help

                    -

                    Windows files

                    C:\Windows

                    Use the default rule for the Windows path

                    Allow

                    Help desk

                    - +|Business group|Organizational unit|Implement AppLocker?|Apps|Installation path|Use default rule or define new rule condition|Allow or deny|GPO name|Support policy| +|--- |--- |--- |--- |--- |--- |--- |--- |--- | +|Bank Tellers|Teller-East and Teller-West|Yes|Teller Software|C:\Program Files\Woodgrove\Teller.exe|File is signed; create a publisher condition|Allow|Tellers-AppLockerTellerRules|Web help| +||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|Allow||Help desk| +|Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|Allow|HR-AppLockerHRRules|Web help| +||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File is not signed; create a file hash condition|Allow||Web help| +||||Internet Explorer 7|C:\Program Files\Internet Explorer

                    |File is signed; create a publisher condition|Deny||Web help| +||||Windows files|C:\Windows|Use the default rule for the Windows path|Allow||Help desk| + The following two tables illustrate examples of documenting considerations to maintain and manage AppLocker policies. **Event processing policy** @@ -248,83 +160,17 @@ One discovery method for app usage is to set the AppLocker enforcement mode to * The following table is an example of what to consider and record. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupAppLocker event collection locationArchival policyAnalyzed?Security policy

                    Bank Tellers

                    Forwarded to: AppLocker Event Repository on srvBT093

                    Standard

                    None

                    Standard

                    Human Resources

                    DO NOT FORWARD. srvHR004

                    60 months

                    Yes, summary reports monthly to managers

                    Standard

                    +|Business group|AppLocker event collection location|Archival policy|Analyzed?|Security policy| +|--- |--- |--- |--- |--- | +|Bank Tellers|Forwarded to: AppLocker Event Repository on srvBT093|Standard|None|Standard| +|Human Resources|DO NOT FORWARD. srvHR004|60 months|Yes, summary reports monthly to managers|Standard| Policy maintenance policy When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies. The following table is an example of what to consider and record. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupRule update policyApplication decommission policyApplication version policyApplication deployment policy

                    Bank Tellers

                    Planned: Monthly through business office triage

                    -

                    Emergency: Request through help desk

                    Through business office triage

                    -

                    30-day notice required

                    General policy: Keep past versions for 12 months

                    -

                    List policies for each application

                    Coordinated through business office

                    -

                    30-day notice required

                    Human Resources

                    Planned: Monthly through HR triage

                    -

                    Emergency: Request through help desk

                    Through HR triage

                    -

                    30-day notice required

                    General policy: Keep past versions for 60 months

                    -

                    List policies for each application

                    Coordinated through HR

                    -

                    30-day notice required

                    \ No newline at end of file + +|Business group|Rule update policy|Application decommission policy|Application version policy|Application deployment policy| +|--- |--- |--- |--- |--- | +|Bank Tellers|Planned: Monthly through business office triage

                    Emergency: Request through help desk|Through business office triage

                    30-day notice required|General policy: Keep past versions for 12 months

                    List policies for each application|Coordinated through business office

                    30-day notice required| +|Human Resources|Planned: Monthly through HR triage

                    Emergency: Request through help desk|Through HR triage

                    30-day notice required|General policy: Keep past versions for 60 months

                    List policies for each application|Coordinated through HR

                    30-day notice required| + diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index 85f6eb11a3..4b22f44415 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -41,181 +41,28 @@ The following requirements must be met or addressed before you deploy your AppLo An AppLocker policy deployment plan is the result of investigating which applications are required and necessary in your organization, which apps are optional, and which apps are forbidden. To develop this plan, see [AppLocker Design Guide](applocker-policies-design-guide.md). The following table is an example of the data you need to collect and the decisions you need to make to successfully deploy AppLocker policies on the supported operating systems (as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md)). - ----------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupOrganizational unitImplement AppLocker?AppsInstallation pathUse default rule or define new rule conditionAllow or denyGPO nameSupport policy

                    Bank Tellers

                    Teller-East and Teller-West

                    Yes

                    Teller software

                    C:\Program Files\Woodgrove\Teller.exe

                    File is signed; create a publisher condition

                    Allow

                    Tellers

                    Web help

                    Windows files

                    -

                    C:\Windows

                    Create a path exception to the default rule to exclude \Windows\Temp

                    Allow

                    Help Desk

                    Time Sheet Organizer

                    C:\Program Files\Woodgrove\HR\Timesheet.exe

                    File is not signed; create a file hash condition

                    Allow

                    Web help

                    Human Resources

                    HR-All

                    Yes

                    Check Payout

                    C:\Program Files\Woodgrove\HR\Checkcut.exe

                    File is signed; create a publisher condition

                    Allow

                    HR

                    Web help

                    Internet Explorer 7

                    C:\Program Files\Internet Explorer</p>

                    File is signed; create a publisher condition

                    Deny

                    Help Desk

                    Windows files

                    C:\Windows

                    Use the default rule for the Windows path

                    Allow

                    Help Desk

                    +|Business group|Organizational unit|Implement AppLocker?|Apps|Installation path|Use default rule or define new rule condition|Allow or deny|GPO name|Support policy| +|--- |--- |--- |--- |--- |--- |--- |--- |--- | +|Bank Tellers|Teller-East and Teller-West|Yes|Teller software|C:\Program Files\Woodgrove\Teller.exe|File is signed; create a publisher condition|Allow|Tellers|Web help| +||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|Allow||Help Desk| +||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File is not signed; create a file hash condition|Allow||Web help| +|Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|Allow|HR|Web help| +||||Internet Explorer 7|C:\Program Files\Internet Explorer

                    |File is signed; create a publisher condition|Deny||Help Desk| +||||Windows files|C:\Windows|Use the default rule for the Windows path|Allow||Help Desk| Event processing policy - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupAppLocker event collection locationArchival policyAnalyzed?Security policy

                    Bank Tellers

                    Forwarded to: srvBT093

                    Standard

                    None

                    Standard

                    Human Resources

                    Do not forward

                    -

                    60 months

                    Yes; summary reports monthly to managers

                    Standard

                    +|Business group|AppLocker event collection location|Archival policy|Analyzed?|Security policy| +|--- |--- |--- |--- |--- | +|Bank Tellers|Forwarded to: srvBT093|Standard|None|Standard| +|Human Resources|Do not forward|60 months|Yes; summary reports monthly to managers|Standard| Policy maintenance policy - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Business groupRule update policyApp decommission policyApp version policyApp deployment policy

                    Bank Tellers

                    Planned: Monthly through business office triage

                    -

                    Emergency: Request through Help Desk

                    Through business office triage; 30-day notice required

                    General policy: Keep past versions for 12 months

                    -

                    List policies for each application

                    Coordinated through business office; 30-day notice required

                    Human Resources

                    Planned: Through HR triage

                    -

                    Emergency: Request through Help Desk

                    Through HR triage; 30-day notice required

                    -

                    General policy: Keep past versions for 60 months

                    -

                    List policies for each application

                    Coordinated through HR; 30-day notice required

                    +|Business group|Rule update policy|App decommission policy|App version policy|App deployment policy| +|--- |--- |--- |--- |--- | +|Bank Tellers|Planned: Monthly through business office triage

                    Emergency: Request through Help Desk|Through business office triage; 30-day notice required|General policy: Keep past versions for 12 months

                    List policies for each application|Coordinated through business office; 30-day notice required| +|Human Resources|Planned: Through HR triage

                    Emergency: Request through Help Desk|Through HR triage; 30-day notice required|General policy: Keep past versions for 60 months

                    List policies for each application|Coordinated through HR; 30-day notice required| ### Supported operating systems diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 2d5fca2ebb..7c3e95c7e8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -98,57 +98,11 @@ Most organizations have evolved app control policies and methods over time. With ### Which Windows desktop and server operating systems are running in your organization? If your organization supports multiple Windows operating systems, app control policy planning becomes more complex. Your initial design decisions should consider the security and management priorities of applications that are installed on each version of the operating system. - ---- - - - - - - - - - - - - - - - - -
                    Possible answersDesign considerations

                    Your organization's computers are running a combination of the following operating systems:

                    -
                      -

                    • Windows 11

                      • -

                    • Windows 10

                      • -

                    • Windows 8

                      • -

                    • Windows 7

                      • -

                    • Windows Vista

                      • -

                    • Windows XP

                      • -

                    • Windows Server 2012

                      • -

                    • Windows Server 2008 R2

                      • -

                    • Windows Server 2008

                      • -

                    • Windows Server 2003

                      • -

                    AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see Requirements to use AppLocker.

                    -
                    -Note

                    If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.

                    -
                    -
                    -
                    -

                    AppLocker policies as applied through a GPO take precedence over SRP policies in the same or linked GPO. SRP policies can be created and maintained the same way.

                    Your organization's computers are running only the following operating systems:

                    -
                      -

                    • Windows 11

                      • -

                    • Windows 10

                      • -

                    • Windows 8.1

                      • -

                    • Windows 8

                      • -

                    • Windows 7

                      • -

                    • Windows Server 2012 R2

                      • -

                    • Windows Server 2012

                      • -

                    • Windows Server 2008 R2

                      • -

                    Use AppLocker to create your application control policies.

                    +|Possible answers|Design considerations| +|--- |--- | +|Your organization's computers are running a combination of the following operating systems:

                  • Windows 11
                  • Windows 10
                  • Windows 8
                  • Windows 7
                  • Windows Vista
                  • Windows XP
                  • Windows Server 2012
                  • Windows Server 2008 R2
                  • Windows Server 2008
                  • Windows Server 2003|AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
                    **Note:** If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.

                    AppLocker policies as applied through a GPO take precedence over SRP policies in the same or linked GPO. SRP policies can be created and maintained the same way.| +|Your organization's computers are running only the following operating systems:

                  • Windows 11
                  • Windows 10
                  • Windows 8.1
                  • Windows 8
                  • Windows 7
                  • Windows Server 2012 R2
                  • Windows Server 2012
                  • Windows Server 2008 R2|Use AppLocker to create your application control policies.| ### Are there specific groups in your organization that need customized application control policies? diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 0eb3e887ba..4aa28b9f43 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -35,30 +35,9 @@ The path condition identifies an application by its location in the file system When creating a rule that uses a deny action, path conditions are less secure than publisher and file hash conditions for preventing access to a file because a user could easily copy the file to a different location than the location specified in the rule. Because path rules specify locations within the file system, you should ensure that there are no subdirectories that are writable by non-administrators. For example, if you create a path rule for C:\\ with the allow action, any file under that location will be allowed to run, including within users' profiles. The following table describes the advantages and disadvantages of the path condition. - ---- - - - - - - - - - - - - -
                    Path condition advantagesPath condition disadvantages
                      -

                    • You can easily control many folders or a single file.

                      • -

                    • You can use the asterisk (*) as a wildcard character within path rules.

                      • -
                      -

                    • It might be less secure if a rule that is configured to use a folder path contains subfolders that are writable by non-administrators.

                      • -

                    • You must specify the full path to a file or folder when creating path rules so that the rule will be properly enforced.

                      • -
                    +|Path condition advantages|Path condition disadvantages| +|--- |--- | +|
                  • You can easily control many folders or a single file.
                  • You can use the asterisk (*) as a wildcard character within path rules.|
                  • It might be less secure if a rule that is configured to use a folder path contains subfolders that are writable by non-administrators.
                  • You must specify the full path to a file or folder when creating path rules so that the rule will be properly enforced.| AppLocker does not enforce rules that specify paths with short names. You should always specify the full path to a file or folder when creating path rules so that the rule will be properly enforced. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 86cc3ed874..55d9299a0f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -35,32 +35,9 @@ Publisher conditions can be made only for files that are digitally signed; this Publisher conditions are easier to maintain than file hash conditions and are generally more secure than path conditions. Rules that are specified to the version level might have to be updated when a new version of the file is released. The following table describes the advantages and disadvantages of the publisher condition. - ---- - - - - - - - - - - - - -
                    Publisher condition advantagesPublisher condition disadvantages
                      -

                    • Frequent updating is not required.

                      • -

                    • You can apply different values within a certificate.

                      • -

                    • A single rule can be used to allow an entire product suite.

                      • -

                    • You can use the asterisk (*) wildcard character within a publisher rule to specify that any value should be matched.

                      • -
                      -

                    • The file must be signed.

                      • -

                    • Although a single rule can be used to allow an entire product suite, all files in the suite must be signed uniformly.

                      • -
                    +|Publisher condition advantages|Publisher condition disadvantages| +|--- |--- | +|
                  • Frequent updating is not required.
                  • You can apply different values within a certificate.
                  • A single rule can be used to allow an entire product suite.
                  • You can use the asterisk (*) wildcard character within a publisher rule to specify that any value should be matched.|
                  • The file must be signed.
                  • Although a single rule can be used to allow an entire product suite, all files in the suite must be signed uniformly.| Wildcard characters can be used as values in the publisher rule fields according to the following specifications: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index a22f94b741..d7bb4ad515 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -38,139 +38,26 @@ Windows Server 2008 R2, Windows 7 and later. It is recommended that you auth Windows 7 and later, the SRP policies are ignored. The following table compares the features and functions of Software Restriction Policies (SRP) and AppLocker. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Application control functionSRPAppLocker

                    Scope

                    SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.

                    AppLocker policies apply only to Windows Server 2008 R2, Windows 7, and later.

                    Policy creation

                    SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.

                    AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                    -

                    AppLocker permits customization of error messages to direct users to a Web page for help.

                    Policy maintenance

                    SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).

                    AppLocker policies can be updated by using the Local Security Policy snap-in (if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.

                    Policy application

                    SRP policies are distributed through Group Policy.

                    AppLocker policies are distributed through Group Policy.

                    Enforcement mode

                    SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file is allowed to run by default.

                    -

                    SRP can also be configured in the “allowlist mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.

                    AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there is a matching allow rule.

                    File types that can be controlled

                    SRP can control the following file types:

                    -
                      -

                    • Executables

                      • -

                    • Dlls

                      • -

                    • Scripts

                      • -

                    • Windows Installers

                      • -
                    -

                    SRP cannot control each file type separately. All SRP rules are in a single rule collection.

                    AppLocker can control the following file types:

                    -
                      -

                    • Executables

                      • -

                    • Dlls

                      • -

                    • Scripts

                      • -

                    • Windows Installers

                      • -

                    • Packaged apps and installers

                      • -
                    -

                    AppLocker maintains a separate rule collection for each of the five file types.

                    Designated file types

                    SRP supports an extensible list of file types that are considered executable. Administrators can add extensions for files that should be considered executable.

                    AppLocker currently supports the following file extensions:

                    -
                      -

                    • Executables (.exe, .com)

                      • -

                    • Dlls (.ocx, .dll)

                      • -

                    • Scripts (.vbs, .js, .ps1, .cmd, .bat)

                      • -

                    • Windows Installers (.msi, .mst, .msp)

                      • -

                    • Packaged app installers (.appx)

                      • -

                    Rule types

                    SRP supports four types of rules:

                    -
                      -

                    • Hash

                      • -

                    • Path

                      • -

                    • Signature

                      • -

                    • Internet zone

                      • -

                    AppLocker supports three types of rules:

                    -
                      -

                    • File hash

                      • -

                    • Path

                      • -

                    • Publisher

                      • -

                    Editing the hash value

                    In Windows XP, you could use SRP to provide custom hash values.

                    -

                    Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, not provide the hash value.

                    AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.

                    Support for different security levels

                    With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                    -

                    SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).

                    AppLocker does not support security levels.

                    Manage Packaged apps and Packaged app installers.

                    Not supported

                    .appx is a valid file type which AppLocker can manage.

                    Targeting a rule to a user or a group of users

                    SRP rules apply to all users on a particular computer.

                    AppLocker rules can be targeted to a specific user or a group of users.

                    Support for rule exceptions

                    SRP does not support rule exceptions.

                    AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.

                    Support for audit mode

                    SRP does not support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.

                    AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.

                    Support for exporting and importing policies

                    SRP does not support policy import/export.

                    AppLocker supports the importing and exporting of policies. This allows you to create AppLocker policy on a sample device, test it out and then export that policy and import it back into the desired GPO.

                    Rule enforcement

                    Internally, SRP rules enforcement happens in the user-mode, which is less secure.

                    Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode, which is more secure than enforcing them in the user-mode.

                    + +|Application control function|SRP|AppLocker| +|--- |--- |--- | +|Scope|SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.|AppLocker policies apply only to Windows Server 2008 R2, Windows 7, and later.| +|Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                    AppLocker permits customization of error messages to direct users to a Web page for help.| +|Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in (if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.| +|Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.| +|Enforcement mode|SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file is allowed to run by default.

                    SRP can also be configured in the “allowlist mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there is a matching allow rule.| +|File types that can be controlled|SRP can control the following file types:

                  • Executables
                  • Dlls
                  • Scripts
                  • Windows Installers

                    SRP cannot control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:

                  • Executables
                  • Dlls
                  • Scripts
                  • Windows Installers
                  • Packaged apps and installers

                    AppLocker maintains a separate rule collection for each of the five file types.| +|Designated file types|SRP supports an extensible list of file types that are considered executable. Administrators can add extensions for files that should be considered executable.|AppLocker currently supports the following file extensions:

                  • Executables (.exe, .com)
                  • Dlls (.ocx, .dll)
                  • Scripts (.vbs, .js, .ps1, .cmd, .bat)
                  • Windows Installers (.msi, .mst, .msp)
                  • Packaged app installers (.appx)| +|Rule types|SRP supports four types of rules:
                  • Hash
                  • Path
                  • Signature
                  • Internet zone|AppLocker supports three types of rules:
                  • File hash
                  • Path
                  • Publisher| +|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.

                    Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.| +|Support for different security levels|With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                    SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.| +|Manage Packaged apps and Packaged app installers.|Not supported|.appx is a valid file type which AppLocker can manage.| +|Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.| +|Support for rule exceptions|SRP does not support rule exceptions.|AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.| +|Support for audit mode|SRP does not support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.| +|Support for exporting and importing policies|SRP does not support policy import/export.|AppLocker supports the importing and exporting of policies. This allows you to create AppLocker policy on a sample device, test it out and then export that policy and import it back into the desired GPO.| +|Rule enforcement|Internally, SRP rules enforcement happens in the user-mode, which is less secure.|Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode, which is more secure than enforcing them in the user-mode.| +       diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md index 3629a929f5..1196a83dee 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md @@ -53,145 +53,33 @@ For information about the application control scenarios that AppLocker addresses The following table compares AppLocker to Software Restriction Policies. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    FeatureSoftware Restriction PoliciesAppLocker

                    Rule scope

                    All users

                    Specific user or group

                    Rule conditions provided

                    File hash, path, certificate, registry path, and Internet zone

                    File hash, path, and publisher

                    Rule types provided

                    Defined by the security levels:

                    -
                      -

                    • Disallowed

                      • -

                    • Basic User

                      • -

                    • Unrestricted

                      • -

                    Allow and deny

                    Default rule action

                    Unrestricted

                    Implicit deny

                    Audit-only mode

                    No

                    Yes

                    Wizard to create multiple rules at one time

                    No

                    Yes

                    Policy import or export

                    No

                    Yes

                    Rule collection

                    No

                    Yes

                    Windows PowerShell support

                    No

                    Yes

                    Custom error messages

                    No

                    Yes

                    +|Feature|Software Restriction Policies|AppLocker| +|--- |--- |--- | +|Rule scope|All users|Specific user or group| +|Rule conditions provided|File hash, path, certificate, registry path, and Internet zone|File hash, path, and publisher| +|Rule types provided|Defined by the security levels:

                  • Disallowed
                  • Basic User
                  • Unrestricted|Allow and deny| +|Default rule action|Unrestricted|Implicit deny| +|Audit-only mode|No|Yes| +|Wizard to create multiple rules at one time|No|Yes| +|Policy import or export|No|Yes| +|Rule collection|No|Yes| +|Windows PowerShell support|No|Yes| +|Custom error messages|No|Yes| Application control function differences The following table compares the application control functions of Software Restriction Policies (SRP) and AppLocker. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    Application control functionSRPAppLocker

                    Operating system scope

                    SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.

                    AppLocker policies apply only to those supported operating system versions and editions listed in Requirements to use AppLocker. But these systems can also use SRP.

                    -
                    -Note

                    Use different GPOs for SRP and AppLocker rules.

                    -
                    -
                    -

                    User support

                    SRP allows users to install applications as an administrator.

                    AppLocker policies are maintained through Group Policy, and only the administrator of the device can update an AppLocker policy.

                    -

                    AppLocker permits customization of error messages to direct users to a Web page for help.

                    Policy maintenance

                    SRP policies are updated by using the Local Security Policy snap-in or the Group Policy Management Console (GPMC).

                    AppLocker policies are updated by using the Local Security Policy snap-in or the GPMC.

                    -

                    AppLocker supports a small set of PowerShell cmdlets to aid in administration and maintenance.

                    Policy management infrastructure

                    To manage SRP policies, SRP uses Group Policy within a domain and the Local Security Policy snap-in for a local computer.

                    To manage AppLocker policies, AppLocker uses Group Policy within a domain and the Local Security Policy snap-in for a local computer.

                    Block malicious scripts

                    Rules for blocking malicious scripts prevents all scripts associated with the Windows Script Host from running, except those that are digitally signed by your organization.

                    AppLocker rules can control the following file formats: .ps1, .bat, .cmd, .vbs, and .js. In addition, you can set exceptions to allow specific files to run.

                    Manage software installation

                    SRP can prevent all Windows Installer packages from installing. It allows .msi files that are digitally signed by your organization to be installed.

                    The Windows Installer rule collection is a set of rules created for Windows Installer file types (.mst, .msi and .msp) to allow you to control the installation of files on client computers and servers.

                    Manage all software on the computer

                    All software is managed in one rule set. By default, the policy for managing all software on a device disallows all software on the user's device, except software that is installed in the Windows folder, Program Files folder, or subfolders.

                    Unlike SRP, each AppLocker rule collection functions as an allowed list of files. Only the files that are listed within the rule collection will be allowed to run. This configuration makes it easier for administrators to determine what will occur when an AppLocker rule is applied.

                    Different policies for different users

                    Rules are applied uniformly to all users on a particular device.

                    On a device that is shared by multiple users, an administrator can specify the groups of users who can access the installed software. Using AppLocker, an administrator can specify the user to whom a specific rule should apply.

                    +|Application control function|SRP|AppLocker| +|--- |--- |--- | +|Operating system scope|SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.|AppLocker policies apply only to those supported operating system versions and editions listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). But these systems can also use SRP.
                    **Note:** Use different GPOs for SRP and AppLocker rules.
                    | +|User support|SRP allows users to install applications as an administrator.|AppLocker policies are maintained through Group Policy, and only the administrator of the device can update an AppLocker policy.

                    AppLocker permits customization of error messages to direct users to a Web page for help.| +|Policy maintenance|SRP policies are updated by using the Local Security Policy snap-in or the Group Policy Management Console (GPMC).|AppLocker policies are updated by using the Local Security Policy snap-in or the GPMC.

                    AppLocker supports a small set of PowerShell cmdlets to aid in administration and maintenance.| +|Policy management infrastructure|To manage SRP policies, SRP uses Group Policy within a domain and the Local Security Policy snap-in for a local computer.|To manage AppLocker policies, AppLocker uses Group Policy within a domain and the Local Security Policy snap-in for a local computer.| +|Block malicious scripts|Rules for blocking malicious scripts prevents all scripts associated with the Windows Script Host from running, except those that are digitally signed by your organization.|AppLocker rules can control the following file formats: .ps1, .bat, .cmd, .vbs, and .js. In addition, you can set exceptions to allow specific files to run.| +|Manage software installation|SRP can prevent all Windows Installer packages from installing. It allows .msi files that are digitally signed by your organization to be installed.|The Windows Installer rule collection is a set of rules created for Windows Installer file types (.mst, .msi and .msp) to allow you to control the installation of files on client computers and servers.| +|Manage all software on the computer|All software is managed in one rule set. By default, the policy for managing all software on a device disallows all software on the user's device, except software that is installed in the Windows folder, Program Files folder, or subfolders.|Unlike SRP, each AppLocker rule collection functions as an allowed list of files. Only the files that are listed within the rule collection will be allowed to run. This configuration makes it easier for administrators to determine what will occur when an AppLocker rule is applied.| +|Different policies for different users|Rules are applied uniformly to all users on a particular device.|On a device that is shared by multiple users, an administrator can specify the groups of users who can access the installed software. Using AppLocker, an administrator can specify the user to whom a specific rule should apply.| ## Related topics From 5c749f2d1e2ff80bcd03a9dc0a5f4141be29c9af Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:34:51 -0500 Subject: [PATCH 095/335] Update windows/security/threat-protection/windows-defender-application-control/TOC.yml Co-authored-by: Jordan Geurten --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 9b5c1a8967..c25b0dbb9a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -50,7 +50,7 @@ href: create-wdac-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices href: create-initial-default-policy.md - - name: Create a WDAC Deny List + - name: Create a WDAC deny list policy href: create-wdac-deny-policy.md - name: Microsoft recommended block rules href: microsoft-recommended-block-rules.md From e20056f3df6512ab37294ed1066e8879501e6184 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:34:59 -0500 Subject: [PATCH 096/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 180cb7b8c6..d9025761ae 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jgeurten -ms.reviewer: isbrahm +ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp ms.date: 11/29/2021 From 057917ed85969748985aa2ad2086dda0a2f2ec94 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:35:06 -0500 Subject: [PATCH 097/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index d9025761ae..3bdff2c695 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -114,7 +114,7 @@ Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 ## Tutorial ### Creating a Deny Policy -Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. +Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard] (https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. ### Software Publisher Based Deny Rule ```Powershell From 90d3666ae32384a30fb53621ab48de21cd251e61 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:35:14 -0500 Subject: [PATCH 098/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 3bdff2c695..2c57f8abaa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -131,7 +131,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath New-CIPolicyRule -Level FileName -DriverFilePath -Deny -Fallback Hash ``` - ### Adding Allow All Rules +### Adding Allow All Rules If required, as in the cases listed above, [Allow All rules](48) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: ```PowerShell From 3d2994ed7399f5047dcebb3d1dfe7e5cf9f38cbe Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:35:21 -0500 Subject: [PATCH 099/335] Update windows/security/threat-protection/windows-defender-application-control/index.yml Co-authored-by: Jordan Geurten --- .../windows-defender-application-control/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml index 5f66230ab6..fb59f7473b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/index.yml +++ b/windows/security/threat-protection/windows-defender-application-control/index.yml @@ -52,7 +52,7 @@ landingContent: url: create-wdac-policy-for-fully-managed-devices.md - text: Create a WDAC policy for a fixed-workload url: create-initial-default-policy.md - - text: Create a WDAC Deny List + - text: Create a WDAC deny list policy url: create-wdac-deny-policy.md - text: Deploying catalog files for WDAC management url: deploy-catalog-files-to-support-windows-defender-application-control.md From cf073cb6eb3a20eea897ef3c543a1d20bbb7c1fa Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:35:40 -0500 Subject: [PATCH 100/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 2c57f8abaa..171f2c4e88 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -128,7 +128,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ### Hash Based Deny Rule ```PowerShell - New-CIPolicyRule -Level FileName -DriverFilePath -Deny -Fallback Hash + New-CIPolicyRule -Level Hash -DriverFilePath -Deny ``` ### Adding Allow All Rules From 0c1cd4d0ce8c9215a2a49a13d59045d2d94b8cbd Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:36:38 -0500 Subject: [PATCH 101/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 171f2c4e88..4e5951ecf0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -42,7 +42,7 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. -Explicit allow and deny rules encompass rules at any level (e.g. has rules, signer rules path rules, attritbute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. +Explicit allow and deny rules encompass rules at any level (e.g. hash rules, signer rules path rules, attribute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. ## Interaction with Existing Policies ### Adding Allow Rules From 68e6f6a2de5f6b2208bb58af2226ad71c1d1eeec Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:37:21 -0500 Subject: [PATCH 102/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 4e5951ecf0..0cf8bade00 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -99,7 +99,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ``` ## Multiple Policy Considerations -If you are currently using multiple policies [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) on a device, there are two options for integrating the deny list into your policy set. +If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the deny list into your policy set. (Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be allowed by both WDAC policies to run on the device [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: From 2591aab5cd1821cd69a4701c8655a2c8531f0a4c Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 11:38:34 -0500 Subject: [PATCH 103/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 0cf8bade00..49ff999cbb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -101,7 +101,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Multiple Policy Considerations If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the deny list into your policy set. -(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be allowed by both WDAC policies to run on the device [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. From d2313afd3e53ed3184ca3c47b7242dd156a935af Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 12:08:35 -0500 Subject: [PATCH 104/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 49ff999cbb..29bf1068fc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -107,7 +107,7 @@ Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 ## Best Practices -1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the 3077 block events [Understanding Application Control event IDs (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide) +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide) 2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. From 86c303b4e471731dce0b588c47160117f471be57 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Thu, 2 Dec 2021 12:55:28 -0500 Subject: [PATCH 105/335] Update create-wdac-deny-policy.md --- .../TOC.yml | 2 +- .../create-wdac-deny-policy.md | 25 +++++++++++-------- .../index.yml | 2 +- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 9b5c1a8967..c25b0dbb9a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -50,7 +50,7 @@ href: create-wdac-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices href: create-initial-default-policy.md - - name: Create a WDAC Deny List + - name: Create a WDAC deny list policy href: create-wdac-deny-policy.md - name: Microsoft recommended block rules href: microsoft-recommended-block-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 180cb7b8c6..846a840557 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -1,6 +1,6 @@ --- title: Create WDAC Deny Policy -description: Explains how to configure a custom Manged Installer. +description: Explains how to create WDAC deny policies keywords: WDAC, policy ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jgeurten -ms.reviewer: isbrahm +ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp ms.date: 11/29/2021 @@ -42,7 +42,7 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. -Explicit allow and deny rules encompass rules at any level (e.g. has rules, signer rules path rules, attritbute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. +Explicit allow and deny rules encompass rules at any level (e.g. hash rules, signer rules path rules, attribute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. ## Interaction with Existing Policies ### Adding Allow Rules @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard. +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies) or using the following PowerShell command: ```PowerShell $DenyPolicy = @@ -99,22 +99,27 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ``` ## Multiple Policy Considerations -If you are currently using multiple policies [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) on a device, there are two options for integrating the deny list into your policy set. +If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the deny list into your policy set. -(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be allowed by both WDAC policies to run on the device [Use multiple Windows Defender Application Control Policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. ## Best Practices -1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the 3077 block events [Understanding Application Control event IDs (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide) +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide) 2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. +<<<<<<< HEAD +## Creating a Deny Policy Tutorial +Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. +======= ## Tutorial ### Creating a Deny Policy -Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. +Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard] (https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. +>>>>>>> d2313afd3e53ed3184ca3c47b7242dd156a935af ### Software Publisher Based Deny Rule ```Powershell @@ -128,10 +133,10 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ### Hash Based Deny Rule ```PowerShell - New-CIPolicyRule -Level FileName -DriverFilePath -Deny -Fallback Hash + New-CIPolicyRule -Level Hash -DriverFilePath -Deny ``` - ### Adding Allow All Rules +### Adding Allow All Rules If required, as in the cases listed above, [Allow All rules](48) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: ```PowerShell diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml index 5f66230ab6..fb59f7473b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/index.yml +++ b/windows/security/threat-protection/windows-defender-application-control/index.yml @@ -52,7 +52,7 @@ landingContent: url: create-wdac-policy-for-fully-managed-devices.md - text: Create a WDAC policy for a fixed-workload url: create-initial-default-policy.md - - text: Create a WDAC Deny List + - text: Create a WDAC deny list policy url: create-wdac-deny-policy.md - text: Deploying catalog files for WDAC management url: deploy-catalog-files-to-support-windows-defender-application-control.md From b7f8bd14cb5bface238c48f5bc7f482868368a3a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 3 Dec 2021 08:39:46 +0530 Subject: [PATCH 106/335] added new link, removed error link as per user report #10170, so i added a new link after verification. --- windows/security/threat-protection/intelligence/phishing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md index 215acf8c29..731c3f630f 100644 --- a/windows/security/threat-protection/intelligence/phishing.md +++ b/windows/security/threat-protection/intelligence/phishing.md @@ -85,7 +85,7 @@ If you feel you've been a victim of a phishing attack: - Junk: junk@office365.microsoft.com - Phishing: phish@office365.microsoft.com - Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Submit spam, non-spam, and phishing scam messages to Microsoft for analysis](/office365/SecurityCompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis). + Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report spam messages and suspicious files to Microsoft for analysis](https://docs.microsoft.com/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide). - **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved. From 5f473ea32e65c277e01401f6ed0601fd2ce26a24 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 3 Dec 2021 08:56:15 +0530 Subject: [PATCH 107/335] added new links, added applies to section, as per user feedback #10172 , so i changed the correct path and added windows 10 november 20h2 admx templates link . added applies to section --- ...ows-10-device-automatically-using-group-policy.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 3159c1869f..ea0adb68e5 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -14,6 +14,10 @@ ms.collection: highpri # Enroll a Windows 10 device automatically using Group Policy +**Applies to:** + +- Windows 10 + Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices. The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account. @@ -191,6 +195,9 @@ Requirements: - 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124) + - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667) + + 2. Install the package on the Domain Controller. 3. Navigate, depending on the version to the folder: @@ -209,9 +216,11 @@ Requirements: - 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)** + - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)** + 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. -5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**. +5. Copy PolicyDefinitions folder to **\\SYSVOL\contoso.com\policies\PolicyDefinitions**. If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. @@ -296,6 +305,7 @@ To collect Event Viewer logs: ### Useful Links +- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667) - [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124) - [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591) - [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495) From fc6d93156f86519d9e34155cd03e3e42ae6fcfdb Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 3 Dec 2021 10:46:59 +0530 Subject: [PATCH 108/335] Update windows/security/threat-protection/intelligence/phishing.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/intelligence/phishing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md index 731c3f630f..c222df587b 100644 --- a/windows/security/threat-protection/intelligence/phishing.md +++ b/windows/security/threat-protection/intelligence/phishing.md @@ -85,7 +85,7 @@ If you feel you've been a victim of a phishing attack: - Junk: junk@office365.microsoft.com - Phishing: phish@office365.microsoft.com - Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report spam messages and suspicious files to Microsoft for analysis](https://docs.microsoft.com/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide). + Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide). - **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved. From f4d4d41af079a31a49eeebd296d6598517f87073 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 3 Dec 2021 12:20:39 +0530 Subject: [PATCH 109/335] Converted Html tables to md format --- .../mdm/policy-csp-admx-terminalserver.md | 3565 ++++------------- 1 file changed, 716 insertions(+), 2849 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index deab09567c..fadaf0bcba 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -399,38 +399,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|

                    @@ -475,38 +451,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -524,38 +476,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -593,44 +521,20 @@ ADMX Info: -
                    + **ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -675,38 +579,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -746,38 +626,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -817,38 +673,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_AUDIO** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -892,38 +724,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -965,38 +773,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1040,38 +824,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_CLIPBOARD** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1115,38 +875,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_COM** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1190,38 +926,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_DEFAULT_M** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1265,38 +977,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1336,38 +1024,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1407,38 +1071,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_LPT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1478,38 +1118,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_PNP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1552,38 +1168,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_PRINTER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1625,38 +1217,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1703,38 +1271,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1781,38 +1325,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1852,38 +1372,14 @@ ADMX Info: **ADMX_TerminalServer/TS_COLORDEPTH** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1931,38 +1427,14 @@ ADMX Info: **ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2007,38 +1479,14 @@ ADMX Info: **ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2079,38 +1527,14 @@ ADMX Info: **ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2153,38 +1577,14 @@ ADMX Info: **ADMX_TerminalServer/TS_EASY_PRINT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2227,38 +1627,14 @@ ADMX Info: **ADMX_TerminalServer/TS_EASY_PRINT_User** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2301,38 +1677,14 @@ ADMX Info: **ADMX_TerminalServer/TS_EnableVirtualGraphics** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2376,38 +1728,14 @@ ADMX Info: **ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2455,38 +1783,14 @@ ADMX Info: **ADMX_TerminalServer/TS_FORCIBLE_LOGOFF** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2528,38 +1832,14 @@ ADMX Info: **ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2604,38 +1884,14 @@ ADMX Info: **ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2677,38 +1933,14 @@ ADMX Info: **ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2755,38 +1987,14 @@ ADMX Info: **ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2832,38 +2040,14 @@ ADMX Info: **ADMX_TerminalServer/TS_KEEP_ALIVE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2905,38 +2089,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSE_SECGROUP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -2981,38 +2141,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSE_SERVERS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3056,38 +2192,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSE_TOOLTIP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3129,38 +2241,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSING_MODE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3205,38 +2293,14 @@ ADMX Info: **ADMX_TerminalServer/TS_MAX_CON_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3283,38 +2347,14 @@ ADMX Info: **ADMX_TerminalServer/TS_MAXDISPLAYRES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3354,38 +2394,14 @@ ADMX Info: **ADMX_TerminalServer/TS_MAXMONITOR** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3425,38 +2441,14 @@ ADMX Info: **ADMX_TerminalServer/TS_NoDisconnectMenu** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3501,38 +2493,14 @@ ADMX Info: **ADMX_TerminalServer/TS_NoSecurityMenu** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3572,38 +2540,14 @@ ADMX Info: **ADMX_TerminalServer/TS_PreventLicenseUpgrade** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3649,38 +2593,14 @@ ADMX Info: **ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3725,38 +2645,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RADC_DefaultConnection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3799,38 +2695,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3871,38 +2743,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RemoteControl_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -3941,38 +2789,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RemoteControl_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4011,38 +2835,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4085,38 +2885,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SD_ClustName** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4160,38 +2936,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4234,38 +2986,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SD_Loc** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4311,38 +3039,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4387,38 +3091,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4463,38 +3143,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SELECT_TRANSPORT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4536,38 +3192,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4608,38 +3240,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_AUTH** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4685,38 +3293,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4756,38 +3340,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4819,43 +3379,20 @@ ADMX Info:
                    + **ADMX_TerminalServer/TS_SERVER_COMPRESSOR** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4901,38 +3438,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -4971,43 +3484,20 @@ ADMX Info:
                    + **ADMX_TerminalServer/TS_SERVER_LEGACY_RFX** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5048,38 +3538,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_PROFILE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5120,38 +3586,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_VISEXP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5191,38 +3633,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5262,38 +3680,14 @@ ADMX Info: **ADMX_TerminalServer/TS_Session_End_On_Limit_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5339,38 +3733,14 @@ ADMX Info: **ADMX_TerminalServer/TS_Session_End_On_Limit_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5416,38 +3786,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5491,38 +3837,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5566,38 +3888,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5642,38 +3940,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5718,38 +3992,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Limits_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5795,38 +4045,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Limits_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5872,38 +4098,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SINGLE_SESSION** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -5944,38 +4146,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SMART_CARD** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6018,38 +4196,14 @@ ADMX Info: **ADMX_TerminalServer/TS_START_PROGRAM_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6092,38 +4246,14 @@ ADMX Info: **ADMX_TerminalServer/TS_START_PROGRAM_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6166,38 +4296,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TEMP_DELETE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6240,38 +4346,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TEMP_PER_SESSION** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6313,38 +4395,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TIME_ZONE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6387,38 +4445,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6461,38 +4495,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6535,38 +4545,14 @@ ADMX Info: **ADMX_TerminalServer/TS_UIA** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6602,43 +4588,20 @@ ADMX Info:
                    + **ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6676,38 +4639,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6749,38 +4688,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_HOME** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6824,38 +4739,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -6898,38 +4789,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_PROFILES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    From 4c39fc5d17d3853b205df96ff4439a23b440a462 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 3 Dec 2021 12:36:19 +0530 Subject: [PATCH 110/335] Converted tables --- .../mdm/policy-csp-system.md | 68 ++++--------------- 1 file changed, 14 insertions(+), 54 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 78a94359dc..f5067a2490 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1305,33 +1305,13 @@ The following list shows the supported values: **System/LimitDiagnosticLogCollection** - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    @@ -1374,33 +1354,13 @@ The following list shows the supported values: **System/LimitDumpCollection** - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                    From 5f957811dea460ce13d9381b1c8e045e75552381 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 3 Dec 2021 16:27:03 +0530 Subject: [PATCH 111/335] 5560668-part8-remaining files updated with URLs --- browsers/internet-explorer/internet-explorer.yml | 4 ++-- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- .../update/olympia/olympia-enrollment-guidelines.md | 4 ++-- windows/deployment/upgrade/quick-fixes.md | 2 +- windows/security/threat-protection/auditing/event-4908.md | 2 +- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml index 6aa0242523..68b6be4505 100644 --- a/browsers/internet-explorer/internet-explorer.yml +++ b/browsers/internet-explorer/internet-explorer.yml @@ -31,7 +31,7 @@ landingContent: - text: Use Enterprise Mode to improve compatibility url: /microsoft-edge/deploy/emie-to-improve-compatibility - text: Lifecycle FAQ - Internet Explorer - url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer + url: /lifecycle/faq/internet-explorer-microsoft-edge - linkListType: download links: - text: Download IE11 with Windows 10 @@ -123,7 +123,7 @@ landingContent: - text: Group Policy preferences for IE11 url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md - text: Configure Group Policy preferences - url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2 + url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings - text: Blocked out-of-date ActiveX controls url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md - text: Out-of-date ActiveX control blocking diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 91fb17d0de..2e2e1408c0 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -112,7 +112,7 @@ This section contains hotfixes and KB articles for UE-V. | 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) | | 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) | | 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) | -| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](https://support.microsoft.com/kb/2782997) | +| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) | | 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) | | 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) | | 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) | diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 1c557d6128..eb22188154 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -53,7 +53,7 @@ Choose one of the following two enrollment options: This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information. -1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)). +1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). ![Settings -> Accounts.](images/1-1.png) @@ -92,7 +92,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi > [!NOTE] > Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](../../upgrade/windows-10-edition-upgrades.md#upgrade-by-manually-entering-a-product-key). -1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)). +1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). ![Settings -> Accounts.](images/1-1.png) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index d9c4e34fd7..ed61e6c2c4 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -240,4 +240,4 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to
                    [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
                    [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
                    [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
                    [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
                    [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index e59ae0559b..6abe5282a4 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -33,7 +33,7 @@ More information about Special Groups auditing can be found here: - + > **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index fdd4c1c7d4..6bb026c848 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -300,7 +300,7 @@ Some of the protections available in Windows 10 are provided through functions t ## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit -You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. +You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/topic/emet-mitigations-guidelines-b529d543-2a81-7b5a-d529-84b30e1ecee0), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. Because many of EMET's mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly the ones assessed to have high effectiveness at mitigating known bypasses, version 5.5*x* has been announced as the final major version release for EMET (see [Enhanced Mitigation Experience Toolkit](https://web.archive.org/web/20170928073955/https://technet.microsoft.com/en-US/security/jj653751)). From 63ed1a032d732c6012a7b40017f27b74fbdf5bf5 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 3 Dec 2021 16:42:04 +0530 Subject: [PATCH 112/335] fixed suggestion --- windows/security/threat-protection/auditing/event-4908.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 6abe5282a4..22e010e5b9 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -33,7 +33,7 @@ More information about Special Groups auditing can be found here: - + > **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. From a00c41191788f08b732a5df03194803a782bde40 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 3 Dec 2021 21:19:13 +0500 Subject: [PATCH 113/335] Update change-the-tpm-owner-password.md --- .../information-protection/tpm/change-the-tpm-owner-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 143888e0fb..714b7ded12 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -30,7 +30,7 @@ This topic for the IT professional describes how to change the password or PIN f Starting with Windows 10, version 1607, or Windows 11, Windows will not retain the TPM owner password when provisioning the TPM. The password will be set to a random high entropy value and then discarded. > [!IMPORTANT] -> Although the TPM owner password is not retained starting with Windows 10, version 1607, or Windows 11, you can change a default registry key to retain it. However, we strongly recommend that you do not make this change. To retain the TPM owner password, set the registry key 'HKLM\\Software\\Policies\\Microsoft\\TPM' \[REG\_DWORD\] 'OSManagedAuthLevel' to 4. The default value for this key is 5, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved. +> Although the TPM owner password is not retained starting with Windows 10, version 1607, or Windows 11, you can change a default registry key to retain it. However, we strongly recommend that you do not make this change. To retain the TPM owner password, set the registry key 'HKLM\\Software\\Policies\\Microsoft\\TPM' \[REG\_DWORD\] 'OSManagedAuthLevel' to 4. For Windows 10 versions newer than 1703 the default value for this key is 5. For TPM 2.0, a value of 5 means keep the lockout authorization. For TPM 1.2, it means discard the Full TPM owner authorization and retain only the Delegated authorization. Unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved. Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic. Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it. From 7f4024717b9bfe563706ce3d41be332722414522 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 3 Dec 2021 08:33:06 -0800 Subject: [PATCH 114/335] Update change-the-tpm-owner-password.md --- .../information-protection/tpm/change-the-tpm-owner-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 714b7ded12..d499253cde 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/30/2021 +ms.date: 12/03/2021 --- # Change the TPM owner password From 4e5b43dcb52cf00bea3b9a2e83a630f01d3f2127 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 3 Dec 2021 08:34:12 -0800 Subject: [PATCH 115/335] Update enroll-a-windows-10-device-automatically-using-group-policy.md --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index ea0adb68e5..fee1282167 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: dansimp -ms.date: 10/14/2021 +ms.date: 12/03/2021 ms.reviewer: manager: dansimp ms.collection: highpri From be8c3c6abf206ef2d8af7d32101cb8b25490c856 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 3 Dec 2021 08:35:35 -0800 Subject: [PATCH 116/335] Update phishing.md --- windows/security/threat-protection/intelligence/phishing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md index c222df587b..36de3f06bf 100644 --- a/windows/security/threat-protection/intelligence/phishing.md +++ b/windows/security/threat-protection/intelligence/phishing.md @@ -85,7 +85,7 @@ If you feel you've been a victim of a phishing attack: - Junk: junk@office365.microsoft.com - Phishing: phish@office365.microsoft.com - Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide). + Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft). - **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved. From bf405964e8bacc4adf1dedcaa7801af2570d9fd7 Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Fri, 3 Dec 2021 08:58:14 -0800 Subject: [PATCH 117/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 9c6ce6a600..c45371ef5d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -14,7 +14,7 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp -ms.date: 11/29/2021 +ms.date: 12/03/2021 ms.technology: windows-sec --- @@ -30,7 +30,7 @@ Topics this article will be discussing are: 5. Best Practices 6. Tutorial/Walkthrough -## File Rule Precendence Order +## File Rule Precedence Order To create effective WDAC deny policies, it is crucial to understand how WDAC pares the policy. The WDAC engine evaluates files against the policy in the following order. @@ -42,7 +42,7 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. -Explicit allow and deny rules encompass rules at any level (e.g. hash rules, signer rules path rules, attribute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. +Explicit allow and deny rules encompass rules at any level (for example, hash rules, signer rules path rules, attribute rules, or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. ## Interaction with Existing Policies ### Adding Allow Rules @@ -99,17 +99,17 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ``` ## Multiple Policy Considerations -If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the deny list into your policy set. +If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the blocklist into your policy set. -(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: -Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. +Policy 1 is an allowlist of Windows and Microsoft-signed applications. Policy 2 is our new deny policy that blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, for example, ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. ## Best Practices 1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide) -2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. +2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher that quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. <<<<<<< HEAD ## Creating a Deny Policy Tutorial @@ -140,7 +140,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If required, as in the cases listed above, [Allow All rules](48) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: +If necessary, as in the cases listed above, [Allow All rules](48) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = From e311c354dfeaa74705a5f787e40a7d22c3ecd53c Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Fri, 3 Dec 2021 09:05:18 -0800 Subject: [PATCH 118/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 24 +++++++++---------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index c45371ef5d..86be7817a7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -38,7 +38,7 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 2. Explicit allow rules. -3. WDAC will then check for the Managed Installer extended (EA) [Allow Apps with a WDAC managed Installer (windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer). +3. WDAC will then check for the Managed Installer extended (EA) [Allow Apps with a WDAC managed Installer](configure-authorized-apps-deployed-with-a-managed-installer.md). 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies) or using the following PowerShell command: +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation](wdac-wizard-merging-policies.md) or using the following PowerShell command: ```PowerShell $DenyPolicy = @@ -101,13 +101,13 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Multiple Policy Considerations If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the blocklist into your policy set. -(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: Policy 1 is an allowlist of Windows and Microsoft-signed applications. Policy 2 is our new deny policy that blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, for example, ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. ## Best Practices -1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide) +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Windows Defender Application Control operational guide](windows-defender-application-control-operational-guide.md) 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher that quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. @@ -118,11 +118,9 @@ Deny rules and policies can be created using the PowerShell cmdlets or the WDAC ## Tutorial ### Creating a Deny Policy -Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard] (https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. -<<<<<<< HEAD ->>>>>>> d2313afd3e53ed3184ca3c47b7242dd156a935af -======= ->>>>>>> d2313afd3e53ed3184ca3c47b7242dd156a935af +Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. + +`d2313afd3e53ed3184ca3c47b7242dd156a935af` ### Software Publisher Based Deny Rule ```Powershell @@ -150,10 +148,10 @@ Merge-CIPolicy -PolicyPaths $DenyPolicy, $AllowAllPolicy -OutputFilePath $DenyPo ### Deploying the Deny Policy Policies should be thoroughly evaluated and first rolled out in audit mode before strict enforcement. Policies can be deployed via multiple options: -1. Mobile Device Management (MDM): [Deploy WDAC policies using Mobile Device Management (MDM) (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) +1. Mobile Device Management (MDM): [Deploy WDAC policies using Mobile Device Management (MDM)](deploy-windows-defender-application-control-policies-using-intune.md) -2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm) +2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy WDAC policies by using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-with-memcm.md) -3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script) +3. Scripting: [Deploy WDAC policies using script](deployment/deploy-wdac-policies-with-script.md) -4. Group Policy: [Deploy WDAC policies via Group Policy (Windows) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy) \ No newline at end of file +4. Group Policy: [Deploy Windows Defender Application Control policies by using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) \ No newline at end of file From 6abae3e201cb408631273b80718698706907a450 Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Fri, 3 Dec 2021 09:09:53 -0800 Subject: [PATCH 119/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 86be7817a7..b88a95b439 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -111,10 +111,9 @@ Policy 1 is an allowlist of Windows and Microsoft-signed applications. Policy 2 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher that quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. -<<<<<<< HEAD ## Creating a Deny Policy Tutorial -Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. -======= +Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. + ## Tutorial ### Creating a Deny Policy From dfca6ca526e75b4c2a31353a4c26b3069f224045 Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Fri, 3 Dec 2021 09:10:44 -0800 Subject: [PATCH 120/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index b88a95b439..b1e685d970 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -137,13 +137,14 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If necessary, as in the cases listed above, [Allow All rules](48) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: +If necessary, as in the cases listed above, `[Allow All rules](48)` might need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = $AllowAllPolicy = $Env:windir + "\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml" Merge-CIPolicy -PolicyPaths $DenyPolicy, $AllowAllPolicy -OutputFilePath $DenyPolicy ``` + ### Deploying the Deny Policy Policies should be thoroughly evaluated and first rolled out in audit mode before strict enforcement. Policies can be deployed via multiple options: From c78efbafd59b2826446b476403564d0eaacebc61 Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Fri, 3 Dec 2021 09:13:53 -0800 Subject: [PATCH 121/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index b1e685d970..317703df02 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -101,7 +101,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Multiple Policy Considerations If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the blocklist into your policy set. -(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This action will not override the set of applications allowed by WDAC illustrated by the following example: Policy 1 is an allowlist of Windows and Microsoft-signed applications. Policy 2 is our new deny policy that blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, for example, ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. From ef786c6fca2b54081162dde4e675d543f887150e Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Fri, 3 Dec 2021 14:13:45 -0500 Subject: [PATCH 122/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 317703df02..c69b0fa9b3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -14,7 +14,7 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp -ms.date: 12/03/2021 +ms.date: 11/29/2021 ms.technology: windows-sec --- @@ -30,19 +30,19 @@ Topics this article will be discussing are: 5. Best Practices 6. Tutorial/Walkthrough -## File Rule Precedence Order +## File Rule Precendence Order -To create effective WDAC deny policies, it is crucial to understand how WDAC pares the policy. The WDAC engine evaluates files against the policy in the following order. +To create effective WDAC deny policies, it is crucial to understand how WDAC parses the policy. The WDAC engine evaluates files against the policy in the following order. 1. Explicit deny rules - if there is an explicit deny rule, do not process the rest of the rules; the file is untrusted. 2. Explicit allow rules. -3. WDAC will then check for the Managed Installer extended (EA) [Allow Apps with a WDAC managed Installer](configure-authorized-apps-deployed-with-a-managed-installer.md). +3. WDAC will then check for the [Managed Installer extended (EA)](configure-authorized-apps-deployed-with-a-managed-installer) or the [Intelligent Security Graph (ISG) EA](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph) on the file. 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. -Explicit allow and deny rules encompass rules at any level (for example, hash rules, signer rules path rules, attribute rules, or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. +Explicit allow and deny rules encompass rules at any level (e.g. hash rules, signer rules path rules, attribute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. ## Interaction with Existing Policies ### Adding Allow Rules @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation](wdac-wizard-merging-policies.md) or using the following PowerShell command: +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies) or using the following PowerShell command: ```PowerShell $DenyPolicy = @@ -99,20 +99,22 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ``` ## Multiple Policy Considerations -If you are currently using [multiple policies] (deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the blocklist into your policy set. +If you are currently using [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the deny list into your policy set. -(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This action will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: -Policy 1 is an allowlist of Windows and Microsoft-signed applications. Policy 2 is our new deny policy that blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, for example, ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. +Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. ## Best Practices -1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Windows Defender Application Control operational guide](windows-defender-application-control-operational-guide.md) +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) + +2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. -2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher that quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. ## Creating a Deny Policy Tutorial -Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard (webapp-wdac-wizard.azurewebsites.net](https://webapp-wdac-wizard.azurewebsites.net) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. + +Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. ## Tutorial @@ -137,21 +139,20 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If necessary, as in the cases listed above, `[Allow All rules](48)` might need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the AllowAll xml present on the client system in the WDAC template folder: +If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the Allow All xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = $AllowAllPolicy = $Env:windir + "\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml" Merge-CIPolicy -PolicyPaths $DenyPolicy, $AllowAllPolicy -OutputFilePath $DenyPolicy ``` - ### Deploying the Deny Policy Policies should be thoroughly evaluated and first rolled out in audit mode before strict enforcement. Policies can be deployed via multiple options: -1. Mobile Device Management (MDM): [Deploy WDAC policies using Mobile Device Management (MDM)](deploy-windows-defender-application-control-policies-using-intune.md) +1. Mobile Device Management (MDM): [Deploy WDAC policies using Mobile Device Management (MDM) (Windows)](deploy-windows-defender-application-control-policies-using-intune.md) -2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy WDAC policies by using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-with-memcm.md) +2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows)](deployment/deploy-wdac-policies-with-memcm.md) -3. Scripting: [Deploy WDAC policies using script](deployment/deploy-wdac-policies-with-script.md) +3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows)](deployment/deploy-wdac-policies-with-script.md) -4. Group Policy: [Deploy Windows Defender Application Control policies by using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) \ No newline at end of file +4. Group Policy: [Deploy WDAC policies via Group Policy (Windows)](deploy-windows-defender-application-control-policies-using-group-policy.md) \ No newline at end of file From 7c3ce18588fb1ae7314390c48283b70c23157d00 Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Fri, 3 Dec 2021 11:34:50 -0800 Subject: [PATCH 123/335] Update audit-registry.md Add remarks about expected events for subkey creation --- .../security/threat-protection/auditing/audit-registry.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 3c6407d9f5..4b2ee345d7 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -44,4 +44,8 @@ If success auditing is enabled, an audit entry is generated each time any accoun - [5039](event-5039.md)(-): A registry key was virtualized. -- [4670](event-4670.md)(S): Permissions on an object were changed. \ No newline at end of file +- [4670](event-4670.md)(S): Permissions on an object were changed. + +**Remarks:** +On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. We see this event only when "Audit Object Access" is enabled under Local Policies > Audit Policy in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as, using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys we see additional 4663 event because we perform NtEnumerateKeys on the newly created subkey. We can additionally see a 4663 event on the newly created key, if we try to rename the subkey. While using reg.exe for creating subkeys we see additional 4663 event because we perform NtSetValueKey on the newly created subkey. It is advised not to rely on 4663 events for subkey creation as they are dependent on type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. + From 02e0ba81213ed3930b12130181bc6ce7fc5e7d2d Mon Sep 17 00:00:00 2001 From: Office Content Publishing <34616516+officedocspr@users.noreply.github.com> Date: Sat, 4 Dec 2021 23:33:32 -0800 Subject: [PATCH 124/335] Uploaded file: education-content-updates.md - 2021-12-04 23:33:32.2948 --- .../includes/education-content-updates.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index 227cfc8a46..ba848193c2 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,6 +2,15 @@ +## Week of November 29, 2021 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added | +| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added | + + ## Week of November 15, 2021 @@ -12,13 +21,3 @@ | 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | | 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified | | 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified | - - -## Week of October 25, 2021 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | -| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified | -| 10/28/2021 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified | From 741195cbf7f9f13f3a4265175989975d9396dd93 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Mon, 6 Dec 2021 19:58:53 +0530 Subject: [PATCH 125/335] Converted table into text --- .../create-wip-policy-using-configmgr.md | 67 ++++++++++++++++--- 1 file changed, 57 insertions(+), 10 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index 0022b16eb4..682fe9fc29 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -349,16 +349,63 @@ There are no default locations included with WIP, you must add each of your netw ![Add or edit corporate network definition box, Add your enterprise network locations.](images/wip-configmgr-add-network-domain.png) - |Network location type|Format|Description| - |--- |--- |--- | - |Enterprise Cloud Resources|With proxy: contoso.sharepoint.com,contoso.internalproxy1.com,
                    contoso.visualstudio.com,contoso.internalproxy2.com

                    Without proxy: contoso.sharepoint.com,contoso.visualstudio.com|Specify the cloud resources to be treated as corporate and protected by WIP.

                    For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

                    If you have multiple resources, you must separate them using the "I" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "I". For example: URL <,proxy>, URL <,proxy>

                    Important
                    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>,URL <,proxy>,/*AppCompat*/.| - |Enterprise Network Domain Names (Required)|corp.contoso.com,region.contoso.com|Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

                    This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.

                    If you have multiple resources, you must separate them using the "," delimiter.| - |Proxy servers|proxy.contoso.com:80;proxy2.contoso.com:443|Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

                    This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

                    If you have multiple resources, you must separate them using the ";" delimiter.| - |Internal proxy servers|contoso.internalproxy1.com;contoso.internalproxy2.com|Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.

                    This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

                    If you have multiple resources, you must separate them using the ";" delimiter.| - |Enterprise IPv4 Range (Required)|Starting IPv4 Address: 3.4.0.1
                    Ending IPv4 Address: 3.4.255.254
                    Custom URI: 3.4.0.1-3.4.255.254,
                    10.0.0.1-10.255.255.254|Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

                    If you have multiple ranges, you must separate them using the "," delimiter.| - |Enterprise IPv6 Range|Starting IPv6 Address: 2a01:110::
                    Ending IPv6 Address: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
                    Custom URI: 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
                    fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff|Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

                    If you have multiple ranges, you must separate them using the "," delimiter.| - |Neutral Resources|sts.contoso.com,sts.contoso2.com|Specify your authentication redirection endpoints for your company.

                    These locations are considered enterprise or personal, based on the context of the connection before the redirection.

                    If you have multiple resources, you must separate them using the "," delimiter.| - + - **Enterprise Cloud Resources**: Specify the cloud resources to be treated as corporate and protected by WIP. + + For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise. + + If you have multiple resources, you must separate them using the `|` delimiter. If you don't use proxy servers, you must also include the `,` delimiter just before the `|`. For example: URL `<,proxy>|URL <,proxy>`. + + **Format examples**: + + - **With proxy**: `contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com` + + - **Without proxy**: `contoso.sharepoint.com|contoso.visualstudio.com` + + >[!Important] + > In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/. + + - **Enterprise Network Domain Names (Required)**: Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. + + This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks. + + If you have multiple resources, you must separate them using the "," delimiter. + + **Format examples**: `corp.contoso.com,region.contoso.com` + + - **Proxy servers**: Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources. + + This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic. + + If you have multiple resources, you must separate them using the ";" delimiter. + + **Format examples**: `proxy.contoso.com:80;proxy2.contoso.com:443` + + - **Internal proxy servers**: Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources. + + This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic. + + If you have multiple resources, you must separate them using the ";" delimiter. + + **Format examples**: `contoso.internalproxy1.com;contoso.internalproxy2.com` + + - **Enterprise IPv4 Range (Required)**: Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. + + If you have multiple ranges, you must separate them using the "," delimiter. + + **Format examples**: **Starting IPv4 Address:** `3.4.0.1`, **Ending IPv4 Address:** `3.4.255.254`, **Custom URI:** `3.4.0.1-3.4.255.254`, `10.0.0.1-10.255.255.254` + + - **Enterprise IPv6 Range**: Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. + + If you have multiple ranges, you must separate them using the "," delimiter. + + **Format examples**: **Starting IPv6 Address:** `2a01:110::`, **Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff` **Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff`,`fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff` + + - **Neutral Resources**: Specify your authentication redirection endpoints for your company. These locations are considered enterprise or personal, based on the context of the connection before the redirection. + + If you have multiple resources, you must separate them using the "," delimiter. + + **Format examples**: `sts.contoso.com,sts.contoso2.com` + 3. Add as many locations as you need, and then click **OK**. The **Add or edit corporate network definition** box closes. From c023916f728e6e7ff71e6b2a82e2bc91b5a4cb9a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Dec 2021 09:37:12 -0800 Subject: [PATCH 126/335] Update windows/security/threat-protection/auditing/audit-registry.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/audit-registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 4b2ee345d7..6ab435279c 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -46,6 +46,6 @@ If success auditing is enabled, an audit entry is generated each time any accoun - [4670](event-4670.md)(S): Permissions on an object were changed. -**Remarks:** -On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. We see this event only when "Audit Object Access" is enabled under Local Policies > Audit Policy in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as, using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys we see additional 4663 event because we perform NtEnumerateKeys on the newly created subkey. We can additionally see a 4663 event on the newly created key, if we try to rename the subkey. While using reg.exe for creating subkeys we see additional 4663 event because we perform NtSetValueKey on the newly created subkey. It is advised not to rely on 4663 events for subkey creation as they are dependent on type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. +> [!NOTE] +> On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys you will see an additional 4663 event because you perform NtEnumerateKeys on the newly created subkey. You might additionally see a 4663 event on the newly created key if you try to rename the subkey. While using reg.exe for creating subkeys you'll see an additional 4663 event because you perform NtSetValueKey on the newly created subkey. We recommend not relying on 4663 events for subkey creation as they are dependent on the type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. From 4ab91e7fdaaf6cb509048d0288d69d8ca9ff7400 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 6 Dec 2021 11:23:47 -0700 Subject: [PATCH 127/335] Update faq-for-it-pros-ie11.yml --- browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml index b025aa3409..6af2d17f62 100644 --- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml +++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml @@ -26,7 +26,6 @@ sections: questions: - question: | Frequently Asked Questions - answer: | - question: | What operating system does IE11 run on? answer: | @@ -250,4 +249,4 @@ additionalContent: | - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/) - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md) - - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md) \ No newline at end of file + - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md) From 81f5e9cbb672d8a61c13a70deb4e057fcd1b8cd5 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 6 Dec 2021 11:29:34 -0700 Subject: [PATCH 128/335] Update faq-for-it-pros-ie11.yml --- browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml index 6af2d17f62..4f545f92d9 100644 --- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml +++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml @@ -24,8 +24,6 @@ summary: | sections: - name: Ignored questions: - - question: | - Frequently Asked Questions - question: | What operating system does IE11 run on? answer: | From 9026a7b0b22c6d6cbc9a6c7646fe2b724484cf10 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 6 Dec 2021 15:07:50 -0500 Subject: [PATCH 129/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index c69b0fa9b3..ada9e29197 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -105,6 +105,7 @@ If you are currently using [multiple policies](deploy-multiple-windows-defender- Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. +The second option involves merging the deny list with your existing WDAC policy, regardless if the policy is an allow list policy and contains allow and/or deny rules. ## Best Practices 1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) From 91ebf115de0e4857702291a795b56f5dd8a3e87b Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 6 Dec 2021 15:07:58 -0500 Subject: [PATCH 130/335] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md Co-authored-by: Jordan Geurten --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index ada9e29197..39bf267fdf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -140,7 +140,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the Allow All xml present on the client system in the WDAC template folder: +If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or added by merging with the Allow All xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = From 62747097fd23c1fc695fd321d7a37c5064997bd8 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 6 Dec 2021 15:29:06 -0500 Subject: [PATCH 131/335] edits edits made --- .../create-wdac-deny-policy.md | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 39bf267fdf..8eaba261ab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -38,7 +38,7 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 2. Explicit allow rules. -3. WDAC will then check for the [Managed Installer extended (EA)](configure-authorized-apps-deployed-with-a-managed-installer) or the [Intelligent Security Graph (ISG) EA](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph) on the file. +3. WDAC will then check for the [Managed Installer extended (EA)](configure-authorized-apps-deployed-with-a-managed-installer.md) or the [Intelligent Security Graph (ISG) EA](use-windows-defender-application-control-with-intelligent-security-graph.md) on the file. 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies) or using the following PowerShell command: +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation](windows-defender-application-control/wdac-wizard-merging-policies.md) or using the following PowerShell command: ```PowerShell $DenyPolicy = @@ -105,25 +105,17 @@ If you are currently using [multiple policies](deploy-multiple-windows-defender- Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. -The second option involves merging the deny list with your existing WDAC policy, regardless if the policy is an allow list policy and contains allow and/or deny rules. ## Best Practices -1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids.md) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) 2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. ## Creating a Deny Policy Tutorial -Deny rules and policies can be created using the PowerShell cmdlets or the WDAC Wizard [Microsoft WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. - -## Tutorial - -### Creating a Deny Policy Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. -`d2313afd3e53ed3184ca3c47b7242dd156a935af` - ### Software Publisher Based Deny Rule ```Powershell $DenyRules += New-CIPolicyRule -Level FilePublisher -DriverFilePath -Deny -Fallback FileName,Hash @@ -140,7 +132,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or added by merging with the Allow All xml present on the client system in the WDAC template folder: +If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the Allow All xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = From dbe6f2af9ad69ee6407fb211cafdb3cf2a82148c Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 6 Dec 2021 15:36:35 -0500 Subject: [PATCH 132/335] edit edits --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 8eaba261ab..e8df225134 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation](windows-defender-application-control/wdac-wizard-merging-policies.md) or using the following PowerShell command: +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies) or using the following PowerShell command: ```PowerShell $DenyPolicy = From 58a9eb3c3efee8ee57860f9793c6954b0eb466a0 Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Mon, 6 Dec 2021 13:35:18 -0800 Subject: [PATCH 133/335] Update audit-registry.md Add a note about expected events on Create Subkey. --- .../security/threat-protection/auditing/audit-registry.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 6ab435279c..bc39c3d697 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -46,6 +46,7 @@ If success auditing is enabled, an audit entry is generated each time any accoun - [4670](event-4670.md)(S): Permissions on an object were changed. -> [!NOTE] -> On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys you will see an additional 4663 event because you perform NtEnumerateKeys on the newly created subkey. You might additionally see a 4663 event on the newly created key if you try to rename the subkey. While using reg.exe for creating subkeys you'll see an additional 4663 event because you perform NtSetValueKey on the newly created subkey. We recommend not relying on 4663 events for subkey creation as they are dependent on the type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. +> [!NOTE] +> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (Event 4656) issued by the object manager. We see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, we do not see this event with the setting to just see the registry related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". +Calls to Registry APIs which involve accessing the key to perform any operations like RegSetValue, RegEnumValue, RegRenameKey etc. would trigger an event to access the object (Event 4663). So for example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. From c51f83a04304111d6e17121a538ab9a02d75007e Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 13:05:08 -0500 Subject: [PATCH 134/335] Note, headers --- .../access-control/local-accounts.md | 50 +++++++++---------- 1 file changed, 23 insertions(+), 27 deletions(-) diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index ae3cbe8e26..f4a2c31d2b 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -94,15 +94,11 @@ In comparison, on the Windows client operating system, a user with a local user In this case, Group Policy can be used to enable secure settings that can control the use of the local Administrators group automatically on every server or client computer. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)). -**Note**   -Blank passwords are not allowed in the versions designated in the **Applies To** list at the beginning of this topic. - - - -**Important**   -Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. - - +> [!IMPORTANT] +> +> - Blank passwords are not allowed in the versions designated in the **Applies To** list at the beginning of this topic. +> +> - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. ### Guest account @@ -141,11 +137,11 @@ For details about the HelpAssistant account attributes, see the following table. |Attribute|Value| |--- |--- | -|Well-Known SID/RID|S-1-5-<domain>-13 (Terminal Server User), S-1-5-<domain>-14 (Remote Interactive Logon)| +|Well-Known SID/RID|`S-1-5--13 (Terminal Server User), S-1-5--14 (Remote Interactive Logon)`| |Type|User| -|Default container|CN=Users, DC=<domain>, DC=| +|Default container|`CN=Users, DC=, DC=`| |Default members|None| -|Default member of|Domain Guests<p>Guests| +|Default member of|Domain Guests

                    Guests| |Protected by ADMINSDHOLDER?|No| |Safe to move out of default container?|Can be moved out, but we do not recommend it.| |Safe to delegate management of this group to non-Service admins?|No| @@ -195,8 +191,8 @@ The SYSTEM account is used by the operating system and by services that run unde On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account. -**Note**   -To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them. +> [!NOTE] +> To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them. ### NETWORK SERVICE The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account). @@ -213,8 +209,8 @@ You can use Local Users and Groups to assign rights and permissions on the local You cannot use Local Users and Groups on a domain controller. However, you can use Local Users and Groups on a domain controller to target remote computers that are not domain controllers on the network. -**Note**   -You use Active Directory Users and Computers to manage users and groups in Active Directory. +> [!NOTE] +> You use Active Directory Users and Computers to manage users and groups in Active Directory. You can also manage local users by using NET.EXE USER and manage local groups by using NET.EXE LOCALGROUP, or by using a variety of PowerShell cmdlets and other scripting technologies. @@ -234,8 +230,8 @@ The other approaches that can be used to restrict and protect user accounts with Each of these approaches is described in the following sections. -**Note**   -These approaches do not apply if all administrative local accounts are disabled. +> [!NOTE] +> These approaches do not apply if all administrative local accounts are disabled. @@ -266,11 +262,11 @@ The following table shows the Group Policy and registry settings that are used t ||Registry value type|DWORD| ||Registry value data|0| ->[!NOTE] ->You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. +> [!NOTE] +> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. -**To enforce local account restrictions for remote access** +#### To enforce local account restrictions for remote access 1. Start the **Group Policy Management** Console (GPMC). @@ -340,8 +336,8 @@ The following table shows the Group Policy and registry settings that are used t Denying local accounts the ability to perform network logons can help prevent a local account password hash from being reused in a malicious attack. This procedure helps to prevent lateral movement by ensuring that the credentials for local accounts that are stolen from a compromised operating system cannot be used to compromise additional computers that use the same credentials. -**Note**   -In order to perform this procedure, you must first identify the name of the local, default Administrator account, which might not be the default user name "Administrator", and any other accounts that are members of the local Administrators group. +> [!NOTE] +> To perform this procedure, you must first identify the name of the local, default Administrator account, which might not be the default user name "Administrator", and any other accounts that are members of the local Administrators group. @@ -356,7 +352,7 @@ The following table shows the Group Policy settings that are used to deny networ ||Policy name|[Deny log on through Remote Desktop Services](/windows/device-security/security-policy-settings/deny-log-on-through-remote-desktop-services)| ||Policy setting|Local account and member of Administrators group| -**To deny network logon to all local administrator accounts** +#### To deny network logon to all local administrator accounts 1. Start the **Group Policy Management** Console (GPMC). @@ -402,8 +398,8 @@ The following table shows the Group Policy settings that are used to deny networ 11. Create links to all other OUs that contain servers. - **Note**   - You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers. + > [!NOTE] + > You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers. ### Create unique passwords for local accounts with administrative rights @@ -429,4 +425,4 @@ The following resources provide additional information about technologies that a - [Security Identifiers](security-identifiers.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) From 3ac1832a355d2b3dd36df40689ba86091eff4b09 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 13:22:06 -0500 Subject: [PATCH 135/335] Moved table content to bullets --- .../vpn/vpn-authentication.md | 54 ++++++++++++++++--- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 85fac35f0e..70d6af4858 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -23,12 +23,54 @@ In addition to older and less-secure password-based authentication methods (whic Windows supports a number of EAP authentication methods. -|Method|Details| -|--- |--- | -|EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)|

                  • User name and password authentication
                  • Winlogon credentials- can specify authentication with computer sign-in credentials| -|EAP-Transport Layer Security (EAP-TLS)|

                    Supports the following types of certificate authentication

                  • Certificate with keys in the software Key Storage Provider (KSP)
                  • Certificate with keys in Trusted Platform Module (TPM) KSP
                  • Smart card certificates
                  • Windows Hello for Business certificate

                    Certificate filtering

                  • Certificate filtering can be enabled to search for a particular certificate to use to authenticate with
                  • Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based

                    Server validation- with TLS, server validation can be toggled on or off

                  • Server name-specify the server to validate
                  • Server certificate- trusted root certificate to validate the server
                  • Notification-specify if the user should get a notification asking whether to trust the server or not| -|[Protected Extensible Authentication Protocol (PEAP)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754179(v=ws.11))|

                    Server validation with PEAP,- server validation can be toggled on or off

                  • Server name- specify the server to validate
                  • Server certificate- trusted root certificate to validate the server
                  • Notification- specify if the user should get a notification asking whether to trust the server or not

                    Inner method- the outer method creates a secure tunnel inside while the inner method is used to complete the authentication

                  • EAP-MSCHAPv2
                  • EAP-TLS

                    Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.

                    [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.| -|Tunneled Transport Layer Security (TTLS)|**Inner method**

                    Non-EAP

                  • Password Authentication Protocol (PAP)
                  • CHAP
                  • MSCHAP
                  • MSCHAPv2

                    EAP

                  • MSCHAPv2
                  • TLS

                    Server validation: in TTLS, the server must be validated. The following can be configured:

                  • Server name
                  • Trusted root certificate for server certificate
                  • Whether there should be a server validation notification| +- EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2): + - User name and password authentication + - Winlogon credentials - can specify authentication with computer sign-in credentials + +- EAP-Transport Layer Security (EAP-TLS): + - Supports the following types of certificate authentication: + - Certificate with keys in the software Key Storage Provider (KSP) + - Certificate with keys in Trusted Platform Module (TPM) KSP + - Smart card certificates + - Windows Hello for Business certificate + + - Certificate filtering: + - Certificate filtering can be enabled to search for a particular certificate to use to authenticate with + - Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based + + - Server validation - with TLS, server validation can be toggled on or off: + - Server name - specify the server to validate + - Server certificate - trusted root certificate to validate the server + - Notification - specify if the user should get a notification asking whether to trust the server or not + +- [Protected Extensible Authentication Protocol (PEAP)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754179(v=ws.11)): + - Server validation - with PEAP, server validation can be toggled on or off: + - Server name - specify the server to validate + - Server certificate - trusted root certificate to validate the server + - Notification - specify if the user should get a notification asking whether to trust the server or not + + - Inner method - the outer method creates a secure tunnel inside while the inner method is used to complete the authentication: + - EAP-MSCHAPv2 + - EAP-TLS + + - Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials. + + - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks. + +- Tunneled Transport Layer Security (TTLS) + - Inner method + - Non-EAP + - Password Authentication Protocol (PAP) + - CHAP + - MSCHAP + - MSCHAPv2 + - EAP + - MSCHAPv2 + - TLS + - Server validation: in TTLS, the server must be validated. The following can be configured: + - Server name + - Trusted root certificate for server certificate + - Whether there should be a server validation notification For a UWP VPN plug-in, the app vendor controls the authentication method to be used. The following credential types can be used: From 3d48e23da0cf840e1b298c92e92db11a386f23a8 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 13:33:37 -0500 Subject: [PATCH 136/335] notes --- ...olumes-and-storage-area-networks-with-bitlocker.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 52c7c436f9..052dd0fee8 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -33,14 +33,16 @@ BitLocker can protect both physical disk resources and cluster shared volumes ve BitLocker on volumes within a cluster are managed based on how the cluster service "views" the volume to be protected. The volume can be a physical disk resource such as a logical unit number (LUN) on a storage area network (SAN) or network attached storage (NAS). ->**Important**  SANs used with BitLocker must have obtained Windows Hardware Certification. For more info, see [Windows Hardware Lab Kit](/windows-hardware/drivers/). +> [!IMPORTANT] +> SANs used with BitLocker must have obtained Windows Hardware Certification. For more info, see [Windows Hardware Lab Kit](/windows-hardware/drivers/). Alternatively, the volume can be a cluster-shared volume, a shared namespace, within the cluster. Windows Server 2012 expanded the CSV architecture, now known as CSV2.0, to enable support for BitLocker. When using BitLocker with volumes designated for a cluster, the volume will need to turn on BitLocker before its addition to the storage pool within cluster or put the resource into maintenance mode before BitLocker operations will complete. Windows PowerShell or the manage-bde command-line interface is the preferred method to manage BitLocker on CSV2.0 volumes. This method is recommended over the BitLocker Control Panel item because CSV2.0 volumes are mount points. Mount points are an NTFS object that is used to provide an entry point to other volumes. Mount points do not require the use of a drive letter. Volumes that lack drive letters do not appear in the BitLocker Control Panel item. Additionally, the new Active Directory-based protector option required for cluster disk resource or CSV2.0 resources is not available in the Control Panel item. ->**Note:**  Mount points can be used to support remote mount points on SMB based network shares. This type of share is not supported for BitLocker encryption. +> [!NOTE] +> Mount points can be used to support remote mount points on SMB based network shares. This type of share is not supported for BitLocker encryption. For thinly provisioned storage, such as a Dynamic Virtual Hard Disk (VHD), BitLocker runs in Used Disk Space Only encryption mode. You cannot use the **manage-bde -WipeFreeSpace** command to transition the volume to full-volume encryption on these types of volumes. This action is blocked in order to avoid expanding thinly provisioned volumes to occupy the entire backing store while wiping the unoccupied (free) space. @@ -57,7 +59,8 @@ You can also use an Active Directory Domain Services (AD DS) protector for prote 4. Registry-based auto-unlock key ->**Note:**  A Windows Server 2012 or later domain controller is required for this feature to work properly. +> [!NOTE] +> A Windows Server 2012 or later domain controller is required for this feature to work properly. ### Turning on BitLocker before adding disks to a cluster using Windows PowerShell @@ -189,4 +192,4 @@ Also take these considerations into account for BitLocker on clustered storage: - If conversion is paused with encryption in progress and the CSV volume is offline from the cluster, the cluster thread (health check) will automatically resume conversion when the volume is online to the cluster. - If conversion is paused with encryption in progress and a physical disk resource volume is offline from the cluster, the BitLocker driver will automatically resume conversion when the volume is online to the cluster. - If conversion is paused with encryption in progress, while the CSV volume is in maintenance mode, the cluster thread (health check) will automatically resume conversion when moving the volume back from maintenance. -- If conversion is paused with encryption in progress, while the disk resource volume is in maintenance mode, the BitLocker driver will automatically resume conversion when the volume is moved back from maintenance mode. \ No newline at end of file +- If conversion is paused with encryption in progress, while the disk resource volume is in maintenance mode, the BitLocker driver will automatically resume conversion when the volume is moved back from maintenance mode. From 836285a2e7d40434c2b1a27ca6fadd26943ff78d Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 13:40:29 -0500 Subject: [PATCH 137/335] table spacing; note --- .../app-behavior-with-wip.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 966c02209f..e69017b1e0 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -33,18 +33,15 @@ To avoid the automatic encryption of data, developers can enlighten apps by addi We strongly suggest that the only unenlightened apps you add to your allowed apps list are Line-of-Business (LOB) apps. ->[!IMPORTANT] ->After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted. - ->[!Note] ->For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center. +> [!IMPORTANT] +> After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted. For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center. ## Unenlightened app behavior This table includes info about how unenlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. |App rule setting|Networking policy configuration| |--- |--- | -|**Not required.** App connects to enterprise cloud resources directly, using an IP address.|

                    **Name-based policies, without the /*AppCompat*/ string:**

                  • App is entirely blocked from both personal and enterprise cloud resources.
                  • No encryption is applied.
                  • App can’t access local Work files.

                    **Name-based policies, using the /*AppCompat*/ string or proxy-based policies:**

                  • App can access both personal and enterprise cloud resources. However, you might encounter apps using policies that restrict access to enterprise cloud resources.
                  • No encryption is applied.
                  • App can’t access local Work files.| +|**Not required.** App connects to enterprise cloud resources directly, using an IP address.| **Name-based policies, without the `/*AppCompat*/` string:**
                  • App is entirely blocked from both personal and enterprise cloud resources.
                  • No encryption is applied.
                  • App can’t access local Work files.

                    **Name-based policies, using the `/*AppCompat*/` string or proxy-based policies:**
                  • App can access both personal and enterprise cloud resources. However, you might encounter apps using policies that restrict access to enterprise cloud resources.
                  • No encryption is applied.
                  • App can’t access local Work files.| |**Not required.** App connects to enterprise cloud resources, using a hostname.|
                  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
                  • No encryption is applied.
                  • App can’t access local Work files.| |**Allow.** App connects to enterprise cloud resources, using an IP address or a hostname.|
                  • App can access both personal and enterprise cloud resources.
                  • Auto-encryption is applied.
                  • App can access local Work files.| |**Exempt.** App connects to enterprise cloud resources, using an IP address or a hostname.|
                  • App can access both personal and enterprise cloud resources.
                  • No encryption is applied.
                  • App can access local Work files.| @@ -59,4 +56,4 @@ This table includes info about how enlightened apps might behave, based on your |**Exempt.** App connects to enterprise cloud resources, using an IP address or a hostname.|
                  • App can access both personal and enterprise cloud resources.
                  • App protects work data and leaves personal data unprotected.
                  • App can access local Work files.| >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From b6c7c0c1a2fb0649f42bf722dc9fe769c90c436b Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 14:15:50 -0500 Subject: [PATCH 138/335] spacing --- .../create-wip-policy-using-configmgr.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index d39b536489..8a0ecac521 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -392,13 +392,21 @@ There are no default locations included with WIP, you must add each of your netw If you have multiple ranges, you must separate them using the "," delimiter. - **Format examples**: **Starting IPv4 Address:** `3.4.0.1`, **Ending IPv4 Address:** `3.4.255.254`, **Custom URI:** `3.4.0.1-3.4.255.254`, `10.0.0.1-10.255.255.254` + **Format examples**: + + - **Starting IPv4 Address:** `3.4.0.1` + - **Ending IPv4 Address:** `3.4.255.254` + - **Custom URI:** `3.4.0.1-3.4.255.254, 10.0.0.1-10.255.255.254` - **Enterprise IPv6 Range**: Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. If you have multiple ranges, you must separate them using the "," delimiter. - **Format examples**: **Starting IPv6 Address:** `2a01:110::`, **Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff` **Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff`,`fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff` + **Format examples**: + + - **Starting IPv6 Address:** `2a01:110::` + - **Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff` + - **Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff` - **Neutral Resources**: Specify your authentication redirection endpoints for your company. These locations are considered enterprise or personal, based on the context of the connection before the redirection. @@ -476,4 +484,4 @@ After you've created your WIP policy, you'll need to deploy it to your organizat - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) -- [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) \ No newline at end of file +- [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) From 13a3f64969e8d8bd26e82a58a77e67d2279b340a Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Tue, 7 Dec 2021 15:12:27 -0500 Subject: [PATCH 139/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index e8df225134..f13ba22591 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -114,7 +114,7 @@ Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 ## Creating a Deny Policy Tutorial -Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/) We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. +Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/). We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash. ### Software Publisher Based Deny Rule ```Powershell @@ -148,4 +148,4 @@ Policies should be thoroughly evaluated and first rolled out in audit mode befor 3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows)](deployment/deploy-wdac-policies-with-script.md) -4. Group Policy: [Deploy WDAC policies via Group Policy (Windows)](deploy-windows-defender-application-control-policies-using-group-policy.md) \ No newline at end of file +4. Group Policy: [Deploy WDAC policies via Group Policy (Windows)](deploy-windows-defender-application-control-policies-using-group-policy.md) From ec06595acb9f636814e70476c45676d19bb76ba6 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 16:03:25 -0500 Subject: [PATCH 140/335] Moved text from table to bullets --- .../limitations-with-wip.md | 152 +++++++++++++++--- 1 file changed, 128 insertions(+), 24 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 2692a84a58..f694cd6c2c 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -22,30 +22,134 @@ ms.localizationpriority: medium **Applies to:** - Windows 10, version 1607 and later -This table provides info about the most common problems you might encounter while running WIP in your organization. +This following list provides info about the most common problems you might encounter while running WIP in your organization. -|Limitation|How it appears|Workaround| -|--- |--- |--- | -|Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.|**If you’re using Azure RMS:** Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.**If you’re not using Azure RMS:** Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.|Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.We strongly recommend educating employees about how to limit or eliminate the need for this decryption.| -|Direct Access is incompatible with WIP.|Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource.|We recommend that you use VPN for client access to your intranet resources.

                    **Note** VPN is optional and isn’t required by WIP.| -|**NetworkIsolation** Group Policy setting takes precedence over MDM Policy settings.|The **NetworkIsolation** Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.|If you use both Group Policy and MDM to configure your **NetworkIsolation** settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.| -|Cortana can potentially allow data leakage if it’s on the allowed apps list.|If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.|We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.| -|WIP is designed for use by a single user per device.|A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process.|We recommend only having one user per managed device.| -|Installers copied from an enterprise network file share might not work properly.|An app might fail to properly install because it can’t read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action.|To fix this, you can:

                  • Start the installer directly from the file share.

                    -OR-

                  • Decrypt the locally copied files needed by the installer.

                    -OR-

                  • Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as **Authoritative** and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.| -|Changing your primary Corporate Identity isn’t supported.|You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access.|Turn off WIP for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying.| -|Redirected folders with Client-Side Caching are not compatible with WIP.|Apps might encounter access errors while attempting to read a cached, offline file.|Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

                    **Note** For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/)". If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045).| -|An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.|Data copied from the WIP-managed device is marked as **Work**.Data copied to the WIP-managed device is not marked as **Work**.Local **Work** data copied to the WIP-managed device remains **Work** data.**Work** data that is copied between two apps in the same session remains ** data.|Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default.| -|You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.|A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**.|Open File Explorer and change the file ownership to **Personal** before you upload.| -|ActiveX controls should be used with caution.|Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP.|We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).| -|Resilient File System (ReFS) isn't currently supported with WIP.|Trying to save or transfer WIP files to ReFS will fail.|Format drive for NTFS, or use a different drive.| -|WIP isn’t turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**:

                  • AppDataRoaming
                  • Desktop
                  • StartMenu
                  • Documents
                  • Pictures
                  • Music
                  • Videos
                  • Favorites
                  • Contacts
                  • Downloads
                  • Links
                  • Searches
                  • SavedGames|WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager.|Don’t set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders. You can configure this parameter, as described [here](/windows-server/storage/folder-redirection/disable-offline-files-on-folders)".If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection)".| -|Only enlightened apps can be managed without device enrollment|If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.|If all apps need to be managed, enroll the device for MDM.| -|By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.|Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.|If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.| -|OneNote notebooks on OneDrive for Business must be properly configured to work with WIP.|OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it.|"OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps:
                    1. Close the notebook in OneNote.
                    2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop.
                    3. Copy the notebook folder and Paste it back into the OneDrive for Business folder.

                    Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button.| -|Microsoft Office Outlook offline data files (PST and OST files) are not marked as **Work** files, and are therefore not protected.|If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected.|It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually.| +- **Limitation**: Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration. + - **How it appears**: + - If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703. + - If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text. + + - **Workaround**: Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited. + + We strongly recommend educating employees about how to limit or eliminate the need for this decryption. + +- **Limitation**: Direct Access is incompatible with WIP. + - **How it appears**: Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource. + - **Workaround**: We recommend that you use VPN for client access to your intranet resources. + + > [!NOTE] + > VPN is optional and isn’t required by WIP. + +- **Limitation**: **NetworkIsolation** Group Policy setting takes precedence over MDM Policy settings. + - **How it appears**: The **NetworkIsolation** Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured. + - **Workaround**: If you use both Group Policy and MDM to configure your **NetworkIsolation** settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM. + +- **Limitation**: Cortana can potentially allow data leakage if it’s on the allowed apps list. + - **How it appears**: If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft. + - **Workaround**: We don’t recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app. + +- **Limitation**: WIP is designed for use by a single user per device. + - **How it appears**: A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process. + - **Workaround**: We recommend only having one user per managed device. + +- **Limitation**: Installers copied from an enterprise network file share might not work properly. + - **How it appears**: An app might fail to properly install because it can’t read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action. + - **Workaround**: To fix this, you can: + - Start the installer directly from the file share. + + OR + + - Decrypt the locally copied files needed by the installer. + + OR + + - Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as **Authoritative** and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list. + +- **Limitation**: Changing your primary Corporate Identity isn’t supported. + - **How it appears**: You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access. + - **Workaround**: Turn off WIP for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying. + +- **Limitation**: Redirected folders with Client-Side Caching are not compatible with WIP. + - **How it appears**: Apps might encounter access errors while attempting to read a cached, offline file. + - **Workaround**: Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business. + + > [!NOTE] + > For more info about Work Folders and Offline Files, see the [Work Folders and Offline Files support for Windows Information Protection blog](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/)". If you're having trouble opening files offline while using Offline Files and WIP, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip). + +- **Limitation**: An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device. + - **How it appears**: + - Data copied from the WIP-managed device is marked as **Work**. + - Data copied to the WIP-managed device is not marked as **Work**. + - Local **Work** data copied to the WIP-managed device remains **Work** data. + - **Work** data that is copied between two apps in the same session remains ** data. + + - **Workaround**: Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default. + +- **Limitation**: You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer. + - **How it appears**: A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**. + - **Workaround**: Open File Explorer and change the file ownership to **Personal** before you upload. + +- **Limitation**: ActiveX controls should be used with caution. + - **How it appears**: Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP. + - **Workaround**: We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology. + + For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking). + +- **Limitation**: Resilient File System (ReFS) isn't currently supported with WIP. + - **How it appears**:Trying to save or transfer WIP files to ReFS will fail. + - **Workaround**: Format drive for NTFS, or use a different drive. + +- **Limitation**: WIP isn’t turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**: + - AppDataRoaming + - Desktop + - StartMenu + - Documents + - Pictures + - Music + - Videos + - Favorites + - Contacts + - Downloads + - Links + - Searches + - SavedGames + +
                    + + - **How it appears**: WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager. + - **Workaround**: Don’t set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders. You can configure this parameter, as described [here](/windows-server/storage/folder-redirection/disable-offline-files-on-folders)". + + If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. + + For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip). + +- **Limitation**: Only enlightened apps can be managed without device enrollment + - **How it appears**: If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. + + Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. + + - **Workaround**: If all apps need to be managed, enroll the device for MDM. + +- **Limitation**: By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it. + - **How it appears**: Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner. + - **Workaround**: If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it. + +- **Limitation**: OneNote notebooks on OneDrive for Business must be properly configured to work with WIP. + - **How it appears**: OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it. + - **Workaround**: OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps: + + 1. Close the notebook in OneNote. + 2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop. + 3. Copy the notebook folder and Paste it back into the OneDrive for Business folder. + + Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button. + +- **Limitation**: Microsoft Office Outlook offline data files (PST and OST files) are not marked as **Work** files, and are therefore not protected. + - **How it appears**: If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected. + - **Workaround**: It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually. > [!NOTE] -> When corporate data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. - -> [!NOTE] -> Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +> +> - When corporate data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. +> +> - Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From b9200ffdb7883e46bb50dc6a5df640a6df37be84 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 16:32:35 -0500 Subject: [PATCH 141/335] Moved text from table into bullets --- .../testing-scenarios-for-wip.md | 138 ++++++++++++++++-- 1 file changed, 123 insertions(+), 15 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index d9f157125e..247a47ecf5 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -31,20 +31,128 @@ You can try any of the processes included in these scenarios, but you should foc >[!IMPORTANT] >If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted. -|Scenario|Processes| -|--- |--- | -|Encrypt and decrypt files using File Explorer.|**For desktop:**

                    1. Open File Explorer, right-click a work document, and then click **Work** from the **File Ownership** menu.
                      Make sure the file is encrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then clicking **Details** from the **Compress or Encrypt attributes** area. The file should show up under the heading, **This enterprise domain can remove or revoke access:** <your_enterprise_identity>. For example, contoso.com.
                    2. In File Explorer, right-click the same document, and then click **Personal** from the **File Ownership** menu.
                      Make sure the file is decrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then verifying that the **Details** button is unavailable.
                    **For mobile:**

                    1. Open the File Explorer app, browse to a file location, click the elipsis (...), and then click **Select** to mark at least one file as work-related.
                    2. Click the elipsis (...) again, click **File ownership** from the drop down menu, and then click **Work**.
                      Make sure the file is encrypted, by locating the **Briefcase** icon next to the file name.
                    3. Select the same file, click **File ownership** from the drop down menu, and then click **Personal**.
                      Make sure the file is decrypted and that you're no longer seeing the **Briefcase** icon next to file name.
                    | -|Create work documents in enterprise-allowed apps.|**For desktop:**

                    • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
                      Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

                      **Important**
                      Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

                      For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md), based on your deployment system.
                    **For mobile:**

                    1. Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as **Work** to a local, work-related location.
                      Make sure the document is encrypted, by locating the **Briefcase** icon next to the file name.
                    2. Open the same document and attempt to save it to a non-work-related location.
                      WIP should stop you from saving the file to this location.
                    3. Open the same document one last time, make a change to the contents, and then save it again using the **Personal** option.
                      Make sure the file is decrypted and that you're no longer seeing the **Briefcase** icon next to file name.
                    | -|Block enterprise data from non-enterprise apps.|
                    1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
                      The app shouldn't be able to access the file.
                    2. Try double-clicking or tapping on the work-encrypted file.
                      If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message.
                    | -|Copy and paste from enterprise apps to non-enterprise apps.|
                    1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
                      You should see a WIP-related warning box, asking you to click either **Change to personal** or **Keep at work**.
                    2. Click **Keep at work**.
                      The content isn't pasted into the non-enterprise app.
                    3. Repeat Step 1, but this time click **Change to personal**, and try to paste the content again.
                      The content is pasted into the non-enterprise app.
                    4. Try copying and pasting content between apps on your allowed apps list.
                      The content should copy and paste between apps without any warning messages.
                    | -|Drag and drop from enterprise apps to non-enterprise apps.|
                    1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
                      You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**.
                    2. Click **Keep at work**.
                      The content isn't dropped into the non-enterprise app.
                    3. Repeat Step 1, but this time click **Change to personal**, and try to drop the content again.
                      The content is dropped into the non-enterprise app.
                    4. Try dragging and dropping content between apps on your allowed apps list.
                      The content should move between the apps without any warning messages.
                    | -|Share between enterprise apps and non-enterprise apps.|
                    1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
                      You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**.
                    2. Click **Keep at work**.
                      The content isn't shared into Facebook.
                    3. Repeat Step 1, but this time click **Change to personal**, and try to share the content again.
                      The content is shared into Facebook.
                    4. Try sharing content between apps on your allowed apps list.
                      The content should share between the apps without any warning messages.
                    | -|Verify that Windows system components can use WIP.|
                    1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
                      Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
                    2. Open File Explorer and make sure your modified files are appearing with a **Lock** icon.
                    3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

                      **Note**
                      Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.

                      A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
                    | -|Use WIP on NTFS, FAT, and exFAT systems.|
                    1. Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list.
                    2. Create, edit, write, save, copy, and move files.
                      Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.
                    | -|Verify your shared files can use WIP.|
                    1. Download a file from a protected file share, making sure the file is encrypted by locating the **Briefcase** icon next to the file name.
                    2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
                    3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
                      The app shouldn't be able to access the file share.
                    | -|Verify your cloud resources can use WIP.|
                    1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
                    2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
                      Both browsers should respect the enterprise and personal boundary.
                    3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
                      IE11 shouldn't be able to access the sites.

                      **Note**
                      Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as **Work**.
                    | -|Verify your Virtual Private Network (VPN) can be auto-triggered.|
                    1. Set up your VPN network to start based on the **WIPModeID** setting.
                      For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md) topic.
                    2. Start an app from your allowed apps list.
                      The VPN network should automatically start.
                    3. Disconnect from your network and then start an app that isn't on your allowed apps list.
                      The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
                    | -|Unenroll client devices from WIP.|
                    • Unenroll a device from WIP by going to **Settings**, click **Accounts**, click **Work**, click the name of the device you want to unenroll, and then click **Remove**.
                      The device should be removed and all of the enterprise content for that managed account should be gone.

                      **Important**
                      On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as **Revoked** and that access is denied for the employee. On mobile devices, the data is removed.| +- **Encrypt and decrypt files using File Explorer**: + + 1. Open File Explorer, right-click a work document, and then click **Work** from the **File Ownership** menu. + + Make sure the file is encrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then clicking **Details** from the **Compress or Encrypt attributes** area. The file should show up under the heading, **This enterprise domain can remove or revoke access:** `**`. For example, `contoso.com`. + + 2. In File Explorer, right-click the same document, and then click **Personal** from the **File Ownership** menu. + + Make sure the file is decrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then verifying that the **Details** button is unavailable. + +- **Create work documents in enterprise-allowed apps**: Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes. + + Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file. + + > [!IMPORTANT] + > Certain file types like `.exe` and `.dll`, along with certain file paths, such as `%windir%` and `%programfiles%` are excluded from automatic encryption. + + For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md), based on your deployment system. + +- **Block enterprise data from non-enterprise apps**: + + 1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file. + + The app shouldn't be able to access the file. + + 2. Try double-clicking or tapping on the work-encrypted file. If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message. + +- **Copy and paste from enterprise apps to non-enterprise apps**: + + 1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list. + + You should see a WIP-related warning box, asking you to click either **Change to personal** or **Keep at work**. + + 2. Click **Keep at work**. The content isn't pasted into the non-enterprise app. + 3. Repeat Step 1, but this time click **Change to personal**, and try to paste the content again. + + The content is pasted into the non-enterprise app. + + 4. Try copying and pasting content between apps on your allowed apps list. The content should copy and paste between apps without any warning messages. + +- **Drag and drop from enterprise apps to non-enterprise apps**: + + 1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list. + + You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**. + + 2. Click **Keep at work**. The content isn't dropped into the non-enterprise app. + 3. Repeat Step 1, but this time click **Change to personal**, and try to drop the content again. + + The content is dropped into the non-enterprise app. + + 4. Try dragging and dropping content between apps on your allowed apps list. The content should move between the apps without any warning messages. + +- **Share between enterprise apps and non-enterprise apps**: + + 1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook. + + You should see a WIP-related warning box, asking you to click either **Keep at work** or **Change to personal**. + + 2. Click **Keep at work**. The content isn't shared into Facebook. + 3. Repeat Step 1, but this time click **Change to personal**, and try to share the content again. + + The content is shared into Facebook. + + 4. Try sharing content between apps on your allowed apps list. The content should share between the apps without any warning messages. + +- **Verify that Windows system components can use WIP**: + + 1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps. + + Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted. + + 2. Open File Explorer and make sure your modified files are appearing with a **Lock** icon. + 3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list. + + > [!NOTE] + > Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data. + > + > A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list. + +- **Use WIP on NTFS, FAT, and exFAT systems**: + + 1. Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list. + 2. Create, edit, write, save, copy, and move files. Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files. + +- **Verify your shared files can use WIP**: + + 1. Download a file from a protected file share, making sure the file is encrypted by locating the **Briefcase** icon next to the file name. + 2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings. + 3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share. + + The app shouldn't be able to access the file share. + +- **Verify your cloud resources can use WIP**: + + 1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list. + 2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge. + + Both browsers should respect the enterprise and personal boundary. + + 3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource. + + IE11 shouldn't be able to access the sites. + + > [!NOTE] + > Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as **Work**. + +- **Verify your Virtual Private Network (VPN) can be auto-triggered**: + + 1. Set up your VPN network to start based on the **WIPModeID** setting. For specific info, see [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md). + 2. Start an app from your allowed apps list. The VPN network should automatically start. + 3. Disconnect from your network and then start an app that isn't on your allowed apps list. + + The VPN shouldn't start and the app shouldn't be able to access your enterprise network. + +- **Unenroll client devices from WIP**: Unenroll a device from WIP by going to **Settings**, click **Accounts**, click **Work**, click the name of the device you want to unenroll, and then click **Remove**. + + The device should be removed and all of the enterprise content for that managed account should be gone. + + > [!IMPORTANT] + > On client devices, the data isn't removed and can be recovered. So, you must make sure the content is marked as **Revoked** and that access is denied for the employee. + >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From 1862899cf2ae651af5038859ff5c73adc7ad7f67 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Tue, 7 Dec 2021 17:07:21 -0500 Subject: [PATCH 142/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index f13ba22591..2deab2941f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -90,7 +90,7 @@ If the policy enables user mode code integrity via the ***Enabled:UMCI*** rule-o ``` ## Single Policy Considerations -If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the WDAC Wizard [Windows Defender Application Control Wizard Policy Merging Operation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies) or using the following PowerShell command: +If the set of deny rules is to be added into an existing policy with allow rules, then the above Allow All rules should not be added to the policy. Instead, the deny policy should be merged with the existing WDAC policy via the [WDAC Wizard](wdac-wizard-merging-policies.md) or using the following PowerShell command: ```PowerShell $DenyPolicy = @@ -148,4 +148,4 @@ Policies should be thoroughly evaluated and first rolled out in audit mode befor 3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows)](deployment/deploy-wdac-policies-with-script.md) -4. Group Policy: [Deploy WDAC policies via Group Policy (Windows)](deploy-windows-defender-application-control-policies-using-group-policy.md) +4. Group Policy: [Deploy WDAC policies via Group Policy (Windows)](deploy-windows-defender-application-control-policies-using-group-policy.md) \ No newline at end of file From 53137f8b7ebc9735af2afaf8c4399220a8be2586 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 17:46:23 -0500 Subject: [PATCH 143/335] Spacing --- ...defender-smartscreen-available-settings.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index db2db95ffd..39945ec254 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -29,14 +29,14 @@ SmartScreen uses registry-based Administrative Template policy settings. Setting|Supported on|Description| |--- |--- |--- | -|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

                      **Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen

                      **At least Windows Server 2012, Windows 8 or Windows RT**|This policy setting turns on Microsoft Defender SmartScreen.

                      If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

                      If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.| -|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet. This setting does not protect against malicious content from USB devices, network shares, or other non-internet sources.

                      **Important:** Using a trustworthy browser helps ensure that these protections work as expected.| -|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

                      **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

                      **Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen|Microsoft Edge on Windows 10 or Windows 11|This policy setting turns on Microsoft Defender SmartScreen.

                      If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.

                      If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.| -|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

                      **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

                      **Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.

                      If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

                      If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.| -|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

                      **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

                      **Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.

                      If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

                      If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.| -|Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter|Internet Explorer 9 or later|This policy setting prevents the employee from managing Microsoft Defender SmartScreen.If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.

                      If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.| -|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings|Internet Explorer 8 or later|This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.

                      If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

                      If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.| -|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet|Internet Explorer 9 or later|This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.

                      If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

                      If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

                      **Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen

                      **At least Windows Server 2012, Windows 8 or Windows RT**|This policy setting turns on Microsoft Defender SmartScreen.

                      If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

                      If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

                      If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|**Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control|This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

                      This setting does not protect against malicious content from USB devices, network shares, or other non-internet sources.

                      **Important:** Using a trustworthy browser helps ensure that these protections work as expected.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

                      **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

                      **Windows 10, Version 1607 and earlier:** Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen|Microsoft Edge on Windows 10 or Windows 11|This policy setting turns on Microsoft Defender SmartScreen.

                      If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.

                      If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

                      If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

                      **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

                      **Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.

                      If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

                      If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.| +|**Windows 10, version 2004:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

                      **Windows 10, version 1703:** Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

                      **Windows 10, Version 1511 and 1607:** Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites|Microsoft Edge on Windows 10, version 1511 or later|This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.

                      If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

                      If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.| +|Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter|Internet Explorer 9 or later|This policy setting prevents the employee from managing Microsoft Defender SmartScreen.

                      If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.

                      If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.| +|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings|Internet Explorer 8 or later|This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.

                      If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

                      If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.| +|Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet|Internet Explorer 9 or later|This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.

                      If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

                      If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.| ## MDM settings @@ -59,9 +59,9 @@ To better help you protect your organization, we recommend turning on and using |Group Policy setting|Recommendation| |--- |--- | -|Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

                      dministrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)|**Enable.** Turns on Microsoft Defender SmartScreen.| -|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

                      dministrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)|**Enable.** Stops employees from ignoring warning messages and continuing to a potentially malicious website.| -|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

                      dministrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)|**Enable.** Stops employees from ignoring warning messages and continuing to download potentially malicious files.| +|Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)|**Enable.** Turns on Microsoft Defender SmartScreen.| +|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)|**Enable.** Stops employees from ignoring warning messages and continuing to a potentially malicious website.| +|Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

                      Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)|**Enable.** Stops employees from ignoring warning messages and continuing to download potentially malicious files.| |Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen|**Enable with the Warn and prevent bypass option.** Stops employees from ignoring warning messages about malicious files downloaded from the Internet.| |MDM setting|Recommendation| @@ -69,8 +69,8 @@ To better help you protect your organization, we recommend turning on and using |Browser/AllowSmartScreen|**1.** Turns on Microsoft Defender SmartScreen.| |Browser/PreventSmartScreenPromptOverride|**1.** Stops employees from ignoring warning messages and continuing to a potentially malicious website.| |Browser/PreventSmartScreenPromptOverrideForFiles|**1.** Stops employees from ignoring warning messages and continuing to download potentially malicious files.| -|SmartScreen/EnableSmartScreenInShell|**1.** Turns on Microsoft Defender SmartScreen in Windows.

                      Requires at least Windows 10, version 1703.| -|SmartScreen/PreventOverrideForFilesInShell|**1.** Stops employees from ignoring warning messages about malicious files downloaded from the Internet.

                      Requires at least Windows 10, version 1703.| +|SmartScreen/EnableSmartScreenInShell|**1.** Turns on Microsoft Defender SmartScreen in Windows.

                      Requires at least Windows 10, version 1703.| +|SmartScreen/PreventOverrideForFilesInShell|**1.** Stops employees from ignoring warning messages about malicious files downloaded from the Internet.

                      Requires at least Windows 10, version 1703.| ## Related topics @@ -78,4 +78,4 @@ To better help you protect your organization, we recommend turning on and using - [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md) -- [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies) \ No newline at end of file +- [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies) From 512e9691e182f1c32c6815c49f78629e59380d57 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 17:57:49 -0500 Subject: [PATCH 144/335] Spacing --- .../applocker/create-a-rule-for-packaged-apps.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index 9c9dc7f558..1c676d9236 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -60,12 +60,12 @@ You can perform this task by using the Group Policy Management Console for an Ap |Selection|Description|Example| |--- |--- |--- | - |Applies to **Any publisher**|This is the least restrictive scope condition for an **Allow** rule. It permits every packaged app to run or install.

                      Conversely, if this is a **Deny** rule, then this option is the most restrictive because it denies all apps from installing or running.|You want the Sales group to use any packaged app from any signed publisher. You set the permissions to allow the Sales group to be able to run any app.| - |Applies to a specific **Publisher**|This scopes the rule to all apps published by a particular publisher.|You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope.| - |Applies to a **Package name**|This scopes the rule to all packages that share the publisher name and package name as the reference file.|You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope.| - |Applies to a **Package version**|This scopes the rule to a particular version of the package.|You want to be very selective in what you allow. You do not want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer.| - |Applying custom values to the rule|Selecting the **Use custom values** check box allows you to adjust the scope fields for your particular circumstance.|You want to allow users to install all *Microsoft.Bing* applications, which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the **Use custom values** check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.| -   + |Applies to **Any publisher**|This is the least restrictive scope condition for an **Allow** rule. It permits every packaged app to run or install.

                      Conversely, if this is a **Deny** rule, then this option is the most restrictive because it denies all apps from installing or running. | You want the Sales group to use any packaged app from any signed publisher. You set the permissions to allow the Sales group to be able to run any app.| + |Applies to a specific **Publisher** | This scopes the rule to all apps published by a particular publisher. | You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope. | + |Applies to a **Package name** | This scopes the rule to all packages that share the publisher name and package name as the reference file. | You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope. | + |Applies to a **Package version** | This scopes the rule to a particular version of the package. | You want to be very selective in what you allow. You do not want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer. | + |Applying custom values to the rule | Selecting the **Use custom values** check box allows you to adjust the scope fields for your particular circumstance. | You want to allow users to install all *Microsoft.Bing* applications, which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the **Use custom values** check box and edit the package name field by adding “Microsoft.Bing*” as the Package name. | + 6. Select **Next**. 7. (Optional) On the **Exceptions** page, specify conditions by which to exclude files from being affected by the rule. This allows you to add exceptions based on the same rule reference and rule scope as you set before. Select **Next**. 8. On the **Name** page, either accept the automatically generated rule name or type a new rule name, and then select **Create**. From 3817da3402d62eb1d68b2d5df08fd7129e501cb3 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 18:03:13 -0500 Subject: [PATCH 145/335] spacing --- .../determine-your-application-control-objectives.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index 594f737b63..bb43e3b175 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -40,15 +40,15 @@ Use the following table to develop your own objectives and determine which appli |Application control function|SRP|AppLocker| |--- |--- |--- | |Scope|SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.|AppLocker policies apply only to the support versions of Windows listed in[Requirements to use AppLocker](requirements-to-use-applocker.md).| -|Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                      AppLocker permits customization of error messages to direct users to a Web page for help.| +|Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                      AppLocker permits customization of error messages to direct users to a Web page for help.| |Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally, or the GPMC, or the Windows PowerShell AppLocker cmdlets.| |Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.| -|Enforcement mode|SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.

                      SRP can also be configured in the “allow list mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|By default, AppLocker works in allow list mode. Only those files are allowed to run for which there's a matching allow rule.| -|File types that can be controlled|SRP can control the following file types:

                    • Executables
                    • DLLs
                    • Scripts
                    • Windows Installers

                      SRP cannot control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:

                    • Executables
                    • DLLs
                    • Scripts
                    • Windows Installers
                    • Packaged apps and installers

                      AppLocker maintains a separate rule collection for each of the five file types.| +|Enforcement mode|SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.

                      SRP can also be configured in the “allow list mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|By default, AppLocker works in allow list mode. Only those files are allowed to run for which there's a matching allow rule.| +|File types that can be controlled|SRP can control the following file types:

                    • Executables
                    • DLLs
                    • Scripts
                    • Windows Installers

                      SRP cannot control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:
                    • Executables
                    • DLLs
                    • Scripts
                    • Windows Installers
                    • Packaged apps and installers

                      AppLocker maintains a separate rule collection for each of the five file types.| |Designated file types|SRP supports an extensible list of file types that are considered executable. You can add extensions for files that should be considered executable.|AppLocker doesn't support this. AppLocker currently supports the following file extensions:
                    • Executables (.exe, .com)
                    • DLLs (.ocx, .dll)
                    • Scripts (.vbs, .js, .ps1, .cmd, .bat)
                    • Windows Installers (.msi, .mst, .msp)
                    • Packaged app installers (.appx)| -|Rule types|SRP supports four types of rules:
                    • Hash
                    • Path
                    • Signature

                      Internet zone|AppLocker supports three types of rules:

                    • Hash
                    • Path
                    • Publisher| +|Rule types|SRP supports four types of rules:
                    • Hash
                    • Path
                    • Signature

                      Internet zone|AppLocker supports three types of rules:
                    • Hash
                    • Path
                    • Publisher| |Editing the hash value|SRP allows you to select a file to hash.|AppLocker computes the hash value itself. Internally it uses the SHA2 Authenticode hash for Portable Executables (exe and DLL) and Windows Installers and an SHA2 flat file hash for the rest.| -|Support for different security levels|With SRP, you can specify the permissions with which an app can run. Then configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                      SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.| +|Support for different security levels|With SRP, you can specify the permissions with which an app can run. Then configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                      SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.| |Manage Packaged apps and Packaged app installers.|Unable|.appx is a valid file type which AppLocker can manage.| |Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.| |Support for rule exceptions|SRP does not support rule exceptions|AppLocker rules can have exceptions that allow administrators to create rules such as “Allow everything from Windows except for Regedit.exe”.| From 4373e3b264a508a69293c3e529c03b6c33725145 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 18:12:38 -0500 Subject: [PATCH 146/335] Replaced caution with important --- .../applocker/plan-for-applocker-policy-management.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index 44d6d198a7..2f5df9dc7c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -87,7 +87,8 @@ As new apps are deployed or existing apps are updated by the software publisher, You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013). ->**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior. +> [!IMPORTANT] +> You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior. **New version of a supported app** From 258d4349b1197d386b0d13fd589f6555085b5a45 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 18:19:49 -0500 Subject: [PATCH 147/335] Notes --- .../understand-applocker-policy-design-decisions.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 7c3e95c7e8..c14abfaefc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -57,7 +57,8 @@ You might need to control a limited number of apps because they access sensitive | Control apps by computer, not user | AppLocker is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your AppLocker planning. Otherwise, you will have to identify users, their computers, and their app access requirements.| |Understand app usage, but there is no need to control any apps yet | AppLocker policies can be set to audit app usage to help you track which apps are used in your organization. You can then use the AppLocker event log to create AppLocker policies.| ->**Important:** The following list contains files or types of files that cannot be managed by AppLocker: +> [!IMPORTANT] +> The following list contains files or types of files that cannot be managed by AppLocker: - AppLocker does not protect against running 16-bit DOS binaries in an NT Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or higher when there is already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it is a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the Executable rule collection for NTVDM.exe. @@ -65,7 +66,8 @@ You might need to control a limited number of apps because they access sensitive - AppLocker can only control VBScript, JScript, .bat files, .cmd files and Windows PowerShell scripts. It does not control all interpreted code that runs within a host process, for example Perl scripts and macros. Interpreted code is a form of executable code that runs within a host process. For example, Windows batch files (\*.bat) run within the context of the Windows Command Host (cmd.exe). To use AppLocker to control interpreted code, the host process must call AppLocker before it runs the interpreted code, and then enforce the decision that is returned by AppLocker. Not all host processes call into AppLocker. Therefore, AppLocker cannot control every kind of interpreted code, for example Microsoft Office macros. - >**Important:** You should configure the appropriate security settings of these host processes if you must allow them to run. For example, configure the security settings in Microsoft Office to ensure that only signed and trusted macros are loaded. + > [!IMPORTANT] + > You should configure the appropriate security settings of these host processes if you must allow them to run. For example, configure the security settings in Microsoft Office to ensure that only signed and trusted macros are loaded. - AppLocker rules allow or prevent an app from launching. AppLocker does not control the behavior of apps after they are launched. Applications could contain flags that are passed to functions that signal AppLocker to circumvent the rules and allow another .exe or .dll file to be loaded. In practice, an app that is allowed by AppLocker could use these flags to bypass AppLocker rules and launch child processes. You must follow a process that best suits your needs to thoroughly vet each app before allowing them to run using AppLocker rules. @@ -101,7 +103,7 @@ If your organization supports multiple Windows operating systems, app control po |Possible answers|Design considerations| |--- |--- | -|Your organization's computers are running a combination of the following operating systems:

                    • Windows 11
                    • Windows 10
                    • Windows 8
                    • Windows 7
                    • Windows Vista
                    • Windows XP
                    • Windows Server 2012
                    • Windows Server 2008 R2
                    • Windows Server 2008
                    • Windows Server 2003|AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
                      **Note:** If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.

                      AppLocker policies as applied through a GPO take precedence over SRP policies in the same or linked GPO. SRP policies can be created and maintained the same way.| +|Your organization's computers are running a combination of the following operating systems:

                    • Windows 11
                    • Windows 10
                    • Windows 8
                    • Windows 7
                    • Windows Vista
                    • Windows XP
                    • Windows Server 2012
                    • Windows Server 2008 R2
                    • Windows Server 2008
                    • Windows Server 2003|AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).

                      **Note:** If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.

                      AppLocker policies as applied through a GPO take precedence over SRP policies in the same or linked GPO. SRP policies can be created and maintained the same way.| |Your organization's computers are running only the following operating systems:
                    • Windows 11
                    • Windows 10
                    • Windows 8.1
                    • Windows 8
                    • Windows 7
                    • Windows Server 2012 R2
                    • Windows Server 2012
                    • Windows Server 2008 R2|Use AppLocker to create your application control policies.| ### Are there specific groups in your organization that need customized application control policies? @@ -177,7 +179,7 @@ AppLocker is very effective for organizations that have application restriction | Possible answers | Design considerations | | - | - | | Users run without administrative rights. | Apps are installed by using an installation deployment technology.| -| AppLocker can help reduce the total cost of ownership for business groups that typically use a finite set of apps, such as human resources and finance departments. At the same time, these departments access highly sensitive information, much of which contains confidential and proprietary information. By using AppLocker to create rules for specific apps that are allowed to run, you can help limit unauthorized applications from accessing this information.
                      **Note: **AppLocker can also be effective in helping create standardized desktops in organizations where users run as administrators. However, it is important to note that users with administrative credentials can add new rules to the local AppLocker policy.| Users must be able to install applications as needed. +| AppLocker can help reduce the total cost of ownership for business groups that typically use a finite set of apps, such as human resources and finance departments. At the same time, these departments access highly sensitive information, much of which contains confidential and proprietary information. By using AppLocker to create rules for specific apps that are allowed to run, you can help limit unauthorized applications from accessing this information.

                      **Note:** AppLocker can also be effective in helping create standardized desktops in organizations where users run as administrators. However, it is important to note that users with administrative credentials can add new rules to the local AppLocker policy.| Users must be able to install applications as needed. | Users currently have administrator access, and it would be difficult to change this.|Enforcing AppLocker rules is not suited for business groups that must be able to install apps as needed and without approval from the IT department. If one or more OUs in your organization has this requirement, you can choose not to enforce application rules in those OUs by using AppLocker or to implement the **Audit only** enforcement setting through AppLocker.| ### Is the structure in Active Directory Domain Services based on the organization's hierarchy? From 553905f9290df317179238ff89225d85bcd8eba6 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 7 Dec 2021 18:24:25 -0500 Subject: [PATCH 148/335] Removed

                      --- ...ware-restriction-policies-in-the-same-domain.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index d7bb4ad515..40d68279fe 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -42,22 +42,18 @@ The following table compares the features and functions of Software Restriction |Application control function|SRP|AppLocker| |--- |--- |--- | |Scope|SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.|AppLocker policies apply only to Windows Server 2008 R2, Windows 7, and later.| -|Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                      AppLocker permits customization of error messages to direct users to a Web page for help.| +|Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.

                      AppLocker permits customization of error messages to direct users to a Web page for help.| |Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in (if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.| |Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.| -|Enforcement mode|SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file is allowed to run by default.

                      SRP can also be configured in the “allowlist mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there is a matching allow rule.| -|File types that can be controlled|SRP can control the following file types:

                    • Executables
                    • Dlls
                    • Scripts
                    • Windows Installers

                      SRP cannot control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:

                    • Executables
                    • Dlls
                    • Scripts
                    • Windows Installers
                    • Packaged apps and installers

                      AppLocker maintains a separate rule collection for each of the five file types.| +|Enforcement mode|SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file is allowed to run by default.

                      SRP can also be configured in the “allowlist mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there is a matching allow rule.| +|File types that can be controlled|SRP can control the following file types:

                    • Executables
                    • Dlls
                    • Scripts
                    • Windows Installers

                      SRP cannot control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:
                    • Executables
                    • Dlls
                    • Scripts
                    • Windows Installers
                    • Packaged apps and installers

                      AppLocker maintains a separate rule collection for each of the five file types.| |Designated file types|SRP supports an extensible list of file types that are considered executable. Administrators can add extensions for files that should be considered executable.|AppLocker currently supports the following file extensions:
                    • Executables (.exe, .com)
                    • Dlls (.ocx, .dll)
                    • Scripts (.vbs, .js, .ps1, .cmd, .bat)
                    • Windows Installers (.msi, .mst, .msp)
                    • Packaged app installers (.appx)| |Rule types|SRP supports four types of rules:
                    • Hash
                    • Path
                    • Signature
                    • Internet zone|AppLocker supports three types of rules:
                    • File hash
                    • Path
                    • Publisher| -|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.

                      Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.| -|Support for different security levels|With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                      SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.| +|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.

                      Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.| +|Support for different security levels|With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.

                      SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.| |Manage Packaged apps and Packaged app installers.|Not supported|.appx is a valid file type which AppLocker can manage.| |Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.| |Support for rule exceptions|SRP does not support rule exceptions.|AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.| |Support for audit mode|SRP does not support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.| |Support for exporting and importing policies|SRP does not support policy import/export.|AppLocker supports the importing and exporting of policies. This allows you to create AppLocker policy on a sample device, test it out and then export that policy and import it back into the desired GPO.| |Rule enforcement|Internally, SRP rules enforcement happens in the user-mode, which is less secure.|Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode, which is more secure than enforcing them in the user-mode.| - -  -  -  From 13610fd963d02e535d87202ac020bee2465b58b0 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Tue, 7 Dec 2021 18:38:11 -0500 Subject: [PATCH 149/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 2deab2941f..d71b2baa9b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -103,7 +103,7 @@ If you are currently using [multiple policies](deploy-multiple-windows-defender- (Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: -Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. +Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. The second option involves merging the deny list with your existing WDAC policy, regardless if the policy is an allow list policy and contains allow and/or deny rules. ## Best Practices From 4057f907da54e0cdbeedfcb2d80b0b1c785db744 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Tue, 7 Dec 2021 18:44:54 -0500 Subject: [PATCH 150/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index d71b2baa9b..90775c4c17 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -103,7 +103,9 @@ If you are currently using [multiple policies](deploy-multiple-windows-defender- (Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: -Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. The second option involves merging the deny list with your existing WDAC policy, regardless if the policy is an allow list policy and contains allow and/or deny rules. +Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. + +The second option involves merging the deny list with your existing WDAC policy, regardless if the policy is an allow list policy and contains allow and/or deny rules. ## Best Practices From 9e74247d6bacfa18683625ed00eb9c319b8934e0 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 7 Dec 2021 15:46:10 -0800 Subject: [PATCH 151/335] Update bitlocker-device-encryption-overview-windows-10.md --- .../bitlocker-device-encryption-overview-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index cbd4a6c3a0..2b18579a8c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -142,6 +142,6 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage * Enforces the BitLocker encryption policy options that you set for your enterprise. * Integrates with existing management tools, such as Microsoft Endpoint Configuration Manager. * Offers an IT-customizable recovery user experience. -* Supports Windows 11 and Windows 10. +* Supports Windows 10. -For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/) on the MDOP TechCenter. \ No newline at end of file +For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/) on the MDOP TechCenter. From edd381a30c95ee42a51b0644237cbd2756d6976d Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 7 Dec 2021 16:51:29 -0800 Subject: [PATCH 152/335] Fix broken note --- .../hello-for-business/hello-manage-in-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index d687edd606..5610f8e167 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -123,7 +123,7 @@ All PIN complexity policies, are grouped separately from feature enablement and >[!NOTE] > Windows Hello for Business policy conflict resolution logic does not respect the ControlPolicyConflict/MDMWinsOverGP policy in the Policy CSP. - +> >Examples > >The following are configured using computer Group Policy: From b1379d4c1c4e4a65d77ccc2c429b9bee04beb858 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 7 Dec 2021 16:55:16 -0800 Subject: [PATCH 153/335] Correct markup of warning --- ...ared-volumes-and-storage-area-networks-with-bitlocker.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 052dd0fee8..df18662e36 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -67,7 +67,9 @@ You can also use an Active Directory Domain Services (AD DS) protector for prote BitLocker encryption is available for disks before or after addition to a cluster storage pool. The advantage of encrypting volumes prior to adding them to a cluster is that the disk resource does not require suspending the resource to complete the operation. To turn on BitLocker for a disk before adding it to a cluster: 1. Install the BitLocker Drive Encryption feature if it is not already installed. + 2. Ensure the disk is formatted NTFS and has a drive letter assigned to it. + 3. Identify the name of the cluster with Windows PowerShell. ```powershell @@ -80,9 +82,11 @@ BitLocker encryption is available for disks before or after addition to a cluste Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$ ``` - >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster. + > [!WARNING] + > You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster. 5. Repeat the preceding steps for each disk in the cluster. + 6. Add the volume(s) to the cluster. ### Turning on BitLocker for a clustered disk using Windows PowerShell From b6e8f02ce1b2d307b3d08992a2cdaaf5c1fda66c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 7 Dec 2021 16:57:24 -0800 Subject: [PATCH 154/335] Corrected font weight of table headings Table headings are bold by default. Adding formatting for bold results in a lighter weight font than is standard on the platform (unless the table has the correct markup for a "data matrix" table). --- ...r-shared-volumes-and-storage-area-networks-with-bitlocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index df18662e36..efd311bfe6 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -167,7 +167,7 @@ Unlike CSV2.0 volumes, physical disk resources can only be accessed by one clust The following table contains information about both Physical Disk Resources (that is, traditional failover cluster volumes) and Cluster Shared Volumes (CSV) and the actions that are allowed by BitLocker in each situation. -|**Action**|**On owner node of failover volume**|**On Metadata Server (MDS) of CSV**|**On (Data Server) DS of CSV**|**Maintenance Mode**| +| Action | On owner node of failover volume | On Metadata Server (MDS) of CSV | On (Data Server) DS of CSV | Maintenance Mode | |--- |--- |--- |--- |--- | |**Manage-bde –on**|Blocked|Blocked|Blocked|Allowed| |**Manage-bde –off**|Blocked|Blocked|Blocked|Allowed| From c60321901d9c72dd9c78c3a460cc64caade187a4 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 7 Dec 2021 16:58:43 -0800 Subject: [PATCH 155/335] Corrected markup of a warning --- ...ared-volumes-and-storage-area-networks-with-bitlocker.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index efd311bfe6..d176a4f457 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -117,7 +117,9 @@ When the cluster service owns a disk resource already, it needs to be set into m ```powershell Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$ ``` - >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster. + + > [!WARNING] + > You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster. 6. Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode: @@ -182,7 +184,7 @@ The following table contains information about both Physical Disk Resources (tha |**Shrink**|Allowed|Allowed|Blocked|Allowed| |**Extend**|Allowed|Allowed|Blocked|Allowed| ->[!NOTE] +> [!NOTE] > Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node In the case where a physical disk resource experiences a failover event during conversion, the new owning node will detect the conversion is not complete and will complete the conversion process. From f887e48403dcd847e4452f2c18bdd0ecaf0874a6 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 7 Dec 2021 17:24:15 -0800 Subject: [PATCH 156/335] Correct markup of notes --- .../windows-10-mobile-security-guide.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 8f680ea6ff..cd44f7491b 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -44,7 +44,8 @@ Because Windows Hello is supported across all Windows 10 devices, organizations Windows Hello supports iris scan, fingerprint, and facial recognition-based authentication for devices that have biometric sensors. ->**Note:** When Windows 10 first shipped, it included **Microsoft Passport** and **Windows Hello**, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the **Windows Hello** name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. +> [!NOTE] +> When Windows 10 first shipped, it included **Microsoft Passport** and **Windows Hello**, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the **Windows Hello** name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. ### Secured credentials @@ -61,7 +62,8 @@ Windows Hello supports three biometric sensor scenarios: - **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello. - **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology. ->Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture. +> [!NOTE] +> Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture. All three of these biometric factors – face, finger, and iris – are unique to an individual. To capture enough data to uniquely identify an individual, a biometric scanner might initially capture images in multiple conditions or with additional details. For example, an iris scanner will capture images of both eyes or both eyes with and without eyeglasses or contact lenses. @@ -169,7 +171,7 @@ The table below outlines how Windows 10 Mobile mitigates specific malware threat |A website that includes malicious code exploits a vulnerability in the web browser to run malware on the client device.|Microsoft Edge includes Enhanced Protected Mode, which uses AppContainer-based sandboxing to help protect the system against vulnerabilities that at attacker may discover in the extensions running in the browser (for example, Adobe Flash, Java) or the browser itself.| ->[!NOTE] +> [!NOTE] > The Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [www.uefi.org/specs]( http://www.uefi.org/specs). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed. ### UEFI with Secure Boot @@ -199,7 +201,8 @@ Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard Many assume that original equipment manufacturers (OEMs) must implant a TPM in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 Mobile supports only firmware TPM that complies with the 2.0 standard. Windows does not differentiate between discrete and firmware-based solutions because both must meet the same implementation and security requirements. Therefore, any Windows 10 feature that can take advantage of TPM can be used with Windows 10 Mobile. ->Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) +> [!NOTE] +> Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) Several Windows 10 Mobile security features require TPM: - Virtual smart cards From 8d897f4da6983ed50c54b34592f9cc4b0374f836 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 08:59:34 +0530 Subject: [PATCH 157/335] Html to md table-Sweep batch 28 --- .../client-management/mdm/bitlocker-csp.md | 774 ++++++------------ .../mdm/policy-csp-update.md | 40 +- .../provisioning-packages.md | 12 - 3 files changed, 268 insertions(+), 558 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 456fbbd28c..c0d680c371 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -68,24 +68,16 @@ Defines the root node for the BitLocker configuration service provider. Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU. - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcross markcross markcross markcross markcheck mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|No|No| +|Education|No|No| +|Mobile|Yes|Yes| + Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on. @@ -124,24 +116,16 @@ Data type is integer. Supported operations are Add, Get, Replace, and Delete. Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption. - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcheck mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|Yes|Yes| + Data type is integer. Sample value for this node to enable this policy: 1. Supported operations are Add, Get, Replace, and Delete. @@ -193,24 +177,16 @@ If you want to disable this policy, use the following SyncML: Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)". - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -276,26 +252,16 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -347,26 +313,16 @@ If you disable or do not configure this setting, the identification field is not Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -400,26 +356,16 @@ If this policy is disabled, the options of "Require additional authentication at Allows users to configure whether or not enhanced startup PINs are used with BitLocker. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -456,26 +402,16 @@ If you disable or do not configure this policy setting, enhanced PINs will not b Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -512,26 +448,16 @@ Sample value for this node to disable this policy is: Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -574,26 +500,16 @@ When the Windows Recovery Environment is not enabled and this policy is not enab Allows you to configure the encryption type that is used by BitLocker. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -633,26 +549,16 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup". - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -741,26 +647,16 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup". - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -818,26 +714,16 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo (PrebootRecoveryInfo_Name). - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -907,26 +793,16 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name). - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1004,26 +880,16 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" (). - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1110,26 +976,16 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name). - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1179,26 +1035,16 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. Allows you to configure the encryption type on fixed data drives that is used by BitLocker. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1240,26 +1086,16 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name). - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1320,26 +1156,16 @@ Disabling the policy will let the system choose the default behaviors. If you wa Allows you to configure the encryption type that is used by BitLocker. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1375,26 +1201,16 @@ If this policy is disabled or not configured, the BitLocker Setup Wizard asks th Allows you to control the use of BitLocker on removable data drives. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + ADMX Info: @@ -1445,26 +1261,16 @@ Allows the admin to disable the warning prompt for other disk encryption on the > [!Warning] > When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + The following list shows the supported values: @@ -1509,26 +1315,16 @@ Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where pol If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + The expected values for this policy are: @@ -1564,26 +1360,16 @@ This setting initiates a client-driven recovery password refresh after an OS dri - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + Value type is int. Supported operations are Add, Delete, Get, and Replace. @@ -1619,26 +1405,16 @@ Each server-side recovery key rotation is represented by a request ID. The serve - RotateRecoveryPasswordsRequestID: Returns request ID of last request processed. - RotateRecoveryPasswordsRotationStatus: Returns status of last request processed. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + Value type is string. Supported operation is Execute. Request ID is expected as a parameter. @@ -1664,26 +1440,16 @@ Interior node. Supported operation is Get. This node reports compliance state of device encryption on the system. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + @@ -1732,26 +1498,16 @@ Status code can be one of the following: - 0 - Pass - Any other code - Failure HRESULT - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + Value type is int. Supported operation is Get. @@ -1767,26 +1523,16 @@ This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID. - - - - - - - - - - - - - - - - - - - -
                      HomeProBusinessEnterpriseEducationMobile
                      cross markcheck markcheck markcheck markcheck markcross mark
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| +|Mobile|No|No| + diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index a2120ee9fb..e3bcc31993 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -2422,38 +2422,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/ProductVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|

                      diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index 8f3f00962f..6c9e724c17 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -86,18 +86,6 @@ The following table describes settings that you can configure using the wizards | Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✔️ | ❌ | | Developer Setup | Enable Developer Mode | ❌ | ❌ | ✔️ | - - - - - - - - - - - - - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md) - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard) - [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard) From 6376d7074957baf11e3d42ccf6ebb1d22d69ca91 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 12:41:31 +0530 Subject: [PATCH 158/335] Sweep 2 --- ...release-notes-for-appv-for-windows-1703.md | 157 ++- .../change-history-for-mdm-documentation.md | 970 ++---------------- .../set-up-shared-or-guest-pc.md | 199 ++-- .../upgrade/windows-10-edition-upgrades.md | 109 +- windows/deployment/wds-boot-support.md | 66 +- .../windows-10-deployment-scenarios.md | 131 +-- windows/deployment/windows-10-poc-mdt.md | 26 +- windows/deployment/windows-10-poc.md | 315 ++---- 8 files changed, 454 insertions(+), 1519 deletions(-) diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md index 8765ba9fa6..a6f88ea7a3 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md @@ -19,90 +19,81 @@ ms.author: greglin The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10 version 1703 and later - - - - - - - - - - - - - - - - - - - - - - - -
                      ProblemWorkaround
                      Unable to manually create a system-owned folder needed for the set-AppVClientConfiguration PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.Don't create this file manually, instead let the Add-AppVClientPackage cmdlet auto-generate it.
                      Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.Make sure you have the complete App-V package or the MSI file from the original app.
                      Unable to modify the locale for auto-sequencing.Open the C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
                      Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the <appv:Extensions> tag: -
                      
-<appv:Extension Category="AppV.URLProtocol">
-    <appv:URLProtocol>
-        <appv:Name>ftp</appv:Name>
-        <appv:ApplicationURLProtocol>
-            <appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
-            <appv:ShellCommands>
-                <appv:DefaultCommand>open</appv:DefaultCommand>
-                <appv:ShellCommand>
-                    <appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
-                    <appv:Name>open</appv:Name>
-                    <appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
-                    <appv:DdeExec>
-                        <appv:DdeCommand />
-                    </appv:DdeExec>
-                </appv:ShellCommand>
-            </appv:ShellCommands>
-        </appv:ApplicationURLProtocol>
-    </appv:URLProtocol>
-</appv:Extension>
-<appv:Extension Category="AppV.URLProtocol">
-    <appv:URLProtocol>
-        <appv:Name>http</appv:Name>
-        <appv:ApplicationURLProtocol>
-            <appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
-            <appv:ShellCommands>
-                <appv:DefaultCommand>open</appv:DefaultCommand>
-                <appv:ShellCommand>
-                    <appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
-                    <appv:Name>open</appv:Name>
-                    <appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
-                    <appv:DdeExec>
-                        <appv:DdeCommand />
-                    </appv:DdeExec>
-                </appv:ShellCommand>
-            </appv:ShellCommands>
-        </appv:ApplicationURLProtocol>
-    </appv:URLProtocol>
-</appv:Extension>
-<appv:Extension Category="AppV.URLProtocol">
-    <appv:URLProtocol>
-        <appv:Name>https</appv:Name>
-        <appv:ApplicationURLProtocol>
-            <appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
-            <appv:ShellCommands>
-                <appv:DefaultCommand>open</appv:DefaultCommand>
-                <appv:ShellCommand>
-                    <appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
-                    <appv:Name>open</appv:Name>
-                    <appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
-                    <appv:DdeExec>
-                        <appv:DdeCommand />
-                    </appv:DdeExec>
-                </appv:ShellCommand>
-            </appv:ShellCommands>
-        </appv:ApplicationURLProtocol>
-    </appv:URLProtocol>
-</appv:Extension>
-

                      +- **Problem**: Unable to manually create a system-owned folder needed for the `set-AppVClientConfiguration` PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters. + **Workaround**: Don't create this file manually, instead let the `Add-AppVClientPackage` cmdlet auto-generate it. + +- **Problem**: Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands. + + **Workaround**: Make sure you have the complete App-V package or the MSI file from the original app. + +- **Problem**: Unable to modify the locale for auto-sequencing. + + **Workaround**: Open the `C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml` file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES. + +- **Problem**: Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area. + + **Workaround**: The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the `` tag: + +```xml + + + ftp + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 + + open + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe + open + "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" + + + + + + + + + + + http + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 + + open + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe + open + "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" + + + + + + + + + + + https + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 + + open + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe + open + "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" + + + + + + + + +``` ## Related resources list For information that can help with troubleshooting App-V for Windows client, see: diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index 8036d19764..6665d6c4ea 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -179,907 +179,141 @@ This article lists new and updated articles for the Mobile Device Management (MD ## August 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      BitLocker CSP

                      Added support for Windows 10 Pro starting in the version 1809.

                      -
                      Office CSP

                      Added FinalStatus setting in Windows 10, version 1809.

                      -
                      RemoteWipe CSP

                      Added new settings in Windows 10, version 1809.

                      -
                      TenantLockdown CSP

                      Added new CSP in Windows 10, version 1809.

                      -
                      WindowsDefenderApplicationGuard CSP

                      Added new settings in Windows 10, version 1809.

                      -
                      Policy DDF file

                      Posted an updated version of the Policy DDF for Windows 10, version 1809.

                      -
                      Policy CSP

                      Added the following new policies in Windows 10, version 1809:

                      -
                        -
                      • Browser/AllowFullScreenMode
                        • -
                      • Browser/AllowPrelaunch
                        • -
                      • Browser/AllowPrinting
                        • -
                      • Browser/AllowSavingHistory
                        • -
                      • Browser/AllowSideloadingOfExtensions
                        • -
                      • Browser/AllowTabPreloading
                        • -
                      • Browser/AllowWebContentOnNewTabPage
                        • -
                      • Browser/ConfigureFavoritesBar
                        • -
                      • Browser/ConfigureHomeButton
                        • -
                      • Browser/ConfigureKioskMode
                        • -
                      • Browser/ConfigureKioskResetAfterIdleTimeout
                        • -
                      • Browser/ConfigureOpenMicrosoftEdgeWith
                        • -
                      • Browser/ConfigureTelemetryForMicrosoft365Analytics
                        • -
                      • Browser/PreventCertErrorOverrides
                        • -
                      • Browser/SetHomeButtonURL
                        • -
                      • Browser/SetNewTabPageURL
                        • -
                      • Browser/UnlockHomeButton
                        • -
                      • Experience/DoNotSyncBrowserSettings
                        • -
                      • Experience/PreventUsersFromTurningOnBrowserSyncing
                        • -
                      • Kerberos/UPNNameHints
                        • -
                      • Privacy/AllowCrossDeviceClipboard
                        • -
                      • Privacy/DisablePrivacyExperience
                        • -
                      • Privacy/UploadUserActivities
                        • -
                      • System/AllowDeviceNameInDiagnosticData
                        • -
                      • System/ConfigureMicrosoft365UploadEndpoint
                        • -
                      • System/DisableDeviceDelete
                        • -
                      • System/DisableDiagnosticDataViewer
                        • -
                      • Storage/RemovableDiskDenyWriteAccess
                        • -
                      • Update/UpdateNotificationLevel
                        • -
                      -

                      Start/DisableContextMenus - added in Windows 10, version 1803.

                      -

                      RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.

                      -
                      +|New or updated article|Description| +|--- |--- | +|[BitLocker CSP](bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.| +|[Office CSP](office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.| +|[RemoteWipe CSP](remotewipe-csp.md)|Added new settings in Windows 10, version 1809.| +|[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.| +|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.| +|[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
                    • Browser/AllowFullScreenMode
                    • Browser/AllowPrelaunch
                    • Browser/AllowPrinting
                    • Browser/AllowSavingHistory
                    • Browser/AllowSideloadingOfExtensions
                    • Browser/AllowTabPreloading
                    • Browser/AllowWebContentOnNewTabPage
                    • Browser/ConfigureFavoritesBar
                    • Browser/ConfigureHomeButton
                    • Browser/ConfigureKioskMode
                    • Browser/ConfigureKioskResetAfterIdleTimeout
                    • Browser/ConfigureOpenMicrosoftEdgeWith
                    • Browser/ConfigureTelemetryForMicrosoft365Analytics
                    • Browser/PreventCertErrorOverrides
                    • Browser/SetHomeButtonURL
                    • Browser/SetNewTabPageURL
                    • Browser/UnlockHomeButton
                    • Experience/DoNotSyncBrowserSettings
                    • Experience/PreventUsersFromTurningOnBrowserSyncing
                    • Kerberos/UPNNameHints
                    • Privacy/AllowCrossDeviceClipboard
                    • Privacy
                    • DisablePrivacyExperience
                    • Privacy/UploadUserActivities
                    • System/AllowDeviceNameInDiagnosticData
                    • System/ConfigureMicrosoft365UploadEndpoint
                    • System/DisableDeviceDelete
                    • System/DisableDiagnosticDataViewer
                    • Storage/RemovableDiskDenyWriteAccess
                    • Update/UpdateNotificationLevel

                      Start/DisableContextMenus - added in Windows 10, version 1803.

                      RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| ## July 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      AssignedAccess CSP

                      Added the following note:

                      -
                        -
                      • You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
                        • -
                      -
                      PassportForWork CSP

                      Added new settings in Windows 10, version 1809.

                      -
                      EnterpriseModernAppManagement CSP

                      Added NonRemovable setting under AppManagement node in Windows 10, version 1809.

                      -
                      Win32CompatibilityAppraiser CSP

                      Added new configuration service provider in Windows 10, version 1809.

                      -
                      WindowsLicensing CSP

                      Added S mode settings and SyncML examples in Windows 10, version 1809.

                      -
                      SUPL CSP

                      Added 3 new certificate nodes in Windows 10, version 1809.

                      -
                      Defender CSP

                      Added a new node Health/ProductStatus in Windows 10, version 1809.

                      -
                      BitLocker CSP

                      Added a new node AllowStandardUserEncryption in Windows 10, version 1809.

                      -
                      DevDetail CSP

                      Added a new node SMBIOSSerialNumber in Windows 10, version 1809.

                      -
                      Policy CSP

                      Added the following new policies in Windows 10, version 1809:

                      -
                        -
                      • ApplicationManagement/LaunchAppAfterLogOn
                        • -
                      • ApplicationManagement/ScheduleForceRestartForUpdateFailures
                        • -
                      • Authentication/EnableFastFirstSignIn (Preview mode only)
                        • -
                      • Authentication/EnableWebSignIn (Preview mode only)
                        • -
                      • Authentication/PreferredAadTenantDomainName
                        • -
                      • Defender/CheckForSignaturesBeforeRunningScan
                        • -
                      • Defender/DisableCatchupFullScan
                        • -
                      • Defender/DisableCatchupQuickScan
                        • -
                      • Defender/EnableLowCPUPriority
                        • -
                      • Defender/SignatureUpdateFallbackOrder
                        • -
                      • Defender/SignatureUpdateFileSharesSources
                        • -
                      • DeviceGuard/ConfigureSystemGuardLaunch
                        • -
                      • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                        • -
                      • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                        • -
                      • DeviceInstallation/PreventDeviceMetadataFromNetwork
                        • -
                      • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                        • -
                      • DmaGuard/DeviceEnumerationPolicy
                        • -
                      • Experience/AllowClipboardHistory
                        • -
                      • Security/RecoveryEnvironmentAuthentication
                        • -
                      • TaskManager/AllowEndTask
                        • -
                      • WindowsDefenderSecurityCenter/DisableClearTpmButton
                        • -
                      • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                        • -
                      • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                        • -
                      • WindowsLogon/DontDisplayNetworkSelectionUI
                        • -
                      -

                      Recent changes:

                      -
                        -
                      • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.
                        • -
                      -
                      +|New or updated article|Description| +|--- |--- | +|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

                      You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.| +|[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.| +|[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.| +|[WindowsLicensing CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.| +|[SUPL CSP](supl-csp.md)|Added 3 new certificate nodes in Windows 10, version 1809.| +|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.| +|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.| +|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:

                    • ApplicationManagement/LaunchAppAfterLogOn
                    • ApplicationManagement/ScheduleForceRestartForUpdateFailures
                    • Authentication/EnableFastFirstSignIn (Preview mode only)
                    • Authentication/EnableWebSignIn (Preview mode only)
                    • Authentication/PreferredAadTenantDomainName
                    • Defender/CheckForSignaturesBeforeRunningScan
                    • Defender/DisableCatchupFullScan
                    • Defender/DisableCatchupQuickScan
                    • Defender/EnableLowCPUPriority
                    • Defender/SignatureUpdateFallbackOrder
                    • Defender/SignatureUpdateFileSharesSources
                    • DeviceGuard/ConfigureSystemGuardLaunch
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                    • DeviceInstallation/PreventDeviceMetadataFromNetwork
                    • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                    • DmaGuard/DeviceEnumerationPolicy
                    • Experience/AllowClipboardHistory
                    • Security/RecoveryEnvironmentAuthentication
                    • TaskManager/AllowEndTask
                    • WindowsDefenderSecurityCenter/DisableClearTpmButton
                    • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                    • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                    • WindowsLogon/DontDisplayNetworkSelectionUI

                      Recent changes:

                    • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| ## June 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      Wifi CSP

                      Added a new node WifiCost in Windows 10, version 1809.

                      -
                      Diagnose MDM failures in Windows 10

                      Recent changes:

                      -
                        -
                      • Added procedure for collecting logs remotely from Windows 10 Holographic.
                        • -
                      • Added procedure for downloading the MDM Diagnostic Information log.
                        • -
                      -
                      BitLocker CSP

                      Added new node AllowStandardUserEncryption in Windows 10, version 1809.

                      -
                      Policy CSP

                      Recent changes:

                      -
                        -
                      • AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration - removed from docs. Not supported.
                        • -
                      • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
                        • -
                      • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
                        • -
                      • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
                        • -
                      • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
                        • -
                      • Security/RequireDeviceEncryption is supported in the Home SKU.
                        • -
                      • Start/StartLayout - added a table of SKU support information.
                        • -
                      • Start/ImportEdgeAssets - added a table of SKU support information.
                        • -
                      -

                      Added the following new policies in Windows 10, version 1809:

                      -
                        -
                      • Update/EngagedRestartDeadlineForFeatureUpdates
                        • -
                      • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                        • -
                      • Update/EngagedRestartTransitionScheduleForFeatureUpdates
                        • -
                      • Update/SetDisablePauseUXAccess
                        • -
                      • Update/SetDisableUXWUAccess
                        • -
                      -
                      WiredNetwork CSPNew CSP added in Windows 10, version 1809. -
                      +|New or updated article|Description| +|--- |--- | +|[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.| +|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
                    • Added procedure for collecting logs remotely from Windows 10 Holographic.
                    • Added procedure for downloading the MDM Diagnostic Information log.| +|[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.| +|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
                    • AccountPoliciesAccountLockoutPolicy
                    • AccountLockoutDuration - removed from docs. Not supported.
                    • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
                    • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
                    • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
                    • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
                    • Security/RequireDeviceEncryption is supported in the Home SKU.
                    • Start/StartLayout - added a table of SKU support information.
                    • Start/ImportEdgeAssets - added a table of SKU support information.

                      Added the following new policies in Windows 10, version 1809:

                    • Update/EngagedRestartDeadlineForFeatureUpdates
                    • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                    • Update/EngagedRestartTransitionScheduleForFeatureUpdates
                    • Update/SetDisablePauseUXAccess
                    • Update/SetDisableUXWUAccess| +|[WiredNetwork CSP](wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.| ## May 2018 - ---- - - - - - - - - - - - -
                      New or updated articleDescription
                      Policy DDF file

                      Updated the DDF files in the Windows 10 version 1703 and 1709.

                      - -
                      +|New or updated article|Description| +|--- |--- | +|[Policy DDF file](policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
                    • [Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
                    • [Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)| ## April 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      WindowsDefenderApplicationGuard CSP

                      Added the following node in Windows 10, version 1803:

                      -
                        -
                      • Settings/AllowVirtualGPU
                        • -
                      • Settings/SaveFilesToHost
                        • -
                      -
                      NetworkProxy CSP

                      Added the following node in Windows 10, version 1803:

                      -
                        -
                      • ProxySettingsPerUser
                        • -
                      -
                      Accounts CSP

                      Added a new CSP in Windows 10, version 1803.

                      -
                      MDM Migration Analysis Tool (MMAT)

                      Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.

                      -
                      CSP DDF files download

                      Added the DDF download of Windows 10, version 1803 configuration service providers.

                      -
                      Policy CSP

                      Added the following new policies for Windows 10, version 1803:

                      -
                        -
                      • Bluetooth/AllowPromptedProximalConnections
                        • -
                      • KioskBrowser/EnableEndSessionButton
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
                        • -
                      -
                      +|New or updated article|Description| +|--- |--- | +|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
                    • Settings/AllowVirtualGPU
                    • Settings/SaveFilesToHost| +|[NetworkProxy CSP](\networkproxy--csp.md)|Added the following node in Windows 10, version 1803:
                    • ProxySettingsPerUser| +|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.| +|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • Bluetooth/AllowPromptedProximalConnections
                    • KioskBrowser/EnableEndSessionButton
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers| ## March 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      eUICCs CSP

                      Added the following node in Windows 10, version 1803:

                      -
                        -
                      • IsEnabled
                        • -
                      -
                      DeviceStatus CSP

                      Added the following node in Windows 10, version 1803:

                      -
                        -
                      • OS/Mode
                        • -
                      -
                      Understanding ADMX-backed policies

                      Added the following videos:

                      - -
                      AccountManagement CSP

                      Added a new CSP in Windows 10, version 1803.

                      -
                      RootCATrustedCertificates CSP

                      Added the following node in Windows 10, version 1803:

                      -
                        -
                      • UntrustedCertificates
                        • -
                      -
                      Policy CSP

                      Added the following new policies for Windows 10, version 1803:

                      -
                        -
                      • ApplicationDefaults/EnableAppUriHandlers
                        • -
                      • ApplicationManagement/MSIAllowUserControlOverInstall
                        • -
                      • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                        • -
                      • Connectivity/AllowPhonePCLinking
                        • -
                      • Notifications/DisallowCloudNotification
                        • -
                      • Notifications/DisallowTileNotification
                        • -
                      • RestrictedGroups/ConfigureGroupMembership
                        • -
                      -

                      The following existing policies were updated:

                      -
                        -
                      • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
                        • -
                      • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
                        • -
                      • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
                        • -
                      -

                      Added a new section:

                      - -
                      Policy CSP - Bluetooth

                      Added new section ServicesAllowedList usage guide.

                      -
                      MultiSIM CSP

                      Added SyncML examples and updated the settings descriptions.

                      -
                      RemoteWipe CSP

                      Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.

                      -
                      +|New or updated article|Description| +|--- |--- | +|[eUICCs CSP](euiccs-csp.md)|Added the following node in Windows 10, version 1803:
                    • IsEnabled| +|[DeviceStatus CSP](devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
                    • OS/Mode| +|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
                    • [How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
                    • [How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)| +|[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
                    • UntrustedCertificates| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • ApplicationDefaults/EnableAppUriHandlers
                    • ApplicationManagement/MSIAllowUserControlOverInstall
                    • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                    • Connectivity/AllowPhonePCLinking
                    • Notifications/DisallowCloudNotification
                    • Notifications/DisallowTileNotification
                    • RestrictedGroups/ConfigureGroupMembership

                      The following existing policies were updated:

                    • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
                    • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
                    • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

                      Added a new section:

                    • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| +|[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).| +|[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.| +|[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.| ## February 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      Policy CSP

                      Added the following new policies for Windows 10, version 1803:

                      -
                        -
                      • Display/DisablePerProcessDpiForApps
                        • -
                      • Display/EnablePerProcessDpi
                        • -
                      • Display/EnablePerProcessDpiForApps
                        • -
                      • Experience/AllowWindowsSpotlightOnSettings
                        • -
                      • TextInput/ForceTouchKeyboardDockedState
                        • -
                      • TextInput/TouchKeyboardDictationButtonAvailability
                        • -
                      • TextInput/TouchKeyboardEmojiButtonAvailability
                        • -
                      • TextInput/TouchKeyboardFullModeAvailability
                        • -
                      • TextInput/TouchKeyboardHandwritingModeAvailability
                        • -
                      • TextInput/TouchKeyboardNarrowModeAvailability
                        • -
                      • TextInput/TouchKeyboardSplitModeAvailability
                        • -
                      • TextInput/TouchKeyboardWideModeAvailability
                        • -
                          -
                      VPNv2 ProfileXML XSD

                      Updated the XSD and Plug-in profile example for VPNv2 CSP.

                      -
                      AssignedAccess CSP

                      Added the following nodes in Windows 10, version 1803:

                      -
                        -
                      • Status
                        • -
                      • ShellLauncher
                        • -
                      • StatusConfiguration
                        • -
                      -

                      Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.

                      -
                      MultiSIM CSP

                      Added a new CSP in Windows 10, version 1803.

                      -
                      EnterpriseModernAppManagement CSP

                      Added the following node in Windows 10, version 1803:

                      -
                        -
                      • MaintainProcessorArchitectureOnUpdate
                        • -
                      -
                      +|New or updated article|Description| +|--- |--- | +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • Display/DisablePerProcessDpiForApps
                    • Display/EnablePerProcessDpi
                    • Display/EnablePerProcessDpiForApps
                    • Experience/AllowWindowsSpotlightOnSettings
                    • TextInput/ForceTouchKeyboardDockedState
                    • TextInput/TouchKeyboardDictationButtonAvailability
                    • TextInput/TouchKeyboardEmojiButtonAvailability
                    • TextInput/TouchKeyboardFullModeAvailability
                    • TextInput/TouchKeyboardHandwritingModeAvailability
                    • TextInput/TouchKeyboardNarrowModeAvailability
                    • TextInput/TouchKeyboardSplitModeAvailability
                    • TextInput/TouchKeyboardWideModeAvailability| +|[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
                    • Status
                    • ShellLauncher
                    • StatusConfiguration

                      Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.| +|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:

                    • MaintainProcessorArchitectureOnUpdate| ## January 2018 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      Policy CSP

                      Added the following new policies for Windows 10, version 1803:

                      -
                        -
                      • Browser/AllowConfigurationUpdateForBooksLibrary
                        • -
                      • Browser/AlwaysEnableBooksLibrary
                        • -
                      • Browser/EnableExtendedBooksTelemetry
                        • -
                      • Browser/UseSharedFolderForBooks
                        • -
                      • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                        • -
                      • DeliveryOptimization/DODelayForegroundDownloadFromHttp
                        • -
                      • DeliveryOptimization/DOGroupIdSource
                        • -
                      • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                        • -
                      • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                        • -
                      • DeliveryOptimization/DORestrictPeerSelectionBy
                        • -
                      • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                        • -
                      • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                        • -
                      • KioskBrowser/BlockedUrlExceptions
                        • -
                      • KioskBrowser/BlockedUrls
                        • -
                      • KioskBrowser/DefaultURL
                        • -
                      • KioskBrowser/EnableHomeButton
                        • -
                      • KioskBrowser/EnableNavigationButtons
                        • -
                      • KioskBrowser/RestartOnIdleTime
                        • -
                      • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                        • -
                      • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                        • -
                      • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                        • -
                      • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                        • -
                      • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                        • -
                      • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                        • -
                      • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                        • -
                      • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                        • -
                      • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                        • -
                      • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                        • -
                      • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                        • -
                      • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                        • -
                      • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                        • -
                      • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                        • -
                      • RestrictedGroups/ConfigureGroupMembership
                        • -
                      • Search/AllowCortanaInAAD
                        • -
                      • Search/DoNotUseWebResults
                        • -
                      • Security/ConfigureWindowsPasswords
                        • -
                      • System/FeedbackHubAlwaysSaveDiagnosticsLocally
                        • -
                      • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                        • -
                      • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                        • -
                      • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                        • -
                      • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                        • -
                      • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                        • -
                      • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                        • -
                      • TaskScheduler/EnableXboxGameSaveTask
                        • -
                      • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                        • -
                      • Update/ConfigureFeatureUpdateUninstallPeriod
                        • -
                      • UserRights/AccessCredentialManagerAsTrustedCaller
                        • -
                      • UserRights/AccessFromNetwork
                        • -
                      • UserRights/ActAsPartOfTheOperatingSystem
                        • -
                      • UserRights/AllowLocalLogOn
                        • -
                      • UserRights/BackupFilesAndDirectories
                        • -
                      • UserRights/ChangeSystemTime
                        • -
                      • UserRights/CreateGlobalObjects
                        • -
                      • UserRights/CreatePageFile
                        • -
                      • UserRights/CreatePermanentSharedObjects
                        • -
                      • UserRights/CreateSymbolicLinks
                        • -
                      • UserRights/CreateToken
                        • -
                      • UserRights/DebugPrograms
                        • -
                      • UserRights/DenyAccessFromNetwork
                        • -
                      • UserRights/DenyLocalLogOn
                        • -
                      • UserRights/DenyRemoteDesktopServicesLogOn
                        • -
                      • UserRights/EnableDelegation
                        • -
                      • UserRights/GenerateSecurityAudits
                        • -
                      • UserRights/ImpersonateClient
                        • -
                      • UserRights/IncreaseSchedulingPriority
                        • -
                      • UserRights/LoadUnloadDeviceDrivers
                        • -
                      • UserRights/LockMemory
                        • -
                      • UserRights/ManageAuditingAndSecurityLog
                        • -
                      • UserRights/ManageVolume
                        • -
                      • UserRights/ModifyFirmwareEnvironment
                        • -
                      • UserRights/ModifyObjectLabel
                        • -
                      • UserRights/ProfileSingleProcess
                        • -
                      • UserRights/RemoteShutdown
                        • -
                      • UserRights/RestoreFilesAndDirectories
                        • -
                      • UserRights/TakeOwnership
                        • -
                      • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                        • -
                      • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                        • -
                      • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                        • -
                      • WindowsDefenderSecurityCenter/HideSecureBoot
                        • -
                      • WindowsDefenderSecurityCenter/HideTPMTroubleshooting
                        • -
                      -

                      Added the following policies the were added in Windows 10, version 1709

                      -
                        -
                      • DeviceLock/MinimumPasswordAge
                        • -
                      • Settings/AllowOnlineTips
                        • -
                      • System/DisableEnterpriseAuthProxy
                        • -
                      -

                      Security/RequireDeviceEncryption - updated to show it is supported in desktop.

                      -
                      BitLocker CSP

                      Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.

                      -
                      EnterpriseModernAppManagement CSP

                      Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.

                      -
                      DMClient CSP

                      Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:

                      -
                        -
                      • AADSendDeviceToken
                        • -
                      • BlockInStatusPage
                        • -
                      • AllowCollectLogsButton
                        • -
                      • CustomErrorText
                        • -
                      • SkipDeviceStatusPage
                        • -
                      • SkipUserStatusPage
                        • -
                      -
                      Defender CSP

                      Added new node (OfflineScan) in Windows 10, version 1803.

                      -
                      UEFI CSP

                      Added a new CSP in Windows 10, version 1803.

                      -
                      Update CSP

                      Added the following nodes in Windows 10, version 1803:

                      -
                        -
                      • Rollback
                        • -
                      • Rollback/FeatureUpdate
                        • -
                      • Rollback/QualityUpdateStatus
                        • -
                      • Rollback/FeatureUpdateStatus
                        • -
                      -
                      +|New or updated article|Description| +|--- |--- | +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • Browser/AllowConfigurationUpdateForBooksLibrary
                    • Browser/AlwaysEnableBooksLibrary
                    • Browser/EnableExtendedBooksTelemetry
                    • Browser/UseSharedFolderForBooks
                    • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                    • DeliveryOptimization/DODelayForegroundDownloadFromHttp
                    • DeliveryOptimization/DOGroupIdSource
                    • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                    • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                    • DeliveryOptimization/DORestrictPeerSelectionBy
                    • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                    • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                    • KioskBrowser/BlockedUrlExceptions
                    • KioskBrowser/BlockedUrls
                    • KioskBrowser/DefaultURL
                    • KioskBrowser/EnableHomeButton
                    • KioskBrowser/EnableNavigationButtons
                    • KioskBrowser/RestartOnIdleTime
                    • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                    • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                    • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                    • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                    • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                    • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                    • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                    • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                    • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                    • RestrictedGroups/ConfigureGroupMembership
                    • Search/AllowCortanaInAAD
                    • Search/DoNotUseWebResults
                    • Security/ConfigureWindowsPasswords
                    • System/FeedbackHubAlwaysSaveDiagnosticsLocally
                    • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                    • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                    • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                    • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                    • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                    • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                    • TaskScheduler/EnableXboxGameSaveTask
                    • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                    • Update/ConfigureFeatureUpdateUninstallPeriod
                    • UserRights/AccessCredentialManagerAsTrustedCaller
                    • UserRights/AccessFromNetwork
                    • UserRights/ActAsPartOfTheOperatingSystem
                    • UserRights/AllowLocalLogOn
                    • UserRights/BackupFilesAndDirectories
                    • UserRights/ChangeSystemTime
                    • UserRights/CreateGlobalObjects
                    • UserRights/CreatePageFile
                    • UserRights/CreatePermanentSharedObjects
                    • UserRights/CreateSymbolicLinks
                    • UserRights/CreateToken
                    • UserRights/DebugPrograms
                    • UserRights/DenyAccessFromNetwork
                    • UserRights/DenyLocalLogOn
                    • UserRights/DenyRemoteDesktopServicesLogOn
                    • UserRights/EnableDelegation
                    • UserRights/GenerateSecurityAudits
                    • UserRights/ImpersonateClient
                    • UserRights/IncreaseSchedulingPriority
                    • UserRights/LoadUnloadDeviceDrivers
                    • UserRights/LockMemory
                    • UserRights/ManageAuditingAndSecurityLog
                    • UserRights/ManageVolume
                    • UserRights/ModifyFirmwareEnvironment
                    • UserRights/ModifyObjectLabel
                    • UserRights/ProfileSingleProcess
                    • UserRights/RemoteShutdown
                    • UserRights/RestoreFilesAndDirectories
                    • UserRights/TakeOwnership
                    • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                    • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                    • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                    • WindowsDefenderSecurityCenter/HideSecureBoot
                    • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

                      Added the following policies the were added in Windows 10, version 1709

                    • DeviceLock/MinimumPasswordAge
                    • Settings/AllowOnlineTips
                    • System/DisableEnterpriseAuthProxy
                    • Security/RequireDeviceEncryption - updated to show it is supported in desktop.| +|[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.| +|[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
                    • AADSendDeviceToken
                    • BlockInStatusPage
                    • AllowCollectLogsButton
                    • CustomErrorText
                    • SkipDeviceStatusPage
                    • SkipUserStatusPage| +|[Defender CSP](defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.| +|[UEFI CSP](uefi-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[Update CSP](update-csp.md)|Added the following nodes in Windows 10, version 1803:
                    • Rollback
                    • Rollback/FeatureUpdate
                    • Rollback/QualityUpdateStatus
                    • Rollback/FeatureUpdateStatus| ## December 2017 - ---- - - - - - - - - - - - -
                      New or updated articleDescription
                      Configuration service provider reference

                      Added new section CSP DDF files download

                      -
                      +|New or updated article|Description| +|--- |--- | +|[Configuration service provider reference](configuration-service-provider-reference.md)|Added new section [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)| ## November 2017 - ---- - - - - - - - - - - - -
                      New or updated articleDescription
                      Policy CSP

                      Added the following policies for Windows 10, version 1709:

                      -
                        -
                      • Authentication/AllowFidoDeviceSignon
                        • -
                      • Cellular/LetAppsAccessCellularData
                        • -
                      • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                        • -
                      • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                        • -
                      • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                        • -
                      • Start/HidePeopleBar
                        • -
                      • Storage/EnhancedStorageDevices
                        • -
                      • Update/ManagePreviewBuilds
                        • -
                      • WirelessDisplay/AllowMdnsAdvertisement
                        • -
                      • WirelessDisplay/AllowMdnsDiscovery
                        • -
                      -

                      Added missing policies from previous releases:

                      -
                        -
                      • Connectivity/DisallowNetworkConnectivityActiveTest
                        • -
                      • Search/AllowWindowsIndexer
                        • -
                      -
                      +|New or updated article|Description| +|--- |--- | +|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
                    • Authentication/AllowFidoDeviceSignon
                    • Cellular/LetAppsAccessCellularData
                    • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                    • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                    • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                    • Start/HidePeopleBar
                    • Storage/EnhancedStorageDevices
                    • Update/ManagePreviewBuilds
                    • WirelessDisplay/AllowMdnsAdvertisement
                    • WirelessDisplay/AllowMdnsDiscovery

                      Added missing policies from previous releases:

                    • Connectivity/DisallowNetworkConnectivityActiveTest
                    • Search/AllowWindowsIndexer| ## October 2017 - ---- - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      Policy DDF file

                      Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.

                      -
                      Policy CSP

                      Updated the following policies:

                      -
                        -
                      • Defender/ControlledFolderAccessAllowedApplications - string separator is |.
                        • -
                      • Defender/ControlledFolderAccessProtectedFolders - string separator is |.
                        • -
                      -
                      eUICCs CSP

                      Added new CSP in Windows 10, version 1709.

                      -
                      AssignedAccess CSP

                      Added SyncML examples for the new Configuration node.

                      -
                      DMClient CSP

                      Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.

                      -
                      +|New or updated article|Description| +|--- |--- | +|[Policy DDF file](policy-ddf-file.md)|Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.| +|[Policy CSP](policy-configuration-service-provider.md)|Updated the following policies:
                    • Defender/ControlledFolderAccessAllowedApplications - string separator is'I'
                    • Defender/ControlledFolderAccessProtectedFolders - string separator is 'I'.| +|[eUICCs CSP](euiccs-csp.md)|Added new CSP in Windows 10, version 1709.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Added SyncML examples for the new Configuration node.| +|[DMClient CSP](dmclient-csp.md)|Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.| ## September 2017 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      Policy CSP

                      Added the following new policies for Windows 10, version 1709:

                      -
                        -
                      • Authentication/AllowAadPasswordReset
                        • -
                      • Handwriting/PanelDefaultModeDocked
                        • -
                      • Search/AllowCloudSearch
                        • -
                      • System/LimitEnhancedDiagnosticDataWindowsAnalytics
                        • -
                      -

                      Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.

                      -
                      AssignedAccess CSP

                      Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.

                      -
                      Microsoft Store for Business and Microsoft Store

                      Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.

                      -
                      The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2

                      The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

                      -
                        -
                      • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                        • -
                      • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                        • -
                      • DomainName - fully qualified domain name if the device is domain-joined.
                        • -
                      -

                      For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

                      -
                      EnterpriseAPN CSP

                      Added a SyncML example.

                      -
                      VPNv2 CSP

                      Added RegisterDNS setting in Windows 10, version 1709.

                      -
                      Enroll a Windows 10 device automatically using Group Policy

                      Added new topic to introduce a new Group Policy for automatic MDM enrollment.

                      -
                      MDM enrollment of Windows-based devices

                      New features in the Settings app:

                      -
                        -
                      • User sees installation progress of critical policies during MDM enrollment.
                        • -
                      • User knows what policies, profiles, apps MDM has configured
                        • -
                      • IT helpdesk can get detailed MDM diagnostic information using client tools
                        • -
                      -

                      For details, see Managing connections and Collecting diagnostic logs

                      -
                      +|New or updated article|Description| +|--- |--- | +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                    • Authentication/AllowAadPasswordReset
                    • Handwriting/PanelDefaultModeDocked
                    • Search/AllowCloudSearch
                    • System/LimitEnhancedDiagnosticDataWindowsAnalytics

                      Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.| +|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.| +|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

                    • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                    • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                    • DomainName - fully qualified domain name if the device is domain-joined.

                      For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| +|[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.| +|[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.| +|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.| +|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:

                    • User sees installation progress of critical policies during MDM enrollment.
                    • User knows what policies, profiles, apps MDM has configured
                    • IT helpdesk can get detailed MDM diagnostic information using client tools

                      For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| ## August 2017 - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      New or updated articleDescription
                      Enable ADMX-backed policies in MDM

                      Added new step-by-step guide to enable ADMX-backed policies.

                      -
                      Mobile device enrollment

                      Added the following statement:

                      -
                        -
                      • Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
                        • -
                      -
                      CM_CellularEntries CSP

                      Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.

                      -
                      EnterpriseDataProtection CSP

                      Updated the Settings/EDPEnforcementLevel values to the following:

                      -
                        -
                      • 0 (default) – Off / No protection (decrypts previously protected data).
                        • -
                      • 1 – Silent mode (encrypt and audit only).
                        • -
                      • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
                        • -
                      • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
                        • -
                      -
                      AppLocker CSP

                      Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in Allow list examples.

                      -
                      DeviceManageability CSP

                      Added the following settings in Windows 10, version 1709:

                      -
                        -
                      • Provider/ProviderID/ConfigInfo
                        • -
                      • Provider/ProviderID/EnrollmentInfo
                        • -
                      -
                      Office CSP

                      Added the following setting in Windows 10, version 1709:

                      -
                        -
                      • Installation/CurrentStatus
                        • -
                      -
                      BitLocker CSPAdded information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. -
                      Firewall CSPUpdated the CSP and DDF topics. Here are the changes: -
                        -
                      • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
                        • -
                      • Changed some data types from integer to bool.
                        • -
                      • Updated the list of supported operations for some settings.
                        • -
                      • Added default values.
                        • -
                      -
                      Policy DDF fileAdded another Policy DDF file download for the 8C release of Windows 10, version 1607, which added the following policies: -
                        -
                      • Browser/AllowMicrosoftCompatibilityList
                        • -
                      • Update/DisableDualScan
                        • -
                      • Update/FillEmptyContentUrls
                        • -
                      -
                      Policy CSP

                      Added the following new policies for Windows 10, version 1709:

                      -
                        -
                      • Browser/ProvisionFavorites
                        • -
                      • Browser/LockdownFavorites
                        • -
                      • ExploitGuard/ExploitProtectionSettings
                        • -
                      • Games/AllowAdvancedGamingServices
                        • -
                      • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                        • -
                      • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                        • -
                      • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                        • -
                      • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                        • -
                      • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                        • -
                      • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                        • -
                      • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                        • -
                      • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                        • -
                      • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                        • -
                      • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                        • -
                      • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                        • -
                      • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                        • -
                      • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                        • -
                      • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                        • -
                      • Privacy/EnableActivityFeed
                        • -
                      • Privacy/PublishUserActivities
                        • -
                      • Update/DisableDualScan
                        • -
                      • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
                        • -
                      -

                      Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

                      -

                      Changed the names of the following policies:

                      -
                        -
                      • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
                        • -
                      • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                        • -
                      • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
                        • -
                      -

                      Added links to the additional ADMX-backed BitLocker policies.

                      -

                      There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:

                      -
                        -
                      • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                        • -
                      • Start/HideAppList
                        • -
                      -
                      \ No newline at end of file +|New or updated article|Description| +|--- |--- | +|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.| +|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

                      Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| +|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.| +|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following:

                    • 0 (default) – Off / No protection (decrypts previously protected data).
                    • 1 – Silent mode (encrypt and audit only).
                    • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
                    • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).| +|[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allow list examples](applocker-csp.md#allow-list-examples).| +|[DeviceManageability CSP](devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
                    • Provider/ProviderID/ConfigInfo
                    • Provider/ProviderID/EnrollmentInfo| +|[Office CSP](office-csp.md)|Added the following setting in Windows 10, version 1709:
                    • Installation/CurrentStatus| +|[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.| +|[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
                    • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
                    • Changed some data types from integer to bool.
                    • Updated the list of supported operations for some settings.
                    • Added default values.| +|[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
                    • Browser/AllowMicrosoftCompatibilityList
                    • Update/DisableDualScan
                    • Update/FillEmptyContentUrls| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                    • Browser/ProvisionFavorites
                    • Browser/LockdownFavorites
                    • ExploitGuard/ExploitProtectionSettings
                    • Games/AllowAdvancedGamingServices
                    • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                    • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                    • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                    • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                    • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                    • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                    • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                    • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                    • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                    • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                    • Privacy/EnableActivityFeed
                    • Privacy/PublishUserActivities
                    • Update/DisableDualScan
                    • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

                      Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

                      Changed the names of the following policies:

                    • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
                    • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                    • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

                      Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

                      There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:

                    • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                    • Start/HideAppList| \ No newline at end of file diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 0cb346ab02..d195063ef0 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -243,92 +243,137 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force ``` - ## Policies set by shared PC mode + Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options. > [!IMPORTANT] > It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required. - +### Admin Templates > Control Panel > Personalization - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                      Policy name

                      Value

                      When set?

                      Admin Templates > Control Panel > Personalization

                      Prevent enabling lock screen slide show

                      Enabled

                      Always

                      Prevent changing lock screen and logon image

                      Enabled

                      Always

                      Admin Templates > System > Power Management > Button Settings

                      Select the Power button action (plugged in)

                      Sleep

                      SetPowerPolicies=True

                      Select the Power button action (on battery)

                      Sleep

                      SetPowerPolicies=True

                      Select the Sleep button action (plugged in)

                      Sleep

                      SetPowerPolicies=True

                      Select the lid switch action (plugged in)

                      Sleep

                      SetPowerPolicies=True

                      Select the lid switch action (on battery)

                      Sleep

                      SetPowerPolicies=True

                      Admin Templates > System > Power Management > Sleep Settings

                      Require a password when a computer wakes (plugged in)

                      Enabled

                      SignInOnResume=True

                      Require a password when a computer wakes (on battery)

                      Enabled

                      SignInOnResume=True

                      Specify the system sleep timeout (plugged in)

                      SleepTimeout

                      SetPowerPolicies=True

                      Specify the system sleep timeout (on battery)

                      SleepTimeout

                      SetPowerPolicies=True

                      Turn off hybrid sleep (plugged in)

                      Enabled

                      SetPowerPolicies=True

                      Turn off hybrid sleep (on battery)

                      Enabled

                      SetPowerPolicies=True

                      Specify the unattended sleep timeout (plugged in)

                      SleepTimeout

                      SetPowerPolicies=True

                      Specify the unattended sleep timeout (on battery)

                      SleepTimeout

                      SetPowerPolicies=True

                      Allow standby states (S1-S3) when sleeping (plugged in)

                      Enabled

                      SetPowerPolicies=True

                      Allow standby states (S1-S3) when sleeping (on battery)

                      Enabled

                      SetPowerPolicies=True

                      Specify the system hibernate timeout (plugged in)

                      Enabled, 0

                      SetPowerPolicies=True

                      Specify the system hibernate timeout (on battery)

                      Enabled, 0

                      SetPowerPolicies=True

                      Admin Templates>System>Power Management>Video and Display Settings

                      Turn off the display (plugged in)

                      SleepTimeout

                      SetPowerPolicies=True

                      Turn off the display (on battery

                      SleepTimeout

                      SetPowerPolicies=True

                      Admin Templates>System>Power Management>Energy Saver Settings

                      Energy Saver Battery Threshold (on battery)70SetPowerPolicies=True

                      Admin Templates>System>Logon

                      Show first sign-in animation

                      Disabled

                      Always

                      Hide entry points for Fast User Switching

                      Enabled

                      Always

                      Turn on convenience PIN sign-in

                      Disabled

                      Always

                      Turn off picture password sign-in

                      Enabled

                      Always

                      Turn off app notification on the lock screen

                      Enabled

                      Always

                      Allow users to select when a password is required when resuming from connected standby

                      Disabled

                      SignInOnResume=True

                      Block user from showing account details on sign-in

                      Enabled

                      Always

                      Admin Templates>System>User Profiles

                      Turn off the advertising ID

                      Enabled

                      SetEduPolicies=True

                      Admin Templates>Windows Components

                      Do not show Windows Tips

                      Enabled

                      SetEduPolicies=True

                      Turn off Microsoft consumer experiences

                      Enabled

                      SetEduPolicies=True

                      Microsoft Passport for Work

                      Disabled

                      Always

                      Prevent the usage of OneDrive for file storage

                      Enabled

                      Always

                      Admin Templates>Windows Components>Biometrics

                      Allow the use of biometrics

                      Disabled

                      Always

                      Allow users to log on using biometrics

                      Disabled

                      Always

                      Allow domain users to log on using biometrics

                      Disabled

                      Always

                      Admin Templates>Windows Components>Data Collection and Preview Builds

                      Toggle user control over Insider builds

                      Disabled

                      Always

                      Disable pre-release features or settings

                      Disabled

                      Always

                      Do not show feedback notifications

                      Enabled

                      Always

                      Allow TelemetryBasic, 0SetEduPolicies=True

                      Admin Templates>Windows Components>File Explorer

                      Show lock in the user tile menu

                      Disabled

                      Always

                      Admin Templates>Windows Components>Maintenance Scheduler

                      Automatic Maintenance Activation Boundary

                      MaintenanceStartTime

                      Always

                      Automatic Maintenance Random Delay

                      Enabled, 2 hours

                      Always

                      Automatic Maintenance WakeUp Policy

                      Enabled

                      Always

                      Admin Templates>Windows Components>Windows Hello for Business

                      Use phone sign-in

                      Disabled

                      Always

                      Use Windows Hello for Business

                      Disabled

                      Always

                      Use biometrics

                      Disabled

                      Always

                      Admin Templates>Windows Components>OneDrive

                      Prevent the usage of OneDrive for file storage

                      Enabled

                      Always

                      Windows Settings>Security Settings>Local Policies>Security Options

                      Interactive logon: Do not display last user name

                      Enabled, Disabled when account model is only guest

                      Always

                      Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

                      Disabled

                      Always

                      Shutdown: Allow system to be shut down without having to log on

                      Disabled

                      Always

                      User Account Control: Behavior of the elevation prompt for standard users

                      Auto deny

                      Always



                      +|Policy Name| Value|When set?| +|--- |--- |--- | +|Prevent enabling lock screen slide show|Enabled|Always| +|Prevent changing lock screen and logon image|Enabled|Always| +### Admin Templates > System > Power Management > Button Settings +|Policy Name| Value|When set?| +|--- |--- |--- | +|Select the Power button action (plugged in)|Sleep|SetPowerPolicies=True| +|Select the Power button action (on battery)|Sleep|SetPowerPolicies=True| +|Select the Sleep button action (plugged in)|Sleep|SetPowerPolicies=True| +|Select the lid switch action (plugged in)|Sleep|SetPowerPolicies=True| +|Select the lid switch action (on battery)|Sleep|SetPowerPolicies=True| +### Admin Templates > System > Power Management > Sleep Settings +|Policy Name| Value|When set?| +|--- |--- |--- | +|Require a password when a computer wakes (plugged in)|Enabled|SignInOnResume=True| +|Require a password when a computer wakes (on battery)|Enabled|SignInOnResume=True| +|Specify the system sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True| +|Specify the system sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True| +|Turn off hybrid sleep (plugged in)|Enabled|SetPowerPolicies=True| +|Turn off hybrid sleep (on battery)|Enabled|SetPowerPolicies=True| +|Specify the unattended sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True| +|Specify the unattended sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True| +|Allow standby states (S1-S3) when sleeping (plugged in)|Enabled|SetPowerPolicies=True| +|Allow standby states (S1-S3) when sleeping (on battery)|Enabled |SetPowerPolicies=True| +|Specify the system hibernate timeout (plugged in)|Enabled, 0|SetPowerPolicies=True| +|Specify the system hibernate timeout (on battery)|Enabled, 0|SetPowerPolicies=True| +### Admin Templates>System>Power Management>Video and Display Settings + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Turn off the display (plugged in)|*SleepTimeout*|SetPowerPolicies=True| +|Turn off the display (on battery|*SleepTimeout*|SetPowerPolicies=True| + +### Admin Templates>System>Power Management>Energy Saver Settings + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Energy Saver Battery Threshold (on battery)|70|SetPowerPolicies=True| + +### Admin Templates>System>Logon + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Show first sign-in animation|Disabled|Always| +|Hide entry points for Fast User Switching|Enabled|Always| +|Turn on convenience PIN sign-in|Disabled|Always| +|Turn off picture password sign-in|Enabled|Always| +|Turn off app notification on the lock screen|Enabled|Always| +|Allow users to select when a password is required when resuming from connected standby|Disabled|SignInOnResume=True| +|Block user from showing account details on sign-in|Enabled|Always| + +### Admin Templates>System>User Profiles + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Turn off the advertising ID|Enabled|SetEduPolicies=True| + +### Admin Templates>Windows Components + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Do not show Windows Tips |Enabled|SetEduPolicies=True| +|Turn off Microsoft consumer experiences |Enabled|SetEduPolicies=True| +|Microsoft Passport for Work|Disabled|Always| +|Prevent the usage of OneDrive for file storage|Enabled|Always| + +### Admin Templates>Windows Components>Biometrics + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Allow the use of biometrics|Disabled|Always| +|Allow users to log on using biometrics|Disabled|Always| +|Allow domain users to log on using biometrics|Disabled|Always| + +### Admin Templates>Windows Components>Data Collection and Preview Builds + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Toggle user control over Insider builds|Disabled|Always| +|Disable pre-release features or settings|Disabled|Always| +|Do not show feedback notifications|Enabled|Always| +|Allow Telemetry|Basic, 0|SetEduPolicies=True| + +### Admin Templates>Windows Components>File Explorer + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Show lock in the user tile menu|Disabled|Always| + +### Admin Templates>Windows Components>Maintenance Scheduler + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Automatic Maintenance Activation Boundary|*MaintenanceStartTime*|Always| +|Automatic Maintenance Random Delay|Enabled, 2 hours|Always| +|Automatic Maintenance WakeUp Policy|Enabled|Always| + +### Admin Templates>Windows Components>Windows Hello for Business + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Use phone sign-in|Disabled|Always| +|Use Windows Hello for Business|Disabled|Always| +|Use biometrics|Disabled|Always| + +### Admin Templates>Windows Components>OneDrive + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Prevent the usage of OneDrive for file storage|Enabled|Always| + +### Windows Settings>Security Settings>Local Policies>Security Options + +|Policy Name| Value|When set?| +|--- |--- |--- | +|Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always| +|Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always| +|Shutdown: Allow system to be shut down without having to log on|Disabled|Always| +|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always| \ No newline at end of file diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index e7434cf95e..c0a2fa58db 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -135,6 +135,7 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a ### Scenario example Downgrading from Enterprise + - Original edition: **Professional OEM** - Upgrade edition: **Enterprise** - Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education** @@ -143,102 +144,22 @@ You can move directly from Enterprise to any valid destination edition. In this ### Supported Windows 10 downgrade paths -✔ = Supported downgrade path
                      - S  = Supported; Not considered a downgrade or an upgrade
                      -[blank] = Not supported or not a downgrade
                      +✔ = Supported downgrade path +S = Supported; Not considered a downgrade or an upgrade +[blank] = Not supported or not a downgrade -
                      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      Destination edition
                             HomeProPro for WorkstationsPro EducationEducationEnterprise LTSCEnterprise
                      Starting edition
                      Home
                      Pro
                      Pro for Workstations
                      Pro Education
                      EducationS
                      Enterprise LTSC
                      EnterpriseS
                      +**Destination Edition: (Starting)** + +||Home|Pro|Pro for Workstations|Pro Education|Education|Enterprise LTSC|Enterprise| +|--- |--- |--- |--- |--- |--- |--- |--- | +|Home|||||||| +|Pro|||||||| +|Pro for Workstations|||||||| +|Pro Education|||||||| +|Education||✔|✔|✔|||S| +|Enterprise LTSC|||||||| +|Enterprise||✔|✔|✔|S||| -> > **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above. Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro. diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index b8352c8389..d63a5a3512 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -28,64 +28,16 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install ## Deployment scenarios affected -The table below provides support details for specific deployment scenarios. +The table below provides support details for specific deployment scenarios (Boot Image Version). + +||Windows 10|Windows Server 2016|Windows Server 2019|Windows Server 2022|Windows 11| +|--- |--- |--- |--- |--- |--- | +|**Windows 10**|Supported, using a boot image from matching or newer version.|Supported, using a boot image from Windows 10, version 1607 or later.|Supported, using a boot image from Windows 10, version 1809 or later.|Not supported.|Not supported.| +|**Windows Server 2016**|Supported, using a boot image from Windows 10, version 1607 or later.|Supported.|Not supported.|Not supported.|Not supported.| +|**Windows Server 2019**|Supported, using a boot image from Windows 10, version 1809 or later.|Supported.|Supported.|Not supported.|Not supported.| +|**Windows Server 2022**|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Not supported.| +|**Windows 11**|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.| -
                      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                             Windows 10Windows Server 2016Windows Server 2019Windows Server 2022Windows 11
                      -
                       
                       
                       
                       
                       
                       
                       
                       
                       
                      Boot image version
                      Windows 10Supported, using a boot image from matching or newer version.Supported, using a boot image from Windows 10, version 1607 or later.Supported, using a boot image from Windows 10, version 1809 or later.Not supported.Not supported.
                      Windows Server 2016Supported, using a boot image from Windows 10, version 1607 or later.Supported.Not supported.Not supported.Not supported.
                      Windows Server 2019Supported, using a boot image from Windows 10, version 1809 or later.Supported.Supported.Not supported.Not supported.
                      Windows Server 2022Deprecated, with a warning message.Deprecated, with a warning message.Deprecated, with a warning message.Deprecated, with a warning message.Not supported.
                      Windows 11Not supported, blocked.Not supported, blocked.Not supported, blocked.Not supported, blocked.Not supported, blocked.
                      ## Reason for the change diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 098cf03790..d7f6145692 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -23,123 +23,38 @@ ms.collection: highpri To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task. -The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories. +## Deployment categories + +The following tables summarize various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories. + - Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home). - - Note: Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates. + > [!NOTE] + >Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates. - Dynamic deployment methods enable you to configure applications and settings for specific use cases. - Traditional deployment methods use existing tools to deploy operating system images.
                        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      CategoryScenarioDescriptionMore information
                      Modern +### Modern -[Windows Autopilot](#windows-autopilot) - Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured. - -Overview of Windows Autopilot -
                      +|Scenario|Description|More information| +|--- |--- |--- | +|[Windows Autopilot](#windows-autopilot)|Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured|[Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot)| +|[In-place upgrade](#in-place-upgrade)|Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.|[Perform an in-place upgrade to Windows 10 with MDT](/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit)
                      [Perform an in-place upgrade to Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager)| -[In-place upgrade](#in-place-upgrade) +### Dynamic -                       		- Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old. - -Perform an in-place upgrade to Windows 10 with MDT
                      Perform an in-place upgrade to Windows 10 using Configuration Manager -
                      - Dynamic - +|Scenario|Description|More information| +|--- |--- |--- | +|[Subscription Activation](#windows-10-subscription-activation)|Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.|[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)| +|[AAD / MDM](#dynamic-provisioning)|The device is automatically joined to AAD and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)| +|[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)| -[Subscription Activation](#windows-10-subscription-activation) - - Switch from Windows 10 Pro to Enterprise when a subscribed user signs in. - -Windows 10 Subscription Activation -
                      - - [AAD / MDM](#dynamic-provisioning) - - The device is automatically joined to AAD and configured by MDM. - -Azure Active Directory integration with MDM -
                      - - [Provisioning packages](#dynamic-provisioning) - - Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices. - -Configure devices without MDM -
                      - Traditional - - - [Bare metal](#new-computer) - - Deploy a new device, or wipe an existing device and deploy with a fresh image. - - Deploy a Windows 10 image using MDT
                      Deploy Windows 10 using PXE and Configuration Manager -
                      - - [Refresh](#computer-refresh) - - Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. - - Refresh a Windows 7 computer with Windows 10
                      Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager -
                      - - [Replace](#computer-replace) - - Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device. - - Replace a Windows 7 computer with a Windows 10 computer
                      Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager -
                      - -
                        +### Traditional +|Scenario|Description|More information| +|--- |--- |--- | +|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy a Windows 10 image using MDT](/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt)
                      [Deploy Windows 10 using PXE and Configuration Manager](/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)| +|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows 7 computer with Windows 10](/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10)
                      [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)| +|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows 7 computer with a Windows 10 computer](/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer)
                      [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)| >[!IMPORTANT] >The Windows Autopilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.
                      diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index c59e537d48..485e471769 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -44,23 +44,15 @@ This guide provides instructions to install and configure the Microsoft Deployme Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
                      - -
                      - - -
                      TopicDescriptionTime - -
                      About MDTA high-level overview of the Microsoft Deployment Toolkit (MDT).Informational -
                      Install MDTDownload and install MDT.40 minutes -
                      Create a deployment share and reference imageA reference image is created to serve as the template for deploying new images.90 minutes -
                      Deploy a Windows 10 image using MDTThe reference image is deployed in the PoC environment.60 minutes -
                      Refresh a computer with Windows 10Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.60 minutes -
                      Replace a computer with Windows 10Back up an existing client computer, then restore this backup to a new computer.60 minutes -
                      Troubleshooting logs, events, and utilitiesLog locations and troubleshooting hints.Informational -
                      - -
                      +|Topic|Description|Time| +|--- |--- |--- | +|[About MDT](#about-mdt)|A high-level overview of the Microsoft Deployment Toolkit (MDT).|Informational| +|[Install MDT](#install-mdt)|Download and install MDT.|40 minutes| +|[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)|A reference image is created to serve as the template for deploying new images.|90 minutes| +|[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)|The reference image is deployed in the PoC environment.|60 minutes| +|[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)|Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.|60 minutes| +|[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)|Back up an existing client computer, then restore this backup to a new computer.|60 minutes| +|[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)|Log locations and troubleshooting hints.|Informational| ## About MDT diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 3855f4698d..880fc20b4b 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -53,26 +53,20 @@ After completing the instructions in this guide, you will have a PoC environment Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
                      - -
                      - - - -
                      TopicDescriptionTime
                      Hardware and software requirementsPrerequisites to complete this guide.Informational -
                      Lab setupA description and diagram of the PoC environment.Informational -
                      Configure the PoC environmentParent topic for procedures.Informational -
                      Verify support and install Hyper-VVerify that installation of Hyper-V is supported, and install the Hyper-V server role.10 minutes -
                      Download VHD and ISO filesDownload evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host.30 minutes -
                      Convert PC to VMConvert a physical computer on your network to a VM hosted in Hyper-V.30 minutes -
                      Resize VHDIncrease the storage capacity for one of the Windows Server VMs.5 minutes -
                      Configure Hyper-VCreate virtual switches, determine available RAM for virtual machines, and add virtual machines.15 minutes -
                      Configure service and user accountsStart virtual machines and configure all services and settings.60 minutes -
                      Configure VMsStart virtual machines and configure all services and settings.60 minutes -
                      Appendix A: Verify the configurationVerify and troubleshoot network connectivity and services in the PoC environment.30 minutes -
                      Appendix B: Terminology in this guideTerms used in this guide.Informational -
                      -
                      +|Topic|Description|Time| +|--- |--- |--- | +|[Hardware and software requirements](#hardware-and-software-requirements)|Prerequisites to complete this guide.|Informational| +|[Lab setup](#lab-setup)|A description and diagram of the PoC environment.|Informational| +|[Configure the PoC environment](#configure-the-poc-environment)|Parent topic for procedures.|Informational| +|[Verify support and install Hyper-V](#verify-support-and-install-hyper-v)|Verify that installation of Hyper-V is supported, and install the Hyper-V server role.|10 minutes| +|[Download VHD and ISO files](#download-vhd-and-iso-files)|Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host.|30 minutes| +|[Convert PC to VM](#convert-pc-to-vm)|Convert a physical computer on your network to a VM hosted in Hyper-V.|30 minutes| +|[Resize VHD](#resize-vhd)|Increase the storage capacity for one of the Windows Server VMs.|5 minutes| +|[Configure Hyper-V](#configure-hyper-v)|Create virtual switches, determine available RAM for virtual machines, and add virtual machines.|15 minutes| +|[Configure service and user accounts](#configure-vms)|Start virtual machines and configure all services and settings.|60 minutes| +|[Configure VMs](#configure-vms)|Start virtual machines and configure all services and settings.|60 minutes| +|[Appendix A: Verify the configuration](#appendix-a-verify-the-configuration)|Verify and troubleshoot network connectivity and services in the PoC environment.|30 minutes| +|[Appendix B: Terminology in this guide](#appendix-b-terminology-used-in-this-guide)|Terms used in this guide.|Informational| ## Hardware and software requirements @@ -85,60 +79,17 @@ Hardware requirements are displayed below:
                      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      Computer 1 (required)Computer 2 (recommended)
                      RoleHyper-V hostClient computer
                      DescriptionThis computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VM to demonstrate the upgrade process.
                      OSWindows 8.1/10 or Windows Server 2012/2012 R2/2016*Windows 7 or a later
                      EditionEnterprise, Professional, or EducationAny
                      Architecture64-bitAny
                      Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.
                      RAM8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT. -
                      16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.                      		Any
                      Disk200 GB available hard disk space, any format.Any size, MBR formatted.
                      CPUSLAT-Capable CPUAny
                      NetworkInternet connectionAny
                      - +||Computer 1 (required)|Computer 2 (recommended)| +|--- |--- |--- | +|**Role**|Hyper-V host|Client computer| +|**Description**|This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.|This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VM to demonstrate the upgrade process.| +|**OS**|Windows 8.1/10 or Windows Server 2012/2012 R2/2016*|Windows 7 or a later| +|**Edition**|Enterprise, Professional, or Education|Any| +|**Architecture**|64-bit|Any

                      *Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.*| +|**RAM**|8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
                      16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.|Any| +|**Disk**|200 GB available hard disk space, any format.|Any size, MBR formatted.| +|**CPU**|SLAT-Capable CPU|Any| +|**Network**|Internet connection|Any| \*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. Providing all steps in this guide as Hyper-V WMI or as 2008 R2 Hyper-V Manager procedures is beyond the scope of the guide.
                      @@ -236,57 +187,51 @@ When you have completed installation of Hyper-V on the host computer, begin conf 1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory. - **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. + **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. - After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below. + After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below. - - -
                      VHD
                      + ![VHD](images/download_vhd.png) 2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simple to recognize and type. 3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**. 4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. - >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**. + >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**. 5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simple to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. -After completing these steps, you will have three files in the **C:\VHD** directory: **2012R2-poc-1.vhd**, **2012R2-poc-2.vhd**, **w10-enterprise.iso**. + After completing these steps, you will have three files in the **C:\VHD** directory: **2012R2-poc-1.vhd**, **2012R2-poc-2.vhd**, **w10-enterprise.iso**. -The following displays the procedures described in this section, both before and after downloading files: + The following displays the procedures described in this section, both before and after downloading files: -

                      -C:>mkdir VHD
-C:>cd VHD
-C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd
-C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd
-   1 file(s) copied.
-C:\VHD ren *.iso w10-enterprise.iso
-C:\VHD>dir /B
-2012R2-poc-1.vhd
-2012R2-poc-2.vhd
-w10-enterprise.iso
-
                      + 
                      +     C:>mkdir VHD
+     C:>cd VHD
+     C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd
+     C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd
+        1 file(s) copied.
+     C:\VHD ren *.iso w10-enterprise.iso
+     C:\VHD>dir /B
+     2012R2-poc-1.vhd
+     2012R2-poc-2.vhd
+     w10-enterprise.iso
+
                      ### Convert PC to VM >Important: Do not attempt to use the VM resulting from the following procedure as a reference image. Also, to avoid conflicts with existing clients, do not start the VM outside the PoC network. -
                      If you do not have a PC available to convert to VM, perform the following steps to download an evaluation VM: -
                      -
                        -
                      1. Open the Download virtual machines page. -
                      2. Under Virtual machine, choose IE11 on Win7. -
                      3. Under Select platform choose HyperV (Windows). -
                      4. Click Download .zip. The download is 3.31 GB. -
                      5. Extract the zip file. Three directories are created. -
                      6. Open the Virtual Hard Disks directory and then copy IE11 - Win7.vhd to the C:\VHD directory. -
                      7. Rename IE11 - Win7.vhd to w7.vhd (do not rename the file to w7.vhdx). -
                      8. In step 5 of the Configure Hyper-V section, replace the VHD file name w7.vhdx with w7.vhd. -
                      -
                      + +1. Open the [Download virtual machines](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/) page. +2. Under **Virtual machine**, choose **IE11 on Win7**. +3. Under **Select platform** choose **HyperV (Windows)**. +4. Click **Download .zip**. The download is 3.31 GB. +5. Extract the zip file. Three directories are created. +6. Open the **Virtual Hard Disks** directory and then copy **IE11 - Win7.vhd** to the **C:\VHD** directory. +7. Rename **IE11 - Win7.vhd** to **w7.vhd** (do not rename the file to w7.vhdx). +8. In step 5 of the [Configure Hyper-V](#configure-hyper-v) section, replace the VHD file name **w7.vhdx** with **w7.vhd**. If you have a PC available to convert to VM (computer 2): @@ -301,30 +246,10 @@ If you have a PC available to convert to VM (computer 2): When creating a VM in Hyper-V, you must specify either generation 1 or generation 2. The following table describes requirements for these two types of VMs. -
                      - - - - - - - - - - - - - - - - - - - - -
                      ArchitectureOperating systemPartition style
                      Generation 132-bit or 64-bitWindows 7 or laterMBR
                      Generation 264-bitWindows 8 or laterMBR or GPT
                      - -
                      +||Architecture|Operating system|Partition style| +|--- |--- |--- |--- | +|**Generation 1**|32-bit or 64-bit|Windows 7 or later|MBR| +|**Generation 2**|64-bit|Windows 8 or later|MBR or GPT| If the PC is running a 32-bit OS or the OS is Windows 7, it must be converted to a generation 1 VM. Otherwise, it can be converted to a generation 2 VM. @@ -370,74 +295,42 @@ Number Friendly Name OperationalStatus Tota **Choosing a VM generation** -The following table displays the Hyper-V VM generation to choose based on the OS, architecture, and partition style. Links to procedures to create the corresponding VMs are included. +The following tables display the Hyper-V VM generation to choose based on the OS, architecture, and partition style. Links to procedures to create the corresponding VMs are included. -
                      +**Windows 7 MBR** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      OSPartition styleArchitectureVM generationProcedure
                      Windows 7MBR321Prepare a generation 1 VM
                      641Prepare a generation 1 VM
                      GPT32N/AN/A
                      641Prepare a generation 1 VM from a GPT disk
                      Windows 8 or laterMBR321Prepare a generation 1 VM
                      641, 2Prepare a generation 1 VM
                      GPT321Prepare a generation 1 VM from a GPT disk
                      642Prepare a generation 2 VM
                      +|Architecture|VM generation|Procedure| +|--- |--- |--- | +|32|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)| +|64|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)| -
                      +**Windows 7 GPT** + +|Architecture|VM generation|Procedure| +|--- |--- |--- | +|32|N/A|N/A| +|64|1|[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)| + +**Windows 8 or later MBR** + +|Architecture|VM generation|Procedure| +|--- |--- |--- | +|32|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)| +|64|1, 2|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)| + +**Windows 8 or later GPT** + +|Architecture|VM generation|Procedure| +|--- |--- |--- | +|32|1|[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)| +|64|2|[Prepare a generation 2 VM](#prepare-a-generation-2-vm)| + +> [!NOTE] +> +>- If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk). +>- If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the mountvol command. In this case, see [Prepare a generation 2 VM](#prepare-a-generation-2-vm). +>- If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see [Prepare a generation 1 VM](#prepare-a-generation-1-vm). -Notes:
                      -
                        -
                      • If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see Prepare a generation 1 VM from a GPT disk. -
                      • If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the mountvol command. In this case, see Prepare a generation 2 VM. -
                      • If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see Prepare a generation 1 VM. -
                      #### Prepare a generation 1 VM @@ -1080,26 +973,18 @@ Use the following procedures to verify that the PoC environment is configured pr ## Appendix B: Terminology used in this guide -

                        - -

                      - - -
                      Term -Definition -
                      GPTGUID partition table (GPT) is an updated hard-disk formatting scheme that enables the use of newer hardware. GPT is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. -
                      Hyper-VHyper-V is a server role introduced with Windows Server 2008 that lets you create a virtualized computing environment. Hyper-V can also be installed as a Windows feature on Windows client operating systems, starting with Windows 8. -
                      Hyper-V hostThe computer where Hyper-V is installed. -
                      Hyper-V ManagerThe user-interface console used to view and configure Hyper-V. -
                      MBRMaster Boot Record (MBR) is a legacy hard-disk formatting scheme that limits support for newer hardware. MBR is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. MBR is in the process of being replaced by the GPT partition format. -
                      Proof of concept (PoC)Confirmation that a process or idea works as intended. A PoC is carried out in a test environment to learn about and verify a process. -
                      Shadow copyA copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes. -
                      Virtual machine (VM)A VM is a virtual computer with its own operating system, running on the Hyper-V host. -
                      Virtual switchA virtual network connection used to connect VMs to each other and to physical network adapters on the Hyper-V host. -
                      VM snapshotA point in time image of a VM that includes its disk, memory and device state. It can be used to return a virtual machine to a former state corresponding to the time the snapshot was taken. -
                      - -
                      +|Term|Definition| +|--- |--- | +|GPT|GUID partition table (GPT) is an updated hard-disk formatting scheme that enables the use of newer hardware. GPT is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions.| +|Hyper-V|Hyper-V is a server role introduced with Windows Server 2008 that lets you create a virtualized computing environment. Hyper-V can also be installed as a Windows feature on Windows client operating systems, starting with Windows 8.| +|Hyper-V host|The computer where Hyper-V is installed.| +|Hyper-V Manager|The user-interface console used to view and configure Hyper-V.| +|MBR|Master Boot Record (MBR) is a legacy hard-disk formatting scheme that limits support for newer hardware. MBR is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. MBR is in the process of being replaced by the GPT partition format.| +|Proof of concept (PoC)|Confirmation that a process or idea works as intended. A PoC is carried out in a test environment to learn about and verify a process.| +|Shadow copy|A copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes.| +|Virtual machine (VM)|A VM is a virtual computer with its own operating system, running on the Hyper-V host.| +|Virtual switch|A virtual network connection used to connect VMs to each other and to physical network adapters on the Hyper-V host.| +|VM snapshot|A point in time image of a VM that includes its disk, memory and device state. It can be used to return a virtual machine to a former state corresponding to the time the snapshot was taken.| ## Related Topics From a6ac7aafc8b7d844ebf320d5498212431335be5e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 12:44:51 +0530 Subject: [PATCH 159/335] Fixing suggestion --- windows/deployment/upgrade/windows-10-edition-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index c0a2fa58db..3e26eb22d7 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -150,7 +150,7 @@ S = Supported; Not considered a downgrade or an upgrade **Destination Edition: (Starting)** -||Home|Pro|Pro for Workstations|Pro Education|Education|Enterprise LTSC|Enterprise| +|Edition|Home|Pro|Pro for Workstations|Pro Education|Education|Enterprise LTSC|Enterprise| |--- |--- |--- |--- |--- |--- |--- |--- | |Home|||||||| |Pro|||||||| From ec1fb5a62838323edd5e99addd5a58f81544c5f2 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:06:22 +0530 Subject: [PATCH 160/335] Update as per feedback --- .../policy-configuration-service-provider.md | 8 +- .../mdm/policy-csp-update.md | 344 +++++------------- 2 files changed, 92 insertions(+), 260 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 30b2527203..7e9298a46a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8695,16 +8695,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC Update/SetEDURestart
                      - Update/SetPolicyDrivenUpdateSourceForDriverUpdates + Update/SetPolicyDrivenUpdateSourceForDriver
                      - Update/SetPolicyDrivenUpdateSourceForFeatureUpdates + Update/SetPolicyDrivenUpdateSourceForFeature
                      - Update/SetPolicyDrivenUpdateSourceForOtherUpdates + Update/SetPolicyDrivenUpdateSourceForOther
                      - Update/SetPolicyDrivenUpdateSourceForQualityUpdates + Update/SetPolicyDrivenUpdateSourceForQuality
                      Update/SetProxyBehaviorForUpdateDetection diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 771148ce3c..f0b2bc62e2 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -203,16 +203,16 @@ ms.collection: highpri Update/SetEDURestart
                      - Update/SetPolicyDrivenUpdateSourceForDriverUpdates + Update/SetPolicyDrivenUpdateSourceForDriver
                      - Update/SetPolicyDrivenUpdateSourceForFeatureUpdates + Update/SetPolicyDrivenUpdateSourceForFeature
                      - Update/SetPolicyDrivenUpdateSourceForOtherUpdates + Update/SetPolicyDrivenUpdateSourceForOther
                      - Update/SetPolicyDrivenUpdateSourceForQualityUpdates + Update/SetPolicyDrivenUpdateSourceForQuality
                      Update/SetProxyBehaviorForUpdateDetection @@ -1130,38 +1130,14 @@ Default value is 2. **Update/ConfigureDeadlineGracePeriodForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -1669,38 +1645,14 @@ The following list shows the supported values: **Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -2585,38 +2537,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/ProductVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -3385,41 +3313,17 @@ The following list shows the supported values:
                      -**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** +**Update/SetPolicyDrivenUpdateSourceForDriver** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -3437,9 +3341,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3448,7 +3352,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForDriverUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForDriver* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3456,8 +3360,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Driver from Windows Update +- 1: Enabled, Detect, download and deploy Driver from Windows Server Update Server (WSUS) @@ -3465,41 +3369,17 @@ The following list shows the supported values:
                      -**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** +**Update/SetPolicyDrivenUpdateSourceForFeature** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -3517,9 +3397,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3528,7 +3408,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForFeatureUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForFeature* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3536,8 +3416,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Feature from Windows Update +- 1: Enabled, Detect, download and deploy Feature from Windows Server Update Server (WSUS) @@ -3545,41 +3425,17 @@ The following list shows the supported values:
                      -**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** +**Update/SetPolicyDrivenUpdateSourceForOther** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -3597,9 +3453,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForDriver >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3608,7 +3464,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForOtherUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForOther* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3616,8 +3472,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Other from Windows Update +- 1: Enabled, Detect, download and deploy Other from Windows Server Update Server (WSUS) @@ -3625,41 +3481,17 @@ The following list shows the supported values:
                      -**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** +**Update/SetPolicyDrivenUpdateSourceForQuality** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -3677,9 +3509,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3688,7 +3520,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForQualityUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForQuality* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3696,8 +3528,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Quality from Windows Update +- 1: Enabled, Detect, download and deploy Quality from Windows Server Update Server (WSUS) From eb01cc85cba3c9ee1921f31323690aa1d8352df8 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:15:10 +0530 Subject: [PATCH 161/335] Converted table --- .../mdm/policy-csp-textinput.md | 40 ++++--------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index fe40663591..704f861562 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -623,38 +623,14 @@ This setting supports a range of values between 0 and 1. **TextInput/AllowTextInputSuggestionUpdate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      From 5e65169f019180f2e08f6992ac869010386f5749 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:18:08 +0530 Subject: [PATCH 162/335] Converted table --- .../mdm/policy-csp-wirelessdisplay.md | 40 ++++--------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 75114ad157..d61b982f66 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -136,38 +136,14 @@ The following list shows the supported values: **WirelessDisplay/AllowMovementDetectionOnInfrastructure** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      From aa4250bac339d6023354a0e8164ccfab4ffcf64b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:21:05 +0530 Subject: [PATCH 163/335] Update policy-csp-virtualizationbasedtechnology.md --- ...olicy-csp-virtualizationbasedtechnology.md | 80 ++++--------------- 1 file changed, 16 insertions(+), 64 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index be76aebb53..2ca5d714a9 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -35,38 +35,14 @@ manager: dansimp **VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeYesYes
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -108,38 +84,14 @@ The following are the supported values: **VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeYesYes
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      From 5e4db1ef7f210a43257d395bde1756499e7bf1ae Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 17:47:43 +0530 Subject: [PATCH 164/335] Updated table into text due to string separator '|' --- .../change-history-for-mdm-documentation.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index 6665d6c4ea..ac52182efc 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -281,13 +281,18 @@ This article lists new and updated articles for the Mobile Device Management (MD ## October 2017 -|New or updated article|Description| -|--- |--- | -|[Policy DDF file](policy-ddf-file.md)|Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.| -|[Policy CSP](policy-configuration-service-provider.md)|Updated the following policies:
                    • Defender/ControlledFolderAccessAllowedApplications - string separator is'I'
                    • Defender/ControlledFolderAccessProtectedFolders - string separator is 'I'.| -|[eUICCs CSP](euiccs-csp.md)|Added new CSP in Windows 10, version 1709.| -|[AssignedAccess CSP](assignedaccess-csp.md)|Added SyncML examples for the new Configuration node.| -|[DMClient CSP](dmclient-csp.md)|Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.| +[Policy DDF file](policy-ddf-file.md): Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. + +[Policy CSP](policy-configuration-service-provider.md): Updated the following policies: + +- Defender/ControlledFolderAccessAllowedApplications - string separator is'|' +- Defender/ControlledFolderAccessProtectedFolders - string separator is '|'. + +[eUICCs CSP](euiccs-csp.md): Added new CSP in Windows 10, version 1709. + +[AssignedAccess CSP](assignedaccess-csp.md):Added SyncML examples for the new Configuration node. + +[DMClient CSP](dmclient-csp.md): Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. ## September 2017 From f32a68e118fef2279669c37a19eade76275c692e Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Wed, 8 Dec 2021 10:53:35 -0700 Subject: [PATCH 165/335] Fix links --- windows/security/threat-protection/index.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 7cf2f166da..0c47bc6855 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -29,18 +29,18 @@ In Windows client, hardware and software work together to help protect you from See the following articles to learn more about the different areas of Windows threat protection: -- [Application Control](/windows-defender-application-control/windows-defender-application-control.md) +- [Application Control](/windows-defender-application-control/windows-defender-application-control) - [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) - [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders) - [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection) -- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md) -- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) +- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview) +- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) +- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) - [Network Protection](/microsoft-365/security/defender-endpoint/network-protection) -- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md) +- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) -- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) -- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md) +- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security) +- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview) ### Next-generation protection Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. From 5cfe05b067d4caca50c9710ba349cc7b27681f34 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Wed, 8 Dec 2021 11:00:08 -0700 Subject: [PATCH 166/335] Apply suggestions from code review --- windows/security/threat-protection/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 0c47bc6855..0fd6528273 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -34,12 +34,12 @@ See the following articles to learn more about the different areas of Windows th - [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders) - [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection) - [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview) -- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) +- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) - [Network Protection](/microsoft-365/security/defender-endpoint/network-protection) - [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) -- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security) +- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) - [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview) ### Next-generation protection From 022a3375abfe9b873b71343025641becab5a57c1 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Wed, 8 Dec 2021 11:14:22 -0700 Subject: [PATCH 167/335] Update windows/security/threat-protection/index.md --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 0fd6528273..63927cafc8 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -29,7 +29,7 @@ In Windows client, hardware and software work together to help protect you from See the following articles to learn more about the different areas of Windows threat protection: -- [Application Control](/windows-defender-application-control/windows-defender-application-control) +- [Application Control](/security/threat-protection/windows-defender-application-control/windows-defender-application-control) - [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) - [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders) - [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection) From 7b8742d63a912db4cc23ce07a8163b5ab2bc3e92 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Wed, 8 Dec 2021 11:19:29 -0700 Subject: [PATCH 168/335] Update windows/security/threat-protection/index.md --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 63927cafc8..c76ead4afc 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -29,7 +29,7 @@ In Windows client, hardware and software work together to help protect you from See the following articles to learn more about the different areas of Windows threat protection: -- [Application Control](/security/threat-protection/windows-defender-application-control/windows-defender-application-control) +- [Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) - [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) - [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders) - [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection) From 36fd33e7dced43454db3b8d0a627de9d1cbad708 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 8 Dec 2021 11:22:37 -0800 Subject: [PATCH 169/335] sync w security book --- windows/hub/index.yml | 8 ++++---- windows/security/identity.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 23a3c69aae..cd0a734c01 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -179,9 +179,6 @@ conceptualContent: - url: /windows/security/index itemType: overview text: Windows Enterprise Security - - url: /windows/privacy/index - itemType: overview - text: Windows Privacy - url: /windows/security/hardware itemType: overview text: Hardware security @@ -193,10 +190,13 @@ conceptualContent: text: Application security - url: /windows/security/identity itemType: overview - text: User and identity security + text: Identity and privacy - url: /windows/security/cloud itemType: overview text: Cloud services + - url: /windows/privacy/index + itemType: overview + text: Windows Privacy # additionalContent section (optional) # Card with summary style diff --git a/windows/security/identity.md b/windows/security/identity.md index 0cfa07beba..7e2e8ca4b9 100644 --- a/windows/security/identity.md +++ b/windows/security/identity.md @@ -13,7 +13,7 @@ ms.prod: m365-security ms.technology: windows-sec --- -# Windows identity and user security +# Windows identity and privacy Malicious actors launch millions of password attacks every day. Weak passwords, password spraying, and phishing are the entry point for many attacks. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure. Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations. From 5b6c9a109afd42e4d8defd11eb61c6086761822e Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Wed, 8 Dec 2021 14:25:58 -0800 Subject: [PATCH 170/335] Update audit-registry.md --- windows/security/threat-protection/auditing/audit-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index bc39c3d697..f24a23d4fc 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -49,4 +49,4 @@ If success auditing is enabled, an audit entry is generated each time any accoun > [!NOTE] > On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (Event 4656) issued by the object manager. We see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, we do not see this event with the setting to just see the registry related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". -Calls to Registry APIs which involve accessing the key to perform any operations like RegSetValue, RegEnumValue, RegRenameKey etc. would trigger an event to access the object (Event 4663). So for example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. +Calls to Registry API's to access an open key object to perform an operation like RegSetValue, RegEnumValue, RegRenameKey etc. would trigger an event to access the object (Event 4663). So for example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. From 14565439fcf6f08947feb4882fa3e5d5f1c32314 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 9 Dec 2021 14:41:41 +0530 Subject: [PATCH 171/335] Updated as per task 5634470 --- ...system-components-to-microsoft-services.md | 79 +++---------------- 1 file changed, 11 insertions(+), 68 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index ee509f813a..0e25563a1f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1723,91 +1723,34 @@ In Group Policy, configure: - Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**. -### 25. Windows Spotlight +### 25. Personalized Experiences -Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy. +Personalized experiences provide features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. Example features include Windows Spotlight and Start Suggestions. You can control them by using the Group Policy. + +> [!NOTE] +> This excludes how individual experiences (e.g., Windows Spotlight) can be controlled by users in Windows Settings. If you're running Windows 10, version 1607 or later, or Windows 11, you need to: - **Enable** the following Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features** - > [!NOTE] - > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting. + -or- - -or- - -- Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one). +- Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**. -AND- -- Enable the following Group Policy **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the Lock Screen** +- Enable the following Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off cloud optimized content** -or- -- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)** +- Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)** + > [!NOTE] + > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting --AND- - - -- Configure the following in **Settings** UI: - - - **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen** - - - **Personalization** > **Start** > **Occasionally show suggestions in Start** - - - **System** > **Notifications & actions** > **Show me tips about Windows** - - -or- - -- Apply the Group Policies: - - - **Enable** the **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image and logon image** Group Policy. - - Add **C:\\windows\\web\\screen\\lockscreen.jpg** as the location in the **Path to local lock screen image** box. - - - Check the **Turn off fun facts, tips, tricks, and more on lock screen** check box. - - > [!NOTE] - > This will only take effect if the policy is applied before the first logon. - > If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, - > you can **Enable** the **Do not display the lock screen** policy under **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** - > - > Alternatively, you can create a new REG_SZ registry setting named **LockScreenImage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** - > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in - > **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **1 (one)**. - > - > The Group Policy for the **LockScreenOverlaysDisabled** registry key is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. - - - \-AND- - - - - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips** to **Enabled** - - -or- - - - Create a new REG_DWORD registry setting named **DisableSoftLanding** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)** - - - \-AND- - - - - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences** to **Enabled** - - -or- - - - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)** - -This policy setting controls whether the lock screen appears for users. The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen. - -If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC. - -If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse. - - -For more info, see [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). ### 26. Microsoft Store From ae6790ce5bdff88e9d7717a55e3adf5a2c6d4637 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 9 Dec 2021 14:53:34 +0530 Subject: [PATCH 172/335] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 0e25563a1f..fafd1e03fd 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1746,7 +1746,7 @@ If you're running Windows 10, version 1607 or later, or Windows 11, you need to: -or- -- Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)** +- Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)**. > [!NOTE] > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting From 79ba66249b500dfd8c573acb74beaf96db0d3afa Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 9 Dec 2021 14:58:16 +0530 Subject: [PATCH 173/335] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index fafd1e03fd..f1e0b1895c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1749,7 +1749,7 @@ If you're running Windows 10, version 1607 or later, or Windows 11, you need to: - Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)**. > [!NOTE] - > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting + > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting. ### 26. Microsoft Store From be24de50d58a8e98c68a2a602c3dc705317039de Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 9 Dec 2021 18:49:53 +0530 Subject: [PATCH 174/335] i corrected sentences as per user feedback #10193 , so i corrected it after verifying with GPO explanation under Windows 11. --- .../hello-for-business/hello-manage-in-organization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 5610f8e167..f7d07b7d3c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -59,7 +59,7 @@ The following table lists the Group Policy settings that you can configure for W |Minimum PIN length|Computer|

                      Not configured: PIN length must be greater than or equal to 4.

                      Enabled: PIN length must be greater than or equal to the number you specify.

                      Disabled: PIN length must be greater than or equal to 4.| |Expiration|Computer|

                      Not configured: PIN does not expire.

                      Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.

                      Disabled: PIN does not expire.| |History|Computer|

                      Not configured: Previous PINs are not stored.

                      Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.

                      Disabled: Previous PINs are not stored.

                      Note  Current PIN is included in PIN history.
                      | -|Require special characters|Computer|

                      Not configured: Users cannot include a special character in their PIN

                      Enabled: Users must include at least one special character in their PIN.

                      Disabled: Users cannot include a special character in their PIN.| +|Require special characters|Computer|

                      Not configured: Windows allows, but does not require, special characters in the PIN

                      Enabled: Windows requires the user to include at least one special character in their PIN.

                      Disabled: Windows does not allow the user to include special characters in their PIN.| |Require uppercase letters|Computer|

                      Not configured: Users cannot include an uppercase letter in their PIN.

                      Enabled: Users must include at least one uppercase letter in their PIN.

                      Disabled: Users cannot include an uppercase letter in their PIN.| ### Phone Sign-in @@ -168,4 +168,4 @@ If you want to use Windows Hello for Business with certificates, you'll need a d - [Windows Hello and password changes](hello-and-password-changes.md) - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) From a7fe5dc5142478e23c41c6791d5e22c7cf9f2f5a Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Thu, 9 Dec 2021 16:38:48 +0100 Subject: [PATCH 175/335] Update policy-csp-networklistmanager.md Additional information on how to use and configure AllowedTlsAuthenticationEndpoints and ConfiguredTLSAuthenticationNetworkName --- .../mdm/policy-csp-networklistmanager.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index ced9fe042a..686aaecb14 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -58,7 +58,16 @@ manager: dansimp -This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. +This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. +When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI: +`````` +- The HTTPS endpoint must not have any additional authentication checks such as login or multi-factor authentication. +- The HTTPS endpoint must be an internal address not accessible from outside the corporate network. +- The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store. +- A certificate should not be a public certificate. + + +

                      @@ -91,7 +100,7 @@ This policy setting provides the list of URLs (separated by Unicode character 0x -This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. +This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix configured in the TrustedNetworkDetection attribute.
                      From b74b643cbd0f16ff011634f4525ba9f57b4480be Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Thu, 9 Dec 2021 11:40:03 -0800 Subject: [PATCH 176/335] Update .acrolinx-config.edn --- .acrolinx-config.edn | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index a3a07ef4f2..64354d7a64 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -1,4 +1,4 @@ -{:allowed-branchname-matches ["master"] +{:allowed-branchname-matches ["master" "main"] :allowed-filename-matches ["windows/"] :targets @@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology: -| Article | Score | Issues | Scorecard | Processed | -| ------- | ----- | ------ | --------- | --------- | +| Article | Score | Issues | Spelling
                      issues | Scorecard | Processed | +| ------- | ----- | ------ | ------ | --------- | --------- | " :template-change - "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} | + "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/spelling} | [link](${acrolinx/scorecard}) | ${s/status} | " :template-footer From b67fce598d8054d2c34bba296f143821e5c00ded Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 14:55:21 -0500 Subject: [PATCH 177/335] spacing --- ...release-notes-for-appv-for-windows-1703.md | 120 +++++++++--------- 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md index a6f88ea7a3..4f5424f963 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md @@ -35,65 +35,65 @@ The following are known issues and workarounds for Application Virtualization (A **Workaround**: The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the `` tag: -```xml - - - ftp - - [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 - - open - - [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe - open - "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" - - - - - - - - - - - http - - [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 - - open - - [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe - open - "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" - - - - - - - - - - - https - - [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 - - open - - [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe - open - "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" - - - - - - - - -``` + ```xml + + + ftp + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 + + open + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe + open + "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" + + + + + + + + + + + http + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 + + open + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe + open + "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" + + + + + + + + + + + https + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0 + + open + + [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe + open + "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1" + + + + + + + + + ``` ## Related resources list For information that can help with troubleshooting App-V for Windows client, see: @@ -111,4 +111,4 @@ For information that can help with troubleshooting App-V for Windows client, see ## Related topics - [What's new in App-V for Windows client](appv-about-appv.md) -- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md) \ No newline at end of file +- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md) From 7ba86b1d8231c7bc468fcc2e508e7a08c89e8a51 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 15:06:56 -0500 Subject: [PATCH 178/335] Removed mobile --- .../client-management/mdm/bitlocker-csp.md | 75 +------------------ 1 file changed, 1 insertion(+), 74 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index c0d680c371..96b516b939 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -28,7 +28,7 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation The following shows the BitLocker configuration service provider in tree format. -``` +```console ./Device/Vendor/MSFT BitLocker ----RequireStorageCardEncryption @@ -63,54 +63,7 @@ BitLocker **./Device/Vendor/MSFT/BitLocker** Defines the root node for the BitLocker configuration service provider. -**RequireStorageCardEncryption** - -Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU. - - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|No|No| -|Business|No|No| -|Enterprise|No|No| -|Education|No|No| -|Mobile|Yes|Yes| - - - -Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on. - -- 0 (default) – Storage cards do not need to be encrypted. -- 1 – Require storage cards to be encrypted. - -Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on. - -If you want to disable this policy use the following SyncML: - -```xml - - - - $CmdID$ - - - ./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption - - - int - - 0 - - - - -``` - -Data type is integer. Supported operations are Add, Get, Replace, and Delete. - - **RequireDeviceEncryption** Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption. @@ -124,7 +77,6 @@ Allows the administrator to require encryption to be turned on by using BitLocke |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|Yes|Yes| Data type is integer. Sample value for this node to enable this policy: 1. @@ -185,7 +137,6 @@ Allows you to set the default encryption method for each of the different drive |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -260,7 +211,6 @@ Allows you to associate unique organizational identifiers to a new drive that is |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -321,7 +271,6 @@ Allows users on devices that are compliant with InstantGo or the Microsoft Hardw |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -364,7 +313,6 @@ Allows users to configure whether or not enhanced startup PINs are used with Bit |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -410,7 +358,6 @@ Allows you to configure whether standard users are allowed to change BitLocker P |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -456,7 +403,6 @@ Allows users to enable authentication options that require user input from the p |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -508,7 +454,6 @@ Allows you to configure the encryption type that is used by BitLocker. |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -557,7 +502,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Require addition |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -655,7 +599,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure minimu |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -722,7 +665,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -801,7 +743,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -888,7 +829,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -984,7 +924,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1043,7 +982,6 @@ Allows you to configure the encryption type on fixed data drives that is used by |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1094,7 +1032,6 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1164,7 +1101,6 @@ Allows you to configure the encryption type that is used by BitLocker. |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1209,7 +1145,6 @@ Allows you to control the use of BitLocker on removable data drives. |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1269,7 +1204,6 @@ Allows the admin to disable the warning prompt for other disk encryption on the |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1323,7 +1257,6 @@ If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDe |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1368,7 +1301,6 @@ This setting initiates a client-driven recovery password refresh after an OS dri |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1413,7 +1345,6 @@ Each server-side recovery key rotation is represented by a request ID. The serve |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1448,7 +1379,6 @@ This node reports compliance state of device encryption on the system. |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1506,7 +1436,6 @@ Status code can be one of the following: |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| @@ -1531,8 +1460,6 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| -|Mobile|No|No| - From 91417c313bfa8ae930996dab6e3f871d282a9adc Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 15:30:32 -0500 Subject: [PATCH 179/335] Spacing; October 2017 table is displaying weird Seems to be ignoring the code ticks --- .../change-history-for-mdm-documentation.md | 45 +++++++++---------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index ac52182efc..089b3868fd 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -187,13 +187,13 @@ This article lists new and updated articles for the Mobile Device Management (MD |[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.| |[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.| |[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
                    • Browser/AllowFullScreenMode
                    • Browser/AllowPrelaunch
                    • Browser/AllowPrinting
                    • Browser/AllowSavingHistory
                    • Browser/AllowSideloadingOfExtensions
                    • Browser/AllowTabPreloading
                    • Browser/AllowWebContentOnNewTabPage
                    • Browser/ConfigureFavoritesBar
                    • Browser/ConfigureHomeButton
                    • Browser/ConfigureKioskMode
                    • Browser/ConfigureKioskResetAfterIdleTimeout
                    • Browser/ConfigureOpenMicrosoftEdgeWith
                    • Browser/ConfigureTelemetryForMicrosoft365Analytics
                    • Browser/PreventCertErrorOverrides
                    • Browser/SetHomeButtonURL
                    • Browser/SetNewTabPageURL
                    • Browser/UnlockHomeButton
                    • Experience/DoNotSyncBrowserSettings
                    • Experience/PreventUsersFromTurningOnBrowserSyncing
                    • Kerberos/UPNNameHints
                    • Privacy/AllowCrossDeviceClipboard
                    • Privacy
                    • DisablePrivacyExperience
                    • Privacy/UploadUserActivities
                    • System/AllowDeviceNameInDiagnosticData
                    • System/ConfigureMicrosoft365UploadEndpoint
                    • System/DisableDeviceDelete
                    • System/DisableDiagnosticDataViewer
                    • Storage/RemovableDiskDenyWriteAccess
                    • Update/UpdateNotificationLevel

                      Start/DisableContextMenus - added in Windows 10, version 1803.

                      RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:

                    • Browser/AllowFullScreenMode
                    • Browser/AllowPrelaunch
                    • Browser/AllowPrinting
                    • Browser/AllowSavingHistory
                    • Browser/AllowSideloadingOfExtensions
                    • Browser/AllowTabPreloading
                    • Browser/AllowWebContentOnNewTabPage
                    • Browser/ConfigureFavoritesBar
                    • Browser/ConfigureHomeButton
                    • Browser/ConfigureKioskMode
                    • Browser/ConfigureKioskResetAfterIdleTimeout
                    • Browser/ConfigureOpenMicrosoftEdgeWith
                    • Browser/ConfigureTelemetryForMicrosoft365Analytics
                    • Browser/PreventCertErrorOverrides
                    • Browser/SetHomeButtonURL
                    • Browser/SetNewTabPageURL
                    • Browser/UnlockHomeButton
                    • Experience/DoNotSyncBrowserSettings
                    • Experience/PreventUsersFromTurningOnBrowserSyncing
                    • Kerberos/UPNNameHints
                    • Privacy/AllowCrossDeviceClipboard
                    • Privacy
                    • DisablePrivacyExperience
                    • Privacy/UploadUserActivities
                    • System/AllowDeviceNameInDiagnosticData
                    • System/ConfigureMicrosoft365UploadEndpoint
                    • System/DisableDeviceDelete
                    • System/DisableDiagnosticDataViewer
                    • Storage/RemovableDiskDenyWriteAccess
                    • Update/UpdateNotificationLevel

                      Start/DisableContextMenus - added in Windows 10, version 1803.

                      RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| ## July 2018 |New or updated article|Description| |--- |--- | -|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

                      You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

                      You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.| |[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.| |[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.| |[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.| @@ -202,7 +202,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.| |[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.| |[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:

                    • ApplicationManagement/LaunchAppAfterLogOn
                    • ApplicationManagement/ScheduleForceRestartForUpdateFailures
                    • Authentication/EnableFastFirstSignIn (Preview mode only)
                    • Authentication/EnableWebSignIn (Preview mode only)
                    • Authentication/PreferredAadTenantDomainName
                    • Defender/CheckForSignaturesBeforeRunningScan
                    • Defender/DisableCatchupFullScan
                    • Defender/DisableCatchupQuickScan
                    • Defender/EnableLowCPUPriority
                    • Defender/SignatureUpdateFallbackOrder
                    • Defender/SignatureUpdateFileSharesSources
                    • DeviceGuard/ConfigureSystemGuardLaunch
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                    • DeviceInstallation/PreventDeviceMetadataFromNetwork
                    • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                    • DmaGuard/DeviceEnumerationPolicy
                    • Experience/AllowClipboardHistory
                    • Security/RecoveryEnvironmentAuthentication
                    • TaskManager/AllowEndTask
                    • WindowsDefenderSecurityCenter/DisableClearTpmButton
                    • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                    • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                    • WindowsLogon/DontDisplayNetworkSelectionUI

                      Recent changes:

                    • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
                    • ApplicationManagement/LaunchAppAfterLogOn
                    • ApplicationManagement/ScheduleForceRestartForUpdateFailures
                    • Authentication/EnableFastFirstSignIn (Preview mode only)
                    • Authentication/EnableWebSignIn (Preview mode only)
                    • Authentication/PreferredAadTenantDomainName
                    • Defender/CheckForSignaturesBeforeRunningScan
                    • Defender/DisableCatchupFullScan
                    • Defender/DisableCatchupQuickScan
                    • Defender/EnableLowCPUPriority
                    • Defender/SignatureUpdateFallbackOrder
                    • Defender/SignatureUpdateFileSharesSources
                    • DeviceGuard/ConfigureSystemGuardLaunch
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                    • DeviceInstallation/PreventDeviceMetadataFromNetwork
                    • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                    • DmaGuard/DeviceEnumerationPolicy
                    • Experience/AllowClipboardHistory
                    • Security/RecoveryEnvironmentAuthentication
                    • TaskManager/AllowEndTask
                    • WindowsDefenderSecurityCenter/DisableClearTpmButton
                    • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                    • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                    • WindowsLogon/DontDisplayNetworkSelectionUI

                      Recent changes:
                    • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| ## June 2018 @@ -211,7 +211,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.| |[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
                    • Added procedure for collecting logs remotely from Windows 10 Holographic.
                    • Added procedure for downloading the MDM Diagnostic Information log.| |[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
                    • AccountPoliciesAccountLockoutPolicy
                    • AccountLockoutDuration - removed from docs. Not supported.
                    • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
                    • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
                    • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
                    • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
                    • Security/RequireDeviceEncryption is supported in the Home SKU.
                    • Start/StartLayout - added a table of SKU support information.
                    • Start/ImportEdgeAssets - added a table of SKU support information.

                      Added the following new policies in Windows 10, version 1809:

                    • Update/EngagedRestartDeadlineForFeatureUpdates
                    • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                    • Update/EngagedRestartTransitionScheduleForFeatureUpdates
                    • Update/SetDisablePauseUXAccess
                    • Update/SetDisableUXWUAccess| +|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
                    • AccountPoliciesAccountLockoutPolicy
                    • AccountLockoutDuration - removed from docs. Not supported.
                    • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
                    • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
                    • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
                    • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
                    • Security/RequireDeviceEncryption is supported in the Home SKU.
                    • Start/StartLayout - added a table of SKU support information.
                    • Start/ImportEdgeAssets - added a table of SKU support information.

                      Added the following new policies in Windows 10, version 1809:
                    • Update/EngagedRestartDeadlineForFeatureUpdates
                    • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                    • Update/EngagedRestartTransitionScheduleForFeatureUpdates
                    • Update/SetDisablePauseUXAccess
                    • Update/SetDisableUXWUAccess| |[WiredNetwork CSP](wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.| ## May 2018 @@ -240,7 +240,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
                    • [How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
                    • [How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)| |[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.| |[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
                    • UntrustedCertificates| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • ApplicationDefaults/EnableAppUriHandlers
                    • ApplicationManagement/MSIAllowUserControlOverInstall
                    • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                    • Connectivity/AllowPhonePCLinking
                    • Notifications/DisallowCloudNotification
                    • Notifications/DisallowTileNotification
                    • RestrictedGroups/ConfigureGroupMembership

                      The following existing policies were updated:

                    • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
                    • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
                    • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

                      Added a new section:

                    • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • ApplicationDefaults/EnableAppUriHandlers
                    • ApplicationManagement/MSIAllowUserControlOverInstall
                    • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                    • Connectivity/AllowPhonePCLinking
                    • Notifications/DisallowCloudNotification
                    • Notifications/DisallowTileNotification
                    • RestrictedGroups/ConfigureGroupMembership

                      The following existing policies were updated:
                    • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
                    • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
                    • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

                      Added a new section:
                    • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| |[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).| |[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.| |[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.| @@ -251,7 +251,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |--- |--- | |[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • Display/DisablePerProcessDpiForApps
                    • Display/EnablePerProcessDpi
                    • Display/EnablePerProcessDpiForApps
                    • Experience/AllowWindowsSpotlightOnSettings
                    • TextInput/ForceTouchKeyboardDockedState
                    • TextInput/TouchKeyboardDictationButtonAvailability
                    • TextInput/TouchKeyboardEmojiButtonAvailability
                    • TextInput/TouchKeyboardFullModeAvailability
                    • TextInput/TouchKeyboardHandwritingModeAvailability
                    • TextInput/TouchKeyboardNarrowModeAvailability
                    • TextInput/TouchKeyboardSplitModeAvailability
                    • TextInput/TouchKeyboardWideModeAvailability| |[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.| -|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
                    • Status
                    • ShellLauncher
                    • StatusConfiguration

                      Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:

                    • Status
                    • ShellLauncher
                    • StatusConfiguration

                      Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.| |[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.| |[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
                    • MaintainProcessorArchitectureOnUpdate| @@ -259,7 +259,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article|Description| |--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • Browser/AllowConfigurationUpdateForBooksLibrary
                    • Browser/AlwaysEnableBooksLibrary
                    • Browser/EnableExtendedBooksTelemetry
                    • Browser/UseSharedFolderForBooks
                    • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                    • DeliveryOptimization/DODelayForegroundDownloadFromHttp
                    • DeliveryOptimization/DOGroupIdSource
                    • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                    • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                    • DeliveryOptimization/DORestrictPeerSelectionBy
                    • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                    • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                    • KioskBrowser/BlockedUrlExceptions
                    • KioskBrowser/BlockedUrls
                    • KioskBrowser/DefaultURL
                    • KioskBrowser/EnableHomeButton
                    • KioskBrowser/EnableNavigationButtons
                    • KioskBrowser/RestartOnIdleTime
                    • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                    • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                    • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                    • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                    • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                    • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                    • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                    • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                    • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                    • RestrictedGroups/ConfigureGroupMembership
                    • Search/AllowCortanaInAAD
                    • Search/DoNotUseWebResults
                    • Security/ConfigureWindowsPasswords
                    • System/FeedbackHubAlwaysSaveDiagnosticsLocally
                    • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                    • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                    • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                    • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                    • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                    • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                    • TaskScheduler/EnableXboxGameSaveTask
                    • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                    • Update/ConfigureFeatureUpdateUninstallPeriod
                    • UserRights/AccessCredentialManagerAsTrustedCaller
                    • UserRights/AccessFromNetwork
                    • UserRights/ActAsPartOfTheOperatingSystem
                    • UserRights/AllowLocalLogOn
                    • UserRights/BackupFilesAndDirectories
                    • UserRights/ChangeSystemTime
                    • UserRights/CreateGlobalObjects
                    • UserRights/CreatePageFile
                    • UserRights/CreatePermanentSharedObjects
                    • UserRights/CreateSymbolicLinks
                    • UserRights/CreateToken
                    • UserRights/DebugPrograms
                    • UserRights/DenyAccessFromNetwork
                    • UserRights/DenyLocalLogOn
                    • UserRights/DenyRemoteDesktopServicesLogOn
                    • UserRights/EnableDelegation
                    • UserRights/GenerateSecurityAudits
                    • UserRights/ImpersonateClient
                    • UserRights/IncreaseSchedulingPriority
                    • UserRights/LoadUnloadDeviceDrivers
                    • UserRights/LockMemory
                    • UserRights/ManageAuditingAndSecurityLog
                    • UserRights/ManageVolume
                    • UserRights/ModifyFirmwareEnvironment
                    • UserRights/ModifyObjectLabel
                    • UserRights/ProfileSingleProcess
                    • UserRights/RemoteShutdown
                    • UserRights/RestoreFilesAndDirectories
                    • UserRights/TakeOwnership
                    • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                    • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                    • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                    • WindowsDefenderSecurityCenter/HideSecureBoot
                    • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

                      Added the following policies the were added in Windows 10, version 1709

                    • DeviceLock/MinimumPasswordAge
                    • Settings/AllowOnlineTips
                    • System/DisableEnterpriseAuthProxy
                    • Security/RequireDeviceEncryption - updated to show it is supported in desktop.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                    • Browser/AllowConfigurationUpdateForBooksLibrary
                    • Browser/AlwaysEnableBooksLibrary
                    • Browser/EnableExtendedBooksTelemetry
                    • Browser/UseSharedFolderForBooks
                    • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                    • DeliveryOptimization/DODelayForegroundDownloadFromHttp
                    • DeliveryOptimization/DOGroupIdSource
                    • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                    • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                    • DeliveryOptimization/DORestrictPeerSelectionBy
                    • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                    • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                    • KioskBrowser/BlockedUrlExceptions
                    • KioskBrowser/BlockedUrls
                    • KioskBrowser/DefaultURL
                    • KioskBrowser/EnableHomeButton
                    • KioskBrowser/EnableNavigationButtons
                    • KioskBrowser/RestartOnIdleTime
                    • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                    • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                    • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                    • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                    • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                    • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                    • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                    • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                    • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                    • RestrictedGroups/ConfigureGroupMembership
                    • Search/AllowCortanaInAAD
                    • Search/DoNotUseWebResults
                    • Security/ConfigureWindowsPasswords
                    • System/FeedbackHubAlwaysSaveDiagnosticsLocally
                    • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                    • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                    • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                    • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                    • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                    • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                    • TaskScheduler/EnableXboxGameSaveTask
                    • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                    • Update/ConfigureFeatureUpdateUninstallPeriod
                    • UserRights/AccessCredentialManagerAsTrustedCaller
                    • UserRights/AccessFromNetwork
                    • UserRights/ActAsPartOfTheOperatingSystem
                    • UserRights/AllowLocalLogOn
                    • UserRights/BackupFilesAndDirectories
                    • UserRights/ChangeSystemTime
                    • UserRights/CreateGlobalObjects
                    • UserRights/CreatePageFile
                    • UserRights/CreatePermanentSharedObjects
                    • UserRights/CreateSymbolicLinks
                    • UserRights/CreateToken
                    • UserRights/DebugPrograms
                    • UserRights/DenyAccessFromNetwork
                    • UserRights/DenyLocalLogOn
                    • UserRights/DenyRemoteDesktopServicesLogOn
                    • UserRights/EnableDelegation
                    • UserRights/GenerateSecurityAudits
                    • UserRights/ImpersonateClient
                    • UserRights/IncreaseSchedulingPriority
                    • UserRights/LoadUnloadDeviceDrivers
                    • UserRights/LockMemory
                    • UserRights/ManageAuditingAndSecurityLog
                    • UserRights/ManageVolume
                    • UserRights/ModifyFirmwareEnvironment
                    • UserRights/ModifyObjectLabel
                    • UserRights/ProfileSingleProcess
                    • UserRights/RemoteShutdown
                    • UserRights/RestoreFilesAndDirectories
                    • UserRights/TakeOwnership
                    • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                    • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                    • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                    • WindowsDefenderSecurityCenter/HideSecureBoot
                    • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

                      Added the following policies the were added in Windows 10, version 1709
                    • DeviceLock/MinimumPasswordAge
                    • Settings/AllowOnlineTips
                    • System/DisableEnterpriseAuthProxy

                      Security/RequireDeviceEncryption - updated to show it is supported in desktop.| |[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.| |[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.| |[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
                    • AADSendDeviceToken
                    • BlockInStatusPage
                    • AllowCollectLogsButton
                    • CustomErrorText
                    • SkipDeviceStatusPage
                    • SkipUserStatusPage| @@ -277,42 +277,37 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article|Description| |--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
                    • Authentication/AllowFidoDeviceSignon
                    • Cellular/LetAppsAccessCellularData
                    • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                    • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                    • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                    • Start/HidePeopleBar
                    • Storage/EnhancedStorageDevices
                    • Update/ManagePreviewBuilds
                    • WirelessDisplay/AllowMdnsAdvertisement
                    • WirelessDisplay/AllowMdnsDiscovery

                      Added missing policies from previous releases:

                    • Connectivity/DisallowNetworkConnectivityActiveTest
                    • Search/AllowWindowsIndexer| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
                    • Authentication/AllowFidoDeviceSignon
                    • Cellular/LetAppsAccessCellularData
                    • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                    • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                    • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                    • Start/HidePeopleBar
                    • Storage/EnhancedStorageDevices
                    • Update/ManagePreviewBuilds
                    • WirelessDisplay/AllowMdnsAdvertisement
                    • WirelessDisplay/AllowMdnsDiscovery

                      Added missing policies from previous releases:
                    • Connectivity/DisallowNetworkConnectivityActiveTest
                    • Search/AllowWindowsIndexer| ## October 2017 -[Policy DDF file](policy-ddf-file.md): Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. - -[Policy CSP](policy-configuration-service-provider.md): Updated the following policies: - -- Defender/ControlledFolderAccessAllowedApplications - string separator is'|' -- Defender/ControlledFolderAccessProtectedFolders - string separator is '|'. - -[eUICCs CSP](euiccs-csp.md): Added new CSP in Windows 10, version 1709. - -[AssignedAccess CSP](assignedaccess-csp.md):Added SyncML examples for the new Configuration node. - -[DMClient CSP](dmclient-csp.md): Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. +| New or updated article | Description | +| --- | --- | +| [Policy DDF file](policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. | +| [Policy CSP](policy-configuration-service-provider.md) | Updated the following policies:

                      - Defender/ControlledFolderAccessAllowedApplications - string separator is `|`
                      - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` | +| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. | +| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. | +| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. | ## September 2017 |New or updated article|Description| |--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                    • Authentication/AllowAadPasswordReset
                    • Handwriting/PanelDefaultModeDocked
                    • Search/AllowCloudSearch
                    • System/LimitEnhancedDiagnosticDataWindowsAnalytics

                      Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:

                    • Authentication/AllowAadPasswordReset
                    • Handwriting/PanelDefaultModeDocked
                    • Search/AllowCloudSearch
                    • System/LimitEnhancedDiagnosticDataWindowsAnalytics

                      Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| |[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.| |Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.| -|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
                    • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                    • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                    • DomainName - fully qualified domain name if the device is domain-joined.

                      For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| +|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

                    • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                    • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                    • DomainName - fully qualified domain name if the device is domain-joined.

                      For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| |[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.| |[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.| |[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.| -|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
                    • User sees installation progress of critical policies during MDM enrollment.
                    • User knows what policies, profiles, apps MDM has configured
                    • IT helpdesk can get detailed MDM diagnostic information using client tools

                      For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| +|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:

                    • User sees installation progress of critical policies during MDM enrollment.
                    • User knows what policies, profiles, apps MDM has configured
                    • IT helpdesk can get detailed MDM diagnostic information using client tools

                      For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| ## August 2017 |New or updated article|Description| |--- |--- | |[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.| -|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

                      Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| +|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

                      Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| |[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.| |[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following:

                    • 0 (default) – Off / No protection (decrypts previously protected data).
                    • 1 – Silent mode (encrypt and audit only).
                    • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
                    • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).| |[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allow list examples](applocker-csp.md#allow-list-examples).| @@ -321,4 +316,4 @@ This article lists new and updated articles for the Mobile Device Management (MD |[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.| |[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
                    • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
                    • Changed some data types from integer to bool.
                    • Updated the list of supported operations for some settings.
                    • Added default values.| |[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
                    • Browser/AllowMicrosoftCompatibilityList
                    • Update/DisableDualScan
                    • Update/FillEmptyContentUrls| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                    • Browser/ProvisionFavorites
                    • Browser/LockdownFavorites
                    • ExploitGuard/ExploitProtectionSettings
                    • Games/AllowAdvancedGamingServices
                    • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                    • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                    • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                    • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                    • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                    • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                    • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                    • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                    • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                    • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                    • Privacy/EnableActivityFeed
                    • Privacy/PublishUserActivities
                    • Update/DisableDualScan
                    • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

                      Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

                      Changed the names of the following policies:

                    • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
                    • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                    • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

                      Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

                      There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:

                    • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                    • Start/HideAppList| \ No newline at end of file +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                    • Browser/ProvisionFavorites
                    • Browser/LockdownFavorites
                    • ExploitGuard/ExploitProtectionSettings
                    • Games/AllowAdvancedGamingServices
                    • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                    • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                    • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                    • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                    • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                    • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                    • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                    • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                    • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                    • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                    • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                    • Privacy/EnableActivityFeed
                    • Privacy/PublishUserActivities
                    • Update/DisableDualScan
                    • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

                      Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

                      Changed the names of the following policies:
                    • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
                    • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                    • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

                      Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

                      There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
                    • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                    • Start/HideAppList| From 63498fe97171e5b9adbe3a7916b4972bd32d1d6a Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 15:45:29 -0500 Subject: [PATCH 180/335] Removed mobile --- windows/client-management/mdm/policy-csp-update.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c0233afe10..a89fed4218 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1222,7 +1222,6 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6 -Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Defers Feature Updates for the specified number of days. @@ -1394,8 +1393,6 @@ ADMX Info: > [!NOTE] -> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -> > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. @@ -1929,8 +1926,6 @@ ADMX Info: -> [!NOTE] -> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Allows IT Admins to exclude Windows Update (WU) drivers during updates. @@ -2049,7 +2044,7 @@ The following list shows the supported values: To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: +2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: ```TShell exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I' ``` @@ -2102,7 +2097,7 @@ The following list shows the supported values: To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: +2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: ```TShell exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I' ``` @@ -2244,8 +2239,6 @@ The following list shows the supported values: -Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. - Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later. @@ -2554,7 +2547,7 @@ The following list shows the supported values: > [!NOTE] -> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. +> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. From 8e299ab06210608932f41593801f6be10a6c3397 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 15:48:36 -0500 Subject: [PATCH 181/335] spacing --- .../provisioning-packages/provisioning-packages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index 6c9e724c17..703606edff 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -126,7 +126,7 @@ WCD supports the following scenarios for IT administrators: * **Simple provisioning** – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. -[Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md) + [Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md) * **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. From 410af1de0e7df79e5bb5f423630227ce80813b6f Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 15:57:19 -0500 Subject: [PATCH 182/335] spacing --- windows/configuration/set-up-shared-or-guest-pc.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index d195063ef0..18cc716b31 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -64,8 +64,8 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re | Setting | Value | |:---|:---| | EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings)

                      Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**. | -| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC.
                      - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.
                      - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.
                      - **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. | -| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.
                      - **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.

                      Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not.
                      - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** | +| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in.

                      Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC.

                      - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.
                      - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.
                      - **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. | +| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.

                      - **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.

                      Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not.
                      - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** | | AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. | | AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. | | AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted. | @@ -376,4 +376,4 @@ Shared PC mode sets local group policies to configure the device. Some of these |Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always| |Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always| |Shutdown: Allow system to be shut down without having to log on|Disabled|Always| -|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always| \ No newline at end of file +|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always| From 3c0fed215175abdd7eb99633c5fe5d16b3147b40 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 16:02:11 -0500 Subject: [PATCH 183/335] spacing --- windows/deployment/upgrade/windows-10-edition-upgrades.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 3e26eb22d7..4505749b15 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -145,7 +145,9 @@ You can move directly from Enterprise to any valid destination edition. In this ### Supported Windows 10 downgrade paths ✔ = Supported downgrade path + S = Supported; Not considered a downgrade or an upgrade + [blank] = Not supported or not a downgrade **Destination Edition: (Starting)** @@ -168,4 +170,4 @@ Some slightly more complex scenarios are not represented by the table above. For [Windows 10 upgrade paths](./windows-10-upgrade-paths.md)
                      [Windows 10 volume license media](../windows-10-media.md)
                      -[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation) \ No newline at end of file +[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation) From ead351aae340f981c2efd5bb6b05978d4e0fd24b Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 16:21:05 -0500 Subject: [PATCH 184/335] note; code languages --- windows/deployment/windows-10-poc-mdt.md | 132 +++++++++++++---------- 1 file changed, 73 insertions(+), 59 deletions(-) diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index 485e471769..0ced5d9eb8 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -25,7 +25,8 @@ ms.topic: article - Windows 10 -**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide: +> [!IMPORTANT] +> This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide: - [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide: @@ -36,7 +37,7 @@ The PoC environment is a virtual network running on Hyper-V with three virtual m - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network. ->This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work. +This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work. ## In this guide @@ -65,18 +66,19 @@ MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch 1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: - ``` + ```powershell $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 Stop-Process -Name Explorer ``` + 2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443. 3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components. 3. If desired, re-enable IE Enhanced Security Configuration: - ``` + ```powershell Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1 Stop-Process -Name Explorer ``` @@ -87,7 +89,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi 1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso ``` 2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D. @@ -122,7 +124,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi - Progress: wait for files to be copied - Confirmation: click **Finish** - >For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library. + For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library. 11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - Task sequence ID: **REFW10X64-001**
                      @@ -133,7 +135,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi - Specify Product Key: **Do not specify a product key at this time** - Full Name: **Contoso** - Organization: **Contoso** - - Internet Explorer home page: **http://www.contoso.com** + - Internet Explorer home page: `http://www.contoso.com` - Admin Password: **Do not specify an Administrator password at this time** - Summary: click **Next** - Confirmation: click **Finish** @@ -151,7 +153,8 @@ A reference image serves as the foundation for Windows 10 devices in your organi 17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox. - >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications. + > [!NOTE] + > Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications. 18. Click **OK** to complete editing the task sequence. @@ -159,7 +162,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi 20. Replace the default rules with the following text: - ``` + ```text [Settings] Priority=Default @@ -194,7 +197,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi 21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file: - ``` + ```text [Settings] Priority=Default @@ -214,20 +217,18 @@ A reference image serves as the foundation for Windows 10 devices in your organi 25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI). - >Hint: To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. + > [!TIP] + > To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. 26. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands: -
                      - 
                      -
+    ```powershell
     New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
     Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
     Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
     Start-VM REFW10X64-001
     vmconnect localhost REFW10X64-001
-
                      -
                      + ``` The VM will require a few minutes to prepare devices and boot from the LiteTouchPE_x86.iso file. @@ -299,7 +300,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: - ``` + ```powershell copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force ``` @@ -307,7 +308,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet): - ``` + ```text [Settings] Priority=Default @@ -343,19 +344,21 @@ This procedure will demonstrate how to deploy the reference image to the PoC env SkipFinalSummary=NO EventService=http://SRV1:9800 ``` - **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini. + + > [!NOTE] + > The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini. - >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified. + In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified. If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui): - ``` + ```cmd ScanStateArgs=/ue:*\* /ui:CONTOSO\* ``` For example, to migrate **all** users on the computer, replace this line with the following: - ``` + ```cmd ScanStateArgs=/all ``` @@ -363,7 +366,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 4. Click **Edit Bootstap.ini** and replace text in the file with the following text: - ``` + ```text [Settings] Priority=Default @@ -374,6 +377,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env UserPassword=pass@word1 SkipBDDWelcome=YES ``` + 5. Click **OK** when finished. ### Update the deployment share @@ -398,7 +402,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall" WDSUTIL /Set-Server /AnswerClients:All ``` @@ -413,11 +417,12 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway. - >**Note**: Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress** + > [!NOTE] + > Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress** Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command: - ``` + ```powershell Disable-NetAdapter "Ethernet 2" -Confirm:$false ``` @@ -426,28 +431,30 @@ This procedure will demonstrate how to deploy the reference image to the PoC env 2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt: - ``` + ```powershell New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20 ``` - >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle. + Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle. 3. Start the new VM and connect to it: - ``` + ```powershell Start-VM PC2 vmconnect localhost PC2 ``` + 4. When prompted, hit ENTER to start the network boot process. 5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. 6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command: - ``` + ```powershell Enable-NetAdapter "Ethernet 2" ``` + 7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed. 8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator. @@ -462,34 +469,36 @@ This section will demonstrate how to export user data from an existing client co 1. If the PC1 VM is not already running, then start and connect to it: - ``` + ```powershell Start-VM PC1 vmconnect localhost PC1 ``` 2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Checkpoint-VM -Name PC1 -SnapshotName BeginState ``` 3. Sign on to PC1 using the CONTOSO\Administrator account. - >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share. + Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share. 4. Open an elevated command prompt on PC1 and type the following: - ``` + ```cmd cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` - **Note**: For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](/configmgr/core/support/tools). + > [!NOTE] + > For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](/configmgr/core/support/tools). 5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**. 6. Choose **Do not back up the existing computer** and click **Next**. - **Note**: The USMT will still back up the computer. + > [!NOTE] + > The USMT will still back up the computer. 7. Lite Touch Installation will perform the following actions: - Back up user settings and data using USMT. @@ -503,13 +512,13 @@ This section will demonstrate how to export user data from an existing client co 9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Checkpoint-VM -Name PC1 -SnapshotName RefreshState ``` 10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false Start-VM PC1 vmconnect localhost PC1 @@ -529,11 +538,12 @@ At a high level, the computer replace process consists of:
                      2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share. 3. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell New-Item -Path C:\MigData -ItemType directory New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)' ``` + 4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**. 5. Name the new folder **Other**, and complete the wizard using default options. 6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard: @@ -548,21 +558,22 @@ At a high level, the computer replace process consists of:
                      1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt: - ``` + ```cmd whoami ``` 2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1: - ``` + ```powershell Remove-Item c:\minint -recurse Remove-Item c:\_SMSTaskSequence -recurse Restart-Computer ``` 3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt: - ``` + ```cmd cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` + 4. Complete the deployment wizard using the following: - **Task Sequence**: Backup Only Task Sequence - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1** @@ -571,7 +582,7 @@ At a high level, the computer replace process consists of:
                      6. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete. 7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example: - ``` + ```powershell PS C:\> dir C:\MigData\PC1\USMT Directory: C:\MigData\PC1\USMT @@ -580,49 +591,52 @@ At a high level, the computer replace process consists of:
                      ---- ------------- ------ ---- -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG ``` - ### Deploy PC3 -8. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt: +### Deploy PC3 - ``` +1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt: + + ```powershell New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 ``` -9. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` +2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1: + + ```powershell Disable-NetAdapter "Ethernet 2" -Confirm:$false ``` - >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding. + As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding. -10. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: +3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Start-VM PC3 vmconnect localhost PC3 ``` -11. When prompted, press ENTER for network boot. +4. When prompted, press ENTER for network boot. -12. On PC3, use the following settings for the Windows Deployment Wizard: +5. On PC3, use the following settings for the Windows Deployment Wizard: - **Task Sequence**: Windows 10 Enterprise x64 Custom Image - **Move Data and Settings**: Do not move user data and settings - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1** -13. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: +6. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: - ``` + ```cmd Enable-NetAdapter "Ethernet 2" ``` -14. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. -15. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**. +7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1. -16. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure. +8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**. -17. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure. +9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure. + +10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure. ## Troubleshooting logs, events, and utilities From 96e857843e0a0345c71a82f8b0f9f8a0fefe50be Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 9 Dec 2021 16:48:08 -0500 Subject: [PATCH 185/335] notes; code tags --- windows/deployment/windows-10-poc.md | 331 +++++++++++++++------------ 1 file changed, 186 insertions(+), 145 deletions(-) diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 880fc20b4b..a7f768ed10 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -85,7 +85,7 @@ Hardware requirements are displayed below: |**Description**|This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.|This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VM to demonstrate the upgrade process.| |**OS**|Windows 8.1/10 or Windows Server 2012/2012 R2/2016*|Windows 7 or a later| |**Edition**|Enterprise, Professional, or Education|Any| -|**Architecture**|64-bit|Any

                      *Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.*| +|**Architecture**|64-bit|Any

                      *Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.*| |**RAM**|8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
                      16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.|Any| |**Disk**|200 GB available hard disk space, any format.|Any size, MBR formatted.| |**CPU**|SLAT-Capable CPU|Any| @@ -113,7 +113,8 @@ The lab architecture is summarized in the following diagram: ## Configure the PoC environment ->**Hint**: Before you begin, ensure that Windows PowerShell is pinned to the taskbar for easy access. If the Hyper-V host is running Windows Server then Windows PowerShell is automatically pinned to the taskbar. To pin Windows PowerShell to the taskbar on Windows 8.1 or Windows 10: Click **Start**, type **power**, right click **Windows PowerShell**, and then click **Pin to taskbar**. After Windows PowerShell is pinned to the taskbar, you can open an elevated Windows PowerShell prompt by right-clicking the icon on the taskbar and then clicking **Run as Administrator**. +> [!TIP] +> Before you begin, ensure that Windows PowerShell is pinned to the taskbar for easy access. If the Hyper-V host is running Windows Server then Windows PowerShell is automatically pinned to the taskbar. To pin Windows PowerShell to the taskbar on Windows 8.1 or Windows 10: Click **Start**, type **power**, right click **Windows PowerShell**, and then click **Pin to taskbar**. After Windows PowerShell is pinned to the taskbar, you can open an elevated Windows PowerShell prompt by right-clicking the icon on the taskbar and then clicking **Run as Administrator**. ### Procedures in this section @@ -130,7 +131,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon 1. To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: - 

                      +    ```cmd
     C:\>systeminfo
 
     ...
@@ -138,7 +139,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon
                                Virtualization Enabled In Firmware: Yes
                                Second Level Address Translation: Yes
                                Data Execution Prevention Available: Yes
-
                      + ``` In this example, the computer supports SLAT and Hyper-V. @@ -146,7 +147,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example: - 
                      +    ```cmd
     C:\>coreinfo -v
 
     Coreinfo v3.31 - Dump information on system CPU and memory topology
@@ -159,27 +160,32 @@ Starting with Windows 8, the host computer’s microprocessor must support secon
     HYPERVISOR      -       Hypervisor is present
     VMX             *       Supports Intel hardware-assisted virtualization
     EPT             *       Supports Intel extended page tables (SLAT)
-
                      + ``` - Note: A 64-bit operating system is required to run Hyper-V. + > [!NOTE] + > A 64-bit operating system is required to run Hyper-V. 2. The Hyper-V feature is not installed by default. To install it, open an elevated Windows PowerShell window and type the following command: - 
                      Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
                      + ```cmd + Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All + ``` This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an additional command to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. This command will also install Hyper-V if it isn't already installed, so if desired you can just type the following command on Windows Server 2012 or 2016 instead of using the Enable-WindowsOptionalFeature command: - 
                      Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
                      + ```cmd + Install-WindowsFeature -Name Hyper-V -IncludeManagementTools + ``` When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. After installation is complete, you can open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt. - >Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below: + Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below: ![hyper-v features.](images/hyper-v-feature.png) ![hyper-v.](images/svr_mgr2.png) -

                      If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. + If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. ### Download VHD and ISO files @@ -187,7 +193,8 @@ When you have completed installation of Hyper-V on the host computer, begin conf 1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory. - **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. + > [!IMPORTANT] + > This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below. @@ -197,7 +204,10 @@ When you have completed installation of Hyper-V on the host computer, begin conf 3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**. 4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. - >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**. + During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. + + > [!NOTE] + > The evaluation version of Windows 10 does not support in-place upgrade**. 5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simple to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. @@ -205,7 +215,7 @@ When you have completed installation of Hyper-V on the host computer, begin conf The following displays the procedures described in this section, both before and after downloading files: - 

                      +    ```cmd
      C:>mkdir VHD
      C:>cd VHD
      C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd
@@ -216,11 +226,12 @@ When you have completed installation of Hyper-V on the host computer, begin conf
      2012R2-poc-1.vhd
      2012R2-poc-2.vhd
      w10-enterprise.iso
-
                      + ``` ### Convert PC to VM ->Important: Do not attempt to use the VM resulting from the following procedure as a reference image. Also, to avoid conflicts with existing clients, do not start the VM outside the PoC network. +> [!IMPORTANT] +> Do not attempt to use the VM resulting from the following procedure as a reference image. Also, to avoid conflicts with existing clients, do not start the VM outside the PoC network. If you do not have a PC available to convert to VM, perform the following steps to download an evaluation VM: @@ -237,7 +248,8 @@ If you have a PC available to convert to VM (computer 2): 1. Sign in on computer 2 using an account with Administrator privileges. ->Important: the account used in this step must have local administrator privileges. You can use a local computer account, or a domain account with administrative rights if domain policy allows the use of cached credentials. After converting the computer to a VM, you must be able to sign in on this VM with administrator rights while the VM is disconnected from the corporate network. + > [!IMPORTANT] + > The account used in this step must have local administrator privileges. You can use a local computer account, or a domain account with administrative rights if domain policy allows the use of cached credentials. After converting the computer to a VM, you must be able to sign in on this VM with administrator rights while the VM is disconnected from the corporate network. 2. [Determine the VM generation and partition type](#determine-the-vm-generation-and-partition-type) that is required. 3. Based on the VM generation and partition type, perform one of the following procedures: [Prepare a generation 1 VM](#prepare-a-generation-1-vm), [Prepare a generation 2 VM](#prepare-a-generation-2-vm), or [prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk). @@ -256,24 +268,24 @@ If the PC is running a 32-bit OS or the OS is Windows 7, it must be converted to - To determine the OS and architecture of a PC, type **systeminfo** at a command prompt and review the output next to **OS Name** and **System Type**. - To determine the partition style, open a Windows PowerShell prompt on the PC and type the following command: -
                      -Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
-
                      + ```powershell + Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type + ``` If the **Type** column does not indicate GPT, then the disk partition format is MBR ("Installable File System" = MBR). In the following example, the disk is GPT: -
                      +```powershell
 PS C:> Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
 
 SystemName                           Caption                                 Type
 ----------                           -------                                 ----
 USER-PC1                             Disk #0, Partition #0                   GPT: System
 USER-PC1                             Disk #0, Partition #1                   GPT: Basic Data
-
                      +``` On a computer running Windows 8 or later, you can also type **Get-Disk** at a Windows PowerShell prompt to discover the partition style. The default output of this cmdlet displays the partition style for all attached disks. Both commands are displayed below. In this example, the client computer is running Windows 8.1 and uses a GPT style partition format: -
                      +```powershell
 PS C:> Get-WmiObject -Class Win32_DiskPartition | Select-Object -Property SystemName,Caption,Type
 
 SystemName                            Caption                               Type
@@ -289,7 +301,7 @@ PS C:> Get-Disk
 Number Friendly Name                  OperationalStatus                     Total Size Partition Style
 ------ -------------                  -----------------                     ---------- ---------------
 0      INTEL SSDSCMMW240A3L           Online                                223.57 GB GPT
-
                      +``` @@ -339,7 +351,11 @@ The following tables display the Hyper-V VM generation to choose based on the OS >You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. -3. Select the checkboxes next to the **C:\\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. **Important**: You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is likely to be using the GPT partition style. For more information, see [Determine VM generation](#determine-vm-generation). +3. Select the checkboxes next to the **C:\\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. + + > [!IMPORTANT] + > You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is likely to be using the GPT partition style. For more information, see [Determine VM generation](#determine-vm-generation). + 4. Specify a location to save the resulting VHD or VHDX file (F:\VHD\w7.vhdx in the following example) and click **Create**. See the following example: ![disk2vhd 1.](images/disk2vhd.png) @@ -348,13 +364,13 @@ The following tables display the Hyper-V VM generation to choose based on the OS 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: - 
                      +    ```cmd
     C:\vhd>dir /B
     2012R2-poc-1.vhd
     2012R2-poc-2.vhd
     w10-enterprise.iso
     w7.VHDX
-
                      + ``` #### Prepare a generation 2 VM @@ -364,14 +380,17 @@ The following tables display the Hyper-V VM generation to choose based on the OS 2. On the computer you wish to convert, open an elevated command prompt and type the following command: - 
                      mountvol s: /s
                      + ```cmd + mountvol s: /s + ``` This command temporarily assigns a drive letter of S to the system volume and mounts it. If the letter S is already assigned to a different volume on the computer, then choose one that is available (ex: mountvol z: /s). 3. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. 4. Select the checkboxes next to the **C:\\** and the **S:\\** volumes, and clear the **Use Volume Shadow Copy checkbox**. Volume shadow copy will not work if the EFI system partition is selected. - **Important**: You must include the EFI system partition in order to create a bootable VHD. The Windows RE tools partition (shown below) is not required, but it can also be converted if desired. + > [!IMPORTANT] + > You must include the EFI system partition in order to create a bootable VHD. The Windows RE tools partition (shown below) is not required, but it can also be converted if desired. 5. Specify a location to save the resulting VHD or VHDX file (F:\VHD\PC1.vhdx in the following example) and click **Create**. See the following example: @@ -381,22 +400,26 @@ The following tables display the Hyper-V VM generation to choose based on the OS 6. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (PC1.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: - 
                      +    ```cmd
     C:\vhd>dir /B
     2012R2-poc-1.vhd
     2012R2-poc-2.vhd
     w10-enterprise.iso
     PC1.VHDX
-
                      + ``` #### Prepare a generation 1 VM from a GPT disk 1. Download the [Disk2vhd utility](/sysinternals/downloads/disk2vhd), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert. - >You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. + You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. -3. Select the checkbox next to the **C:\\** volume and clear the checkbox next to **Use Vhdx**. Note: the system volume is not copied in this scenario, it will be added later. +3. Select the checkbox next to the **C:\\** volume and clear the checkbox next to **Use Vhdx**. + + > [!NOTE] + > The system volume is not copied in this scenario, it will be added later. + 4. Specify a location to save the resulting VHD file (F:\VHD\w7.vhd in the following example) and click **Create**. See the following example: ![disk2vhd 3.](images/disk2vhd4.png) @@ -405,28 +428,31 @@ The following tables display the Hyper-V VM generation to choose based on the OS 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHD file (w7.vhd) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: - 
                      +    ```cmd
     C:\vhd>dir /B
     2012R2-poc-1.vhd
     2012R2-poc-2.vhd
     w10-enterprise.iso
     w7.VHD
-
                      + ``` - >In its current state, the w7.VHD file is not bootable. The VHD will be used to create a bootable VM later in the [Configure Hyper-V](#configure-hyper-v) section. + In its current state, the w7.VHD file is not bootable. The VHD will be used to create a bootable VM later in the [Configure Hyper-V](#configure-hyper-v) section. ### Resize VHD
                      Enhanced session mode -**Important**: Before proceeding, verify that you can take advantage of [enhanced session mode](/windows-server/virtualization/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs, between VMs, and between RDP sessions. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer. +> [!IMPORTANT] +> Before proceeding, verify that you can take advantage of [enhanced session mode](/windows-server/virtualization/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs, between VMs, and between RDP sessions. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer. To ensure that enhanced session mode is enabled on the Hyper-V host, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: -
                      Set-VMhost -EnableEnhancedSessionMode $TRUE
                      +```powershell +Set-VMhost -EnableEnhancedSessionMode $TRUE +``` ->If enhanced session mode was not previously enabled, close any existing virtual machine connections and re-open them to enable access to enhanced session mode. As mentioned previously: instructions to "type" commands provided in this guide can be typed, but the preferred method is to copy and paste these commands. Most of the commands to this point in the guide have been brief, but many commands in sections below are longer and more complex. +If enhanced session mode was not previously enabled, close any existing virtual machine connections and re-open them to enable access to enhanced session mode. As mentioned previously: instructions to "type" commands provided in this guide can be typed, but the preferred method is to copy and paste these commands. Most of the commands to this point in the guide have been brief, but many commands in sections below are longer and more complex.
                      @@ -434,58 +460,66 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 1. To add available space for the partition, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - 
                      +    ```powershell
     Resize-VHD -Path c:\VHD\2012R2-poc-2.vhd -SizeBytes 100GB
     $x = (Mount-VHD -Path c:\VHD\2012R2-poc-2.vhd -passthru | Get-Disk | Get-Partition | Get-Volume).DriveLetter
     Resize-Partition -DriveLetter $x -Size (Get-PartitionSupportedSize -DriveLetter $x).SizeMax
-
                      + ``` 2. Verify that the mounted VHD drive is resized to 100 GB, and then dismount the drive: - 
                      +    ```powershell
     Get-Volume -DriveLetter $x
-    Dismount-VHD -Path c:\VHD\2012R2-poc-2.vhd
                      + Dismount-VHD -Path c:\VHD\2012R2-poc-2.vhd + ``` ### Configure Hyper-V 1. Open an elevated Windows PowerShell window and type the following command to create two virtual switches named "poc-internal" and "poc-external": - >If the Hyper-V host already has an external virtual switch bound to a physical NIC, do not attempt to add a second external virtual switch. Attempting to add a second external switch will result in an error indicating that the NIC is **already bound to the Microsoft Virtual Switch protocol.** In this case, choose one of the following options:
                      -    A) Remove the existing external virtual switch, then add the poc-external switch
                      -    B) Rename the existing external switch to "poc-external"
                      -    C) Replace each instance of "poc-external" used in this guide with the name of your existing external virtual switch
                      + If the Hyper-V host already has an external virtual switch bound to a physical NIC, do not attempt to add a second external virtual switch. Attempting to add a second external switch will result in an error indicating that the NIC is **already bound to the Microsoft Virtual Switch protocol.** In this case, choose one of the following options: + + **A**: Remove the existing external virtual switch, then add the poc-external switch + + **B**: Rename the existing external switch to "poc-external" + + **C**: Replace each instance of "poc-external" used in this guide with the name of your existing external virtual switch
                      + If you choose B) or C), then do not run the second command below. - 
                      +    ```powershell
     New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network"
     New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name -Notes "PoC External"
-
                      + ``` - **Note**: The second command above will temporarily interrupt network connectivity on the Hyper-V host. + > [!NOTE] + > The second command above will temporarily interrupt network connectivity on the Hyper-V host. - >Since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. The previous commands automate this by filtering for active non-virtual ethernet adapters using the Get-NetAdapter cmdlet ($_.Status -eq "Up" -and !$_.Virtual). If your Hyper-V host is dual-homed with multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the appropriate NetAdapterName. The NetAdapterName value corresponds to the name of the network interface you wish to use. For example, if the network interface you use on the Hyper-V host to connect to the Internet is named "Ethernet 2" then type the following command to create an external virtual switch: New-VMSwitch -Name poc-external -NetAdapterName "Ethernet 2" -Notes "PoC External" + Since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. The previous commands automate this by filtering for active non-virtual ethernet adapters using the Get-NetAdapter cmdlet ($_.Status -eq "Up" -and !$_.Virtual). If your Hyper-V host is dual-homed with multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the appropriate NetAdapterName. The NetAdapterName value corresponds to the name of the network interface you wish to use. For example, if the network interface you use on the Hyper-V host to connect to the Internet is named "Ethernet 2" then type the following command to create an external virtual switch: New-VMSwitch -Name poc-external -NetAdapterName "Ethernet 2" -Notes "PoC External" 2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host: - 
                      +    ```powershell
     (Get-VMHostNumaNode).MemoryAvailable
-
                      + ``` This command will display the megabytes of RAM available for VMs. On a Hyper-V host computer with 16 GB of physical RAM installed, 10,000 MB of RAM or greater should be available if the computer is not also running other applications. On a computer with 8 GB of physical RAM installed, at least 4000 MB should be available. If the computer has less RAM available than this, try closing applications to free up more memory. 3. Determine the available memory for VMs by dividing the available RAM by 4. For example: - 
                      +    ```powershell
     (Get-VMHostNumaNode).MemoryAvailable/4
     2775.5
-
                      + ``` In this example, VMs can use a maximum of 2700 MB of RAM each, to run four VMs simultaneously. 4. At the elevated Windows PowerShell prompt, type the following command to create two new VMs. Other VMs will be added later. - >**Important**: Replace the value of 2700MB for $maxRAM in the first command below with the RAM value that you calculated in the previous step. - 
                      +    > [!IMPORTANT]
+    > Replace the value of 2700MB for $maxRAM in the first command below with the RAM value that you calculated in the previous step.
+
+    ```powershell
     $maxRAM = 2700MB
     New-VM -Name "DC1" -VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal
     Set-VMMemory -VMName "DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
@@ -494,35 +528,37 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     Add-VMNetworkAdapter -VMName "SRV1" -SwitchName "poc-external"
     Set-VMMemory -VMName "SRV1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 80
     Enable-VMIntegrationService -Name "Guest Service Interface" -VMName SRV1
-
                      + ``` - **Note**: The RAM values assigned to VMs in this step are not permanent, and can be easily increased or decreased later if needed to address performance issues. + > [!NOTE] + > The RAM values assigned to VMs in this step are not permanent, and can be easily increased or decreased later if needed to address performance issues. 5. Using the same elevated Windows PowerShell prompt that was used in the previous step, type one of the following sets of commands, depending on the type of VM that was prepared in the [Determine VM generation](#determine-vm-generation) section, either generation 1, generation 2, or generation 1 with GPT. To create a generation 1 VM (using c:\vhd\w7.vhdx): - 
                      +    ```powershell
     New-VM -Name "PC1" -VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal
     Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
     Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
-
                      + ``` To create a generation 2 VM (using c:\vhd\PC1.vhdx): - 
                      +    ```powershell
     New-VM -Name "PC1" -Generation 2 -VHDPath c:\vhd\PC1.vhdx -SwitchName poc-internal
     Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
     Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
-
                      + ``` To create a generation 1 VM from a GPT disk (using c:\vhd\w7.vhd): - >Note: The following procedure is more complex because it includes steps to convert the OS partition from GPT to MBR format. Steps are included to create a temporary VHD and attach it to the VM, the OS image is saved to this drive, the OS drive is then reformatted to MBR, the OS image restored, and the temporary drive is removed. + > [!NOTE] + > The following procedure is more complex because it includes steps to convert the OS partition from GPT to MBR format. Steps are included to create a temporary VHD and attach it to the VM, the OS image is saved to this drive, the OS drive is then reformatted to MBR, the OS image restored, and the temporary drive is removed. First, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host to create a temporary VHD that will be used to save the OS image. Do not forget to include a pipe (|) at the end of the first five commands: - 
                      +    ```powershell
     New-VHD -Path c:\vhd\d.vhd -SizeBytes 1TB |
     Mount-VHD -Passthru |
     Get-Disk -Number {$_.DiskNumber} |
@@ -530,11 +566,11 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     New-Partition -UseMaximumSize |
     Format-Volume -Confirm:$false -FileSystem NTFS -force
     Dismount-VHD -Path c:\vhd\d.vhd
-
                      + ``` Next, create the PC1 VM with two attached VHDs, and boot to DVD ($maxram must be defined previously using the same Windows PowerShell prompt): - 
                      +    ```powershell
     New-VM -Name "PC1" -VHDPath c:\vhd\w7.vhd -SwitchName poc-internal
     Add-VMHardDiskDrive -VMName PC1 -Path c:\vhd\d.vhd
     Set-VMDvdDrive -VMName PC1 -Path c:\vhd\w10-enterprise.iso
@@ -542,7 +578,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
     Start-VM PC1
     vmconnect localhost PC1
-
                      + ``` The VM will automatically boot into Windows Setup. In the PC1 window: @@ -552,13 +588,13 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 4. Click **Command Prompt**. 5. Type the following command to save an image of the OS drive: - 
                      +      ```cmd
       dism /Capture-Image /ImageFile:D:\c.wim /CaptureDir:C:\ /Name:Drive-C
-
                      + ``` 6. Wait for the OS image to complete saving, and then type the following commands to convert the C: drive to MBR: - 
                      +      ```cmd
       diskpart
       select disk 0
       clean
@@ -570,121 +606,122 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
       format fs=ntfs quick label=OS
       assign letter=c
       exit
-
                      + ``` 7. Type the following commands to restore the OS image and boot files: - 
                      +      ```cmd
       dism /Apply-Image /ImageFile:D:\c.wim /Index:1 /ApplyDir:C:\
       bcdboot c:\windows
       exit
-
                      + ``` 8. Click **Continue** and verify the VM boots successfully (do not boot from DVD). 9. Click **Ctrl+Alt+Del**, and then in the bottom right corner, click **Shut down**. 10. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host to remove the temporary disks and drives from PC1: - 
                      -       Remove-VMHardDiskDrive -VMName PC1 -ControllerType IDE -ControllerNumber 0 -ControllerLocation 1
-       Set-VMDvdDrive -VMName PC1 -Path $null
-
                      + ```powershell + Remove-VMHardDiskDrive -VMName PC1 -ControllerType IDE -ControllerNumber 0 -ControllerLocation 1 + Set-VMDvdDrive -VMName PC1 -Path $null + ``` ### Configure VMs 1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first Windows Server VM and connect to it by typing the following commands: - 
                      +    ```powershell
     Start-VM DC1
     vmconnect localhost DC1
-
                      + ``` 2. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of pass@word1, and click **Finish**. 3. Click **Ctrl+Alt+Del** in the upper left corner of the virtual machine connection window, and then sign in to DC1 using the Administrator account. 4. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in again with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](/windows-server/virtualization/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. It is only necessary to do this the first time you sign in to a new VM. 5. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type or paste the following commands to provide a new hostname and configure a static IP address and gateway: - 
                      +    ```powershell
     Rename-Computer DC1
     New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 192.168.0.1 -PrefixLength 24 -DefaultGateway 192.168.0.2
     Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
-
                      + ``` - > The default gateway at 192.168.0.2 will be configured later in this guide. - > - > Note: A list of available tasks for an app will be populated the first time you run it on the taskbar. Because these tasks aren't available until the App has been run, you will not see the **Run as Administrator** task until you have left-clicked Windows PowerShell for the first time. In this newly created VM, you will need to left-click Windows PowerShell one time, and then you can right-click and choose Run as Administrator to open an elevated Windows PowerShell prompt. + The default gateway at 192.168.0.2 will be configured later in this guide. + + > [!NOTE] + > A list of available tasks for an app will be populated the first time you run it on the taskbar. Because these tasks aren't available until the App has been run, you will not see the **Run as Administrator** task until you have left-clicked Windows PowerShell for the first time. In this newly created VM, you will need to left-click Windows PowerShell one time, and then you can right-click and choose Run as Administrator to open an elevated Windows PowerShell prompt. 6. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt: - 
                      +    ```powershell
     Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
-
                      + ``` 7. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect. To restart the computer, type the following command at an elevated Windows PowerShell prompt: - 
                      +    ```powershell
     Restart-Computer
-
                      + ``` 8. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string. Type the following commands at the elevated Windows PowerShell prompt: - 
                      +    ```powershell
     $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
     Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force
-
                      + ``` Ignore any warnings that are displayed. The computer will automatically reboot upon completion. 9. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and suppress the post-DHCP-install alert: - 
                      +    ```powershell
     Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest
     Add-WindowsFeature -Name DHCP -IncludeManagementTools
     netsh dhcp add securitygroups
     Restart-Service DHCPServer
     Add-DhcpServerInDC  dc1.contoso.com  192.168.0.1
     Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 -Name ConfigurationState -Value 2
-
                      + ``` 10. Next, add a DHCP scope and set option values: - 
                      +    ```powershell
     Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active
     Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force
-
                      + ``` >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. You can verify this by using the command: Get-DhcpServerv4Lease -ScopeId 192.168.0.0. 11. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already exists on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: - 
                      +    ```powershell
     Get-DnsServerForwarder
-
                      + ``` The following output should be displayed: - 
                      +    ```powershell
     UseRootHint        : True
     Timeout(s)         : 3
     EnableReordering   : True
     IPAddress          : 192.168.0.2
     ReorderedIPAddress : 192.168.0.2
-
                      + ``` If this output is not displayed, you can use the following command to add SRV1 as a forwarder: - 
                      +    ```powershell
     Add-DnsServerForwarder -IPAddress 192.168.0.2
-
                      + ``` **Configure service and user accounts** Windows 10 deployment with MDT and Microsoft Endpoint Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire. - >To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) + To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) On DC1, open an elevated Windows PowerShell prompt and type the following commands: - 
                      +    ```powershell
     New-ADUser -Name User1 -UserPrincipalName user1 -Description "User account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
     New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
     New-ADUser -Name CM_JD -UserPrincipalName CM_JD -Description "Configuration Manager Join Domain Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
@@ -695,7 +732,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     Set-ADUser -Identity MDT_BA -PasswordNeverExpires $true
     Set-ADUser -Identity CM_JD -PasswordNeverExpires $true
     Set-ADUser -Identity CM_NAA -PasswordNeverExpires $true
-
                      + ``` 12. Minimize the DC1 VM window but **do not stop** the VM. @@ -703,10 +740,10 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 13. If the PC1 VM is not started yet, using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it: - 
                      +    ```powershell
     Start-VM PC1
     vmconnect localhost PC1
-
                      + ``` 14. Sign in to PC1 using an account that has local administrator rights. @@ -724,7 +761,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to To open Windows PowerShell on Windows 7, click **Start**, and search for "**power**." Right-click **Windows PowerShell** and then click **Pin to Taskbar** so that it is simpler to use Windows PowerShell during this lab. Click **Windows PowerShell** on the taskbar, and then type **ipconfig** at the prompt to see the client's current IP address. Also type **ping dc1.contoso.com** and **nltest /dsgetdc:contoso.com** to verify that it can reach the domain controller. See the following examples of a successful network connection: - ``` + ```cmd ipconfig Windows IP Configuration @@ -759,14 +796,14 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 18. Minimize the PC1 window and switch to the Hyper-V host computer. Open an elevated Windows PowerShell ISE window on the Hyper-V host (right-click Windows PowerShell and then click **Run ISE as Administrator**) and type the following commands in the (upper) script editor pane: - 
                      +    ```powershell
     (Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0)
     $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
     $user = "contoso\administrator"
     $cred = New-Object System.Management.Automation.PSCredential($user,$pass)
     Add-Computer -DomainName contoso.com -Credential $cred
     Restart-Computer
-
                      + ``` >If you do not see the script pane, click **View** and verify **Show Script Pane Top** is enabled. Click **File** and then click **New**. @@ -777,10 +814,10 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 19. Click **File**, click **Save As**, and save the commands as **c:\VHD\pc1.ps1** on the Hyper-V host. 20. In the (lower) terminal input window, type the following commands to enable Guest Service Interface on PC1 and then use this service to copy the script to PC1: - 
                      +    ```powershell
     Enable-VMIntegrationService -VMName PC1 -Name "Guest Service Interface"
     Copy-VMFile "PC1" -SourcePath "C:\VHD\pc1.ps1" -DestinationPath "C:\pc1.ps1" -CreateFullPath -FileSource Host
-
                      + ``` >In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. If this service is not enabled in this step, then the copy-VMFile command will fail. In this case, you can try updating integration services on the VM by mounting the Hyper-V Integration Services Setup (vmguest.iso), which is located in C:\Windows\System32 on Windows Server 2012 and 2012 R2 operating systems that are running the Hyper-V role service. @@ -788,66 +825,69 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 21. On PC1, type the following commands at an elevated Windows PowerShell prompt: - 
                      +    ```powershell
     Get-Content c:\pc1.ps1 | powershell.exe -noprofile -
-
                      + ``` >The commands in this script might take a few moments to complete. If an error is displayed, check that you typed the command correctly, paying close attention to spaces. PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. PC1 is also not renamed to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. 22. Upon completion of the script, PC1 will automatically restart. When it has restarted, sign in to the contoso.com domain using the **Switch User** option, with the **user1** account you created in step 11 of this section. - >**Important**: The settings that will be used later to migrate user data specifically select only accounts that belong to the CONTOSO domain. However, this can be changed to migrate all user accounts, or only other specified accounts. If you wish to test migration of user data and settings with accounts other than those in the CONTOSO domain, you must specify these accounts or domains when you configure the value of **ScanStateArgs** in the MDT test lab guide. This value is specifically called out when you get to that step. If you wish to only migrate CONTOSO accounts, then you can log in with the user1 account or the administrator account at this time and modify some of the files and settings for later use in migration testing. + + > [!IMPORTANT] + > The settings that will be used later to migrate user data specifically select only accounts that belong to the CONTOSO domain. However, this can be changed to migrate all user accounts, or only other specified accounts. If you wish to test migration of user data and settings with accounts other than those in the CONTOSO domain, you must specify these accounts or domains when you configure the value of **ScanStateArgs** in the MDT test lab guide. This value is specifically called out when you get to that step. If you wish to only migrate CONTOSO accounts, then you can log in with the user1 account or the administrator account at this time and modify some of the files and settings for later use in migration testing. + 23. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: - 
                      +    ```powershell
     Start-VM SRV1
     vmconnect localhost SRV1
-
                      + ``` 25. Accept the default settings, read license terms and accept them, provide an administrator password of pass@word1, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. 26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. 27. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands: - 
                      +    ```powershell
     Rename-Computer SRV1
     New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 192.168.0.2 -PrefixLength 24
     Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
     Restart-Computer
-
                      + ``` - >[!IMPORTANT] - >Verify that you are configuring the correct interface in this step. The commands in this step assume that the poc-internal interface on SRV1 is named "Ethernet." If you are unsure how to check the interface, see step #30 below for instructions and tips on how to verify and modify the interface name. + > [!IMPORTANT] + > Verify that you are configuring the correct interface in this step. The commands in this step assume that the poc-internal interface on SRV1 is named "Ethernet." If you are unsure how to check the interface, see step #30 below for instructions and tips on how to verify and modify the interface name. 28. Wait for the computer to restart, sign in again, then type the following commands at an elevated Windows PowerShell prompt: - 
                      +    ```powershell
     $pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
     $user = "contoso\administrator"
     $cred = New-Object System.Management.Automation.PSCredential($user,$pass)
     Add-Computer -DomainName contoso.com -Credential $cred
     Restart-Computer
-
                      + ``` 29. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands: - 
                      +    ```powershell
     Install-WindowsFeature -Name DNS -IncludeManagementTools
     Install-WindowsFeature -Name WDS -IncludeManagementTools
     Install-WindowsFeature -Name Routing -IncludeManagementTools
-
                      + ``` 30. Before configuring the routing service that was just installed, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. Also verify that the external interface has a valid external DHCP IP address lease. To view a list of interfaces, associated interface aliases, and IP addresses on SRV1, type the following Windows PowerShell command. Example output of the command is also shown below: - 
                      +    ```powershell
     Get-NetAdapter | ? status -eq ‘up’ | Get-NetIPAddress -AddressFamily IPv4 | ft IPAddress, InterfaceAlias
 
     IPAddress                                                                  InterfaceAlias
     ---------                                                                  --------------
     10.137.130.118                                                             Ethernet 2
     192.168.0.2                                                                Ethernet
-
                      + ``` In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the commands provided in the next step appropriately to configure routing services. Also note that if the "Ethernet 2" interface has an IP address in the 192.168.0.100-105 range then it likely is getting a DHCP lease from DC1 instead of your corporate network. If this is the case, you can try removing and re-adding the second network interface from the SRV1 VM through its Hyper-V settings. @@ -857,37 +897,38 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 31. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1: - 
                      +    ```powershell
     Install-RemoteAccess -VpnType Vpn
     cmd /c netsh routing ip nat install
     cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL
     cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE
     cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE
-
                      + ``` 32. The DNS service on SRV1 also needs to resolve hosts in the `contoso.com` domain. This can be accomplished with a conditional forwarder. Open an elevated Windows PowerShell prompt on SRV1 and type the following command: - 
                      +    ```powershell
     Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1
-
                      + ``` 33. In most cases, this completes configuration of the PoC network. However, if your corporate network has a firewall that filters queries from local DNS servers, you will also need to configure a server-level DNS forwarder on SRV1 to resolve Internet names. To test whether or not DNS is working without this forwarder, try to reach a name on the Internet from DC1 or PC1, which are only using DNS services on the PoC network. You can test DNS with the ping command, for example: - 
                      +    ```powershell
     ping www.microsoft.com
-
                      + ``` If you see "Ping request could not find host `www.microsoft.com`" on PC1 and DC1, but not on SRV1, then you will need to configure a server-level DNS forwarder on SRV1. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following command. - **Note**: This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name: + > [!NOTE] + > This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name: - 
                      +    ```powershell
     Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses
-
                      + ``` 34. If DNS and routing are both working correctly, you will see the following on DC1 and PC1 (the IP address might be different, but that is OK): - 
                      +    ```powershell
     PS C:\> ping www.microsoft.com
 
     Pinging e2847.dspb.akamaiedge.net [23.222.146.170] with 32 bytes of data:
@@ -900,15 +941,15 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
         Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
     Approximate round trip times in milli-seconds:
         Minimum = 1ms, Maximum = 3ms, Average = 2ms
-
                      + ``` 35. Verify that all three VMs can reach each other, and the Internet. See [Appendix A: Verify the configuration](#appendix-a-verify-the-configuration) for more information. 36. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1: - 
                      +    ```powershell
     runas /noprofile /env /user:administrator@contoso.com "cmd /c slmgr -rearm"
     Restart-Computer
-
                      + ``` This completes configuration of the starting PoC environment. Additional services and tools are installed in subsequent guides. @@ -918,7 +959,7 @@ Use the following procedures to verify that the PoC environment is configured pr 1. On DC1, open an elevated Windows PowerShell prompt and type the following commands: - 
                      +    ```powershell
     Get-Service NTDS,DNS,DHCP
     DCDiag -a
     Get-DnsServerResourceRecord -ZoneName contoso.com -RRType A
@@ -927,7 +968,7 @@ Use the following procedures to verify that the PoC environment is configured pr
     Get-DhcpServerInDC
     Get-DhcpServerv4Statistics
     ipconfig /all
-
                      + ``` **Get-Service** displays a status of "Running" for all three services.
                      **DCDiag** displays "passed test" for all tests.
                      @@ -940,13 +981,13 @@ Use the following procedures to verify that the PoC environment is configured pr 2. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: - 
                      +    ```powershell
     Get-Service DNS,RemoteAccess
     Get-DnsServerForwarder
     Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com
     ipconfig /all
     netsh int ipv4 show address
-
                      + ``` **Get-Service** displays a status of "Running" for both services.
                      **Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you are required to use so that SRV1 can resolve Internet names.
                      @@ -956,13 +997,13 @@ Use the following procedures to verify that the PoC environment is configured pr 3. On PC1, open an elevated Windows PowerShell prompt and type the following commands: - 
                      +    ```powershell
     whoami
     hostname
     nslookup www.microsoft.com
     ping -n 1 dc1.contoso.com
     tracert www.microsoft.com
-
                      + ``` **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed.
                      **hostname** displays the name of the local computer, for example W7PC-001.
                      From 0b7c4c27621026fc2877136415f85f62b9adbca4 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 9 Dec 2021 15:17:27 -0800 Subject: [PATCH 186/335] Standardize vertical spacing --- windows/deployment/windows-10-deployment-scenarios.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index d7f6145692..d283c2d8f3 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -28,9 +28,12 @@ To successfully deploy the Windows 10 operating system in your organization, it The following tables summarize various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories. - Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home). + > [!NOTE] - >Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates. + > Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates. + - Dynamic deployment methods enable you to configure applications and settings for specific use cases. + - Traditional deployment methods use existing tools to deploy operating system images.
                        ### Modern @@ -91,8 +94,11 @@ Scenarios that support in-place upgrade with some additional procedures include There are some situations where you cannot use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include: - Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers. + - Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed. + - Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported – preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS. + - Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken. From 67259fe63dccd354b364e6d304cc9acb3db8c2b3 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 9 Dec 2021 15:32:08 -0800 Subject: [PATCH 187/335] Applied correct & valid labels to code blocks The current list of valid slugs for code blocks is available here: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=main#dev-lang --- windows/deployment/windows-10-poc-mdt.md | 12 ++++++------ windows/deployment/windows-10-poc.md | 22 +++++++++++----------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index 0ced5d9eb8..6cc78efe42 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -352,13 +352,13 @@ This procedure will demonstrate how to deploy the reference image to the PoC env If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui): - ```cmd + ```console ScanStateArgs=/ue:*\* /ui:CONTOSO\* ``` For example, to migrate **all** users on the computer, replace this line with the following: - ```cmd + ```console ScanStateArgs=/all ``` @@ -486,7 +486,7 @@ This section will demonstrate how to export user data from an existing client co 4. Open an elevated command prompt on PC1 and type the following: - ```cmd + ```console cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` @@ -558,7 +558,7 @@ At a high level, the computer replace process consists of:
                      1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt: - ```cmd + ```console whoami ``` 2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1: @@ -570,7 +570,7 @@ At a high level, the computer replace process consists of:
                      ``` 3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt: - ```cmd + ```console cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs ``` @@ -626,7 +626,7 @@ At a high level, the computer replace process consists of:
                      6. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1: - ```cmd + ```powershell Enable-NetAdapter "Ethernet 2" ``` diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index a7f768ed10..35e475c426 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -131,7 +131,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon 1. To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: - ```cmd + ```console C:\>systeminfo ... @@ -147,7 +147,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example: - ```cmd + ```console C:\>coreinfo -v Coreinfo v3.31 - Dump information on system CPU and memory topology @@ -167,13 +167,13 @@ Starting with Windows 8, the host computer’s microprocessor must support secon 2. The Hyper-V feature is not installed by default. To install it, open an elevated Windows PowerShell window and type the following command: - ```cmd + ```powershell Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All ``` This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an additional command to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. This command will also install Hyper-V if it isn't already installed, so if desired you can just type the following command on Windows Server 2012 or 2016 instead of using the Enable-WindowsOptionalFeature command: - ```cmd + ```powershell Install-WindowsFeature -Name Hyper-V -IncludeManagementTools ``` @@ -215,7 +215,7 @@ When you have completed installation of Hyper-V on the host computer, begin conf The following displays the procedures described in this section, both before and after downloading files: - ```cmd + ```console C:>mkdir VHD C:>cd VHD C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd @@ -380,7 +380,7 @@ The following tables display the Hyper-V VM generation to choose based on the OS 2. On the computer you wish to convert, open an elevated command prompt and type the following command: - ```cmd + ```console mountvol s: /s ``` @@ -400,7 +400,7 @@ The following tables display the Hyper-V VM generation to choose based on the OS 6. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (PC1.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: - ```cmd + ```console C:\vhd>dir /B 2012R2-poc-1.vhd 2012R2-poc-2.vhd @@ -588,13 +588,13 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 4. Click **Command Prompt**. 5. Type the following command to save an image of the OS drive: - ```cmd + ```console dism /Capture-Image /ImageFile:D:\c.wim /CaptureDir:C:\ /Name:Drive-C ``` 6. Wait for the OS image to complete saving, and then type the following commands to convert the C: drive to MBR: - ```cmd + ```console diskpart select disk 0 clean @@ -610,7 +610,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 7. Type the following commands to restore the OS image and boot files: - ```cmd + ```console dism /Apply-Image /ImageFile:D:\c.wim /Index:1 /ApplyDir:C:\ bcdboot c:\windows exit @@ -761,7 +761,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to To open Windows PowerShell on Windows 7, click **Start**, and search for "**power**." Right-click **Windows PowerShell** and then click **Pin to Taskbar** so that it is simpler to use Windows PowerShell during this lab. Click **Windows PowerShell** on the taskbar, and then type **ipconfig** at the prompt to see the client's current IP address. Also type **ping dc1.contoso.com** and **nltest /dsgetdc:contoso.com** to verify that it can reach the domain controller. See the following examples of a successful network connection: - ```cmd + ```console ipconfig Windows IP Configuration From 551574a31438821e88c85ae904cf9e9aae2e7439 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 9 Dec 2021 15:45:41 -0800 Subject: [PATCH 188/335] Remove unnecessary BR tags --- windows/deployment/windows-10-poc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 35e475c426..b7dad82263 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -92,8 +92,8 @@ Hardware requirements are displayed below: |**Network**|Internet connection|Any| \*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. Providing all steps in this guide as Hyper-V WMI or as 2008 R2 Hyper-V Manager procedures is beyond the scope of the guide. -
                      -
                      The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. + +The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows.
                      • From 3a5191f031babe243aa1c3565f2474be781f2ad5 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 9 Dec 2021 16:00:46 -0800 Subject: [PATCH 189/335] Convert the many paragraphs with angle brackets to notes, tips, or regular paragraphs Also, a few other corrections for readability and proper Markdown. --- windows/deployment/windows-10-poc.md | 91 ++++++++++++++++++---------- 1 file changed, 60 insertions(+), 31 deletions(-) diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index b7dad82263..0bcd6de74e 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -39,6 +39,7 @@ Approximately 3 hours are required to configure the PoC environment. You will ne Windows PowerShell commands are provided to set up the PoC environment quickly. You do not need to be an expert in Windows PowerShell to complete the steps in the guide, however you are required to customize some commands to your environment. +> [!TIP] > Instructions to "type" Windows PowerShell commands provided in this guide can be followed literally by typing the commands, but the preferred method is to copy and paste these commands. > > A Windows PowerShell window can be used to run all commands in this guide. However, when commands are specified for a command prompt, you must either type CMD at the Windows PowerShell prompt to enter the command prompt, or preface the command with "cmd /c", or if desired you can escape special characters in the command using the back-tick character (`). In most cases, the simplest thing is to type cmd and enter a command prompt, type the necessary commands, then type "exit" to return to Windows PowerShell. @@ -53,6 +54,8 @@ After completing the instructions in this guide, you will have a PoC environment Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. +
                      + |Topic|Description|Time| |--- |--- |--- | |[Hardware and software requirements](#hardware-and-software-requirements)|Prerequisites to complete this guide.|Informational| @@ -77,7 +80,7 @@ One computer that meets the hardware and software specifications below is requir Hardware requirements are displayed below: -
                      +
                      ||Computer 1 (required)|Computer 2 (recommended)| |--- |--- |--- | @@ -95,7 +98,7 @@ Hardware requirements are displayed below: The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. -
                      + ## Lab setup @@ -107,7 +110,8 @@ The lab architecture is summarized in the following diagram: - Two VMs are running Windows Server 2012 R2 with required network services and tools installed. - Two VMs are client systems: One VM is intended to mirror a host on your corporate network (computer 2) and one VM is running Windows 10 Enterprise to demonstrate the hardware replacement scenario. ->If you have an existing Hyper-V host, you can use this host and skip the Hyper-V installation section in this guide. +> [!NOTE] +> If you have an existing Hyper-V host, you can use this host and skip the Hyper-V installation section in this guide. The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if required. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that is not directly connected to the corporate network. This mitigates the risk of clients on the corporate network receiving DHCP leases from the PoC network (i.e. "rogue" DHCP), and limits NETBIOS service broadcasts. @@ -340,7 +344,9 @@ The following tables display the Hyper-V VM generation to choose based on the OS > [!NOTE] > >- If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk). +> >- If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the mountvol command. In this case, see [Prepare a generation 2 VM](#prepare-a-generation-2-vm). +> >- If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see [Prepare a generation 1 VM](#prepare-a-generation-1-vm). @@ -348,9 +354,11 @@ The following tables display the Hyper-V VM generation to choose based on the OS 1. Download the [Disk2vhd utility](/sysinternals/downloads/disk2vhd), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert. - >You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. + > [!TIP] + > You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. 2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface. + 3. Select the checkboxes next to the **C:\\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. > [!IMPORTANT] @@ -360,7 +368,7 @@ The following tables display the Hyper-V VM generation to choose based on the OS ![disk2vhd 1.](images/disk2vhd.png) - >Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. + Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better, however, when the VHD is saved on a disk different than those being converted, such as a flash drive. 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: @@ -376,7 +384,8 @@ The following tables display the Hyper-V VM generation to choose based on the OS 1. Download the [Disk2vhd utility](/sysinternals/downloads/disk2vhd), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert. - >You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. + > [!TIP] + > You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive. 2. On the computer you wish to convert, open an elevated command prompt and type the following command: @@ -396,7 +405,7 @@ The following tables display the Hyper-V VM generation to choose based on the OS ![disk2vhd 2.](images/disk2vhd-gen2.png) - >Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. + Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. 6. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (PC1.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: @@ -424,7 +433,7 @@ The following tables display the Hyper-V VM generation to choose based on the OS ![disk2vhd 3.](images/disk2vhd4.png) - >Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. + Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive. 5. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHD file (w7.vhd) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory: @@ -440,7 +449,6 @@ The following tables display the Hyper-V VM generation to choose based on the OS ### Resize VHD -
                      Enhanced session mode > [!IMPORTANT] @@ -689,7 +697,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force ``` - >The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. You can verify this by using the command: Get-DhcpServerv4Lease -ScopeId 192.168.0.0. + The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. You can verify this by using the command: Get-DhcpServerv4Lease -ScopeId 192.168.0.0. 11. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already exists on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1: @@ -747,13 +755,13 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 14. Sign in to PC1 using an account that has local administrator rights. - >PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account. + PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account. 15. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. You can monitor device driver installation by clicking **Show hidden icons** in the notification area. ![PoC 1.](images/installing-drivers.png) - >If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. + If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease. 16. When the new network adapter driver has completed installation, you will receive an alert to set a network location for the contoso.com network. Select **Work network** and then click **Close**. When you receive an alert that a restart is required, click **Restart Later**. @@ -792,7 +800,8 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000 ``` - >If PC1 is running Windows 7, enhanced session mode might not be available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. + > [!NOTE] + > If PC1 is running Windows 7, enhanced session mode might not be available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them. 18. Minimize the PC1 window and switch to the Hyper-V host computer. Open an elevated Windows PowerShell ISE window on the Hyper-V host (right-click Windows PowerShell and then click **Run ISE as Administrator**) and type the following commands in the (upper) script editor pane: @@ -805,13 +814,14 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to Restart-Computer ``` - >If you do not see the script pane, click **View** and verify **Show Script Pane Top** is enabled. Click **File** and then click **New**. + If you do not see the script pane, click **View** and verify **Show Script Pane Top** is enabled. Click **File** and then click **New**. See the following example: ![ISE 1.](images/ISE.png) 19. Click **File**, click **Save As**, and save the commands as **c:\VHD\pc1.ps1** on the Hyper-V host. + 20. In the (lower) terminal input window, type the following commands to enable Guest Service Interface on PC1 and then use this service to copy the script to PC1: ```powershell @@ -819,7 +829,8 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to Copy-VMFile "PC1" -SourcePath "C:\VHD\pc1.ps1" -DestinationPath "C:\pc1.ps1" -CreateFullPath -FileSource Host ``` - >In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. If this service is not enabled in this step, then the copy-VMFile command will fail. In this case, you can try updating integration services on the VM by mounting the Hyper-V Integration Services Setup (vmguest.iso), which is located in C:\Windows\System32 on Windows Server 2012 and 2012 R2 operating systems that are running the Hyper-V role service. + > [!NOTE] + > In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. If this service is not enabled in this step, then the copy-VMFile command will fail. In this case, you can try updating integration services on the VM by mounting the Hyper-V Integration Services Setup (vmguest.iso), which is located in C:\Windows\System32 on Windows Server 2012 and 2012 R2 operating systems that are running the Hyper-V role service. If the copy-vmfile command does not work and you cannot properly enable or upgrade integration services on PC1, then create the file c:\pc1.ps1 on the VM by typing the commands into this file manually. The copy-vmfile command is only used in this procedure as a demonstration of automation methods that can be used in a Hyper-V environment when enhanced session mode is not available. After typing the script file manually, be sure to save the file as a Windows PowerShell script file with the .ps1 extension and not as a text (.txt) file. @@ -829,7 +840,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to Get-Content c:\pc1.ps1 | powershell.exe -noprofile - ``` - >The commands in this script might take a few moments to complete. If an error is displayed, check that you typed the command correctly, paying close attention to spaces. PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. PC1 is also not renamed to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. + The commands in this script might take a few moments to complete. If an error is displayed, check that you typed the command correctly, paying close attention to spaces. PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. PC1 is also not renamed to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer. 22. Upon completion of the script, PC1 will automatically restart. When it has restarted, sign in to the contoso.com domain using the **Switch User** option, with the **user1** account you created in step 11 of this section. @@ -837,6 +848,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to > The settings that will be used later to migrate user data specifically select only accounts that belong to the CONTOSO domain. However, this can be changed to migrate all user accounts, or only other specified accounts. If you wish to test migration of user data and settings with accounts other than those in the CONTOSO domain, you must specify these accounts or domains when you configure the value of **ScanStateArgs** in the MDT test lab guide. This value is specifically called out when you get to that step. If you wish to only migrate CONTOSO accounts, then you can log in with the user1 account or the administrator account at this time and modify some of the files and settings for later use in migration testing. 23. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. + 24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands: ```powershell @@ -845,7 +857,9 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to ``` 25. Accept the default settings, read license terms and accept them, provide an administrator password of pass@word1, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**. + 26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM. + 27. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands: ```powershell @@ -970,13 +984,20 @@ Use the following procedures to verify that the PoC environment is configured pr ipconfig /all ``` - **Get-Service** displays a status of "Running" for all three services.
                      - **DCDiag** displays "passed test" for all tests.
                      - **Get-DnsServerResourceRecord** displays the correct DNS address records for DC1, SRV1, and the computername of PC1. Additional address records for the zone apex (@), DomainDnsZones, and ForestDnsZones will also be registered.
                      - **Get-DnsServerForwarder** displays a single forwarder of 192.168.0.2.
                      - **Resolve-DnsName** displays public IP address results for `www.microsoft.com`.
                      - **Get-DhcpServerInDC** displays 192.168.0.1, `dc1.contoso.com`.
                      - **Get-DhcpServerv4Statistics** displays 1 scope with 2 addresses in use (these belong to PC1 and the Hyper-V host).
                      + **Get-Service** displays a status of "Running" for all three services. + + **DCDiag** displays "passed test" for all tests. + + **Get-DnsServerResourceRecord** displays the correct DNS address records for DC1, SRV1, and the computername of PC1. Additional address records for the zone apex (@), DomainDnsZones, and ForestDnsZones will also be registered. + + **Get-DnsServerForwarder** displays a single forwarder of 192.168.0.2. + + **Resolve-DnsName** displays public IP address results for `www.microsoft.com`. + + **Get-DhcpServerInDC** displays 192.168.0.1, `dc1.contoso.com`. + + **Get-DhcpServerv4Statistics** displays 1 scope with 2 addresses in use (these belong to PC1 and the Hyper-V host). + **ipconfig** displays a primary DNS suffix and suffix search list of `contoso.com`, IP address of 192.168.0.1, subnet mask of 255.255.255.0, default gateway of 192.168.0.2, and DNS server addresses of 192.168.0.1 and 192.168.0.2. 2. On SRV1, open an elevated Windows PowerShell prompt and type the following commands: @@ -989,10 +1010,14 @@ Use the following procedures to verify that the PoC environment is configured pr netsh int ipv4 show address ``` - **Get-Service** displays a status of "Running" for both services.
                      - **Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you are required to use so that SRV1 can resolve Internet names.
                      - **Resolve-DnsName** displays public IP address results for `www.microsoft.com`.
                      - **ipconfig** displays a primary DNS suffix of `contoso.com`. The suffix search list contains `contoso.com` and your corporate domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP addresses of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your corporate network.
                      + **Get-Service** displays a status of "Running" for both services. + + **Get-DnsServerForwarder** either displays no forwarders, or displays a list of forwarders you are required to use so that SRV1 can resolve Internet names. + + **Resolve-DnsName** displays public IP address results for `www.microsoft.com`. + + **ipconfig** displays a primary DNS suffix of `contoso.com`. The suffix search list contains `contoso.com` and your corporate domain. Two ethernet adapters are shown: Ethernet adapter "Ethernet" has an IP addresses of 192.168.0.2, subnet mask of 255.255.255.0, no default gateway, and DNS server addresses of 192.168.0.1 and 192.168.0.2. Ethernet adapter "Ethernet 2" has an IP address, subnet mask, and default gateway configured by DHCP on your corporate network. + **netsh** displays three interfaces on the computer: interface "Ethernet 2" with DHCP enabled = Yes and IP address assigned by your corporate network, interface "Ethernet" with DHCP enabled = No and IP address of 192.168.0.2, and interface "Loopback Pseudo-Interface 1" with IP address of 127.0.0.1. 3. On PC1, open an elevated Windows PowerShell prompt and type the following commands: @@ -1005,10 +1030,14 @@ Use the following procedures to verify that the PoC environment is configured pr tracert www.microsoft.com ``` - **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed.
                      - **hostname** displays the name of the local computer, for example W7PC-001.
                      - **nslookup** displays the DNS server used for the query, and the results of the query. For example, server `dc1.contoso.com`, address 192.168.0.1, Name `e2847.dspb.akamaiedge.net`.
                      - **ping** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it cannot be resolved, "..could not find host" will be displayed and if the target is found and also responds to ICMP, you will see "Reply from" and the IP address of the target.
                      + **whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed. + + **hostname** displays the name of the local computer, for example W7PC-001. + + **nslookup** displays the DNS server used for the query, and the results of the query. For example, server `dc1.contoso.com`, address 192.168.0.1, Name `e2847.dspb.akamaiedge.net`. + + **ping** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it cannot be resolved, "..could not find host" will be displayed and if the target is found and also responds to ICMP, you will see "Reply from" and the IP address of the target. + **tracert** displays the path to reach the destination, for example `srv1.contoso.com` [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination. From 0407a31059daa4dda19a5c6cf23f6b990b580fa1 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 9 Dec 2021 16:18:58 -0800 Subject: [PATCH 190/335] Add image border; add lightbox to large image --- windows/deployment/windows-10-poc.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 0bcd6de74e..fe437a325e 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -200,18 +200,20 @@ When you have completed installation of Hyper-V on the host computer, begin conf > [!IMPORTANT] > This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. - After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below. + After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below. - ![VHD](images/download_vhd.png) + :::image type="content" alt-text="VHD" source="images/download_vhd.png"::: 2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simple to recognize and type. + 3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**. + 4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. - During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. + During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. - > [!NOTE] - > The evaluation version of Windows 10 does not support in-place upgrade**. + > [!NOTE] + > The evaluation version of Windows 10 does not support in-place upgrade**. 5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simple to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO. @@ -818,7 +820,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to See the following example: - ![ISE 1.](images/ISE.png) + :::image type="content" alt-text="ISE 1." source="images/ISE.png" lightbox="images/ISE.png"::: 19. Click **File**, click **Save As**, and save the commands as **c:\VHD\pc1.ps1** on the Hyper-V host. From 01232537854d3ca68205abf262b1282694dc6600 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 10 Dec 2021 10:52:53 +0530 Subject: [PATCH 191/335] Update windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-manage-in-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index f7d07b7d3c..d6d92affa4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -59,7 +59,7 @@ The following table lists the Group Policy settings that you can configure for W |Minimum PIN length|Computer|

                      Not configured: PIN length must be greater than or equal to 4.

                      Enabled: PIN length must be greater than or equal to the number you specify.

                      Disabled: PIN length must be greater than or equal to 4.| |Expiration|Computer|

                      Not configured: PIN does not expire.

                      Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.

                      Disabled: PIN does not expire.| |History|Computer|

                      Not configured: Previous PINs are not stored.

                      Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.

                      Disabled: Previous PINs are not stored.

                      Note  Current PIN is included in PIN history.
                      | -|Require special characters|Computer|

                      Not configured: Windows allows, but does not require, special characters in the PIN

                      Enabled: Windows requires the user to include at least one special character in their PIN.

                      Disabled: Windows does not allow the user to include special characters in their PIN.| +|Require special characters|Computer|

                      Not configured: Windows allows, but does not require, special characters in the PIN.

                      Enabled: Windows requires the user to include at least one special character in their PIN.

                      Disabled: Windows does not allow the user to include special characters in their PIN.| |Require uppercase letters|Computer|

                      Not configured: Users cannot include an uppercase letter in their PIN.

                      Enabled: Users must include at least one uppercase letter in their PIN.

                      Disabled: Users cannot include an uppercase letter in their PIN.| ### Phone Sign-in From 1a41dd2059c10e60ec6c7e519cf22b418c6126b4 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:04:29 +0530 Subject: [PATCH 192/335] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 686aaecb14..e1d8281bb6 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -61,7 +61,7 @@ manager: dansimp This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI: `````` -- The HTTPS endpoint must not have any additional authentication checks such as login or multi-factor authentication. +- The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. - The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store. - A certificate should not be a public certificate. From dff2610703e38f778819aff3e9a85e24b39ed63e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:04:55 +0530 Subject: [PATCH 193/335] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index e1d8281bb6..21039fb51c 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -59,7 +59,8 @@ manager: dansimp This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. -When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI: + +When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should follow this format, even in the UI: `````` - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. From c798567889191eedab6c0c7fb6895246c7e6dec2 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:05:05 +0530 Subject: [PATCH 194/335] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 21039fb51c..5c296ad42b 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -64,7 +64,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should `````` - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. -- The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store. +- The client must trust the server certificate, so the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store. - A certificate should not be a public certificate. From 726dd867bef292d80a0d43eb27b886a9ae0344fc Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:05:15 +0530 Subject: [PATCH 195/335] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 5c296ad42b..ffd0fbfd0b 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -68,8 +68,6 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should - A certificate should not be a public certificate. - -

                      From 2e8be1a309e63ac7d14c6e77e5b740702a182430 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 10 Dec 2021 11:55:27 +0530 Subject: [PATCH 196/335] Fixed suggestions and Warnings Task: 5644791: Fixed suggestions and Warnings as per the attachment provided in the task description. --- browsers/edge/group-policies/index.yml | 2 +- browsers/edge/index.yml | 2 +- .../ie11-deploy-guide/img-ie11-docmode-lg.md | 7 +- .../ie11-deploy-guide/manage-ie11-overview.md | 9 +-- ...tory-microsoft-store-business-education.md | 6 +- store-for-business/sfb-change-history.md | 8 +-- ...t-removal-policy-external-storage-media.md | 2 +- .../troubleshoot-event-id-41-restart.md | 2 +- ...ot-stop-error-on-broadcom-driver-update.md | 2 +- ...ery-tool-in-compatibility-administrator.md | 3 +- .../deployment/update/windows-as-a-service.md | 70 +++++++++---------- .../deployment/upgrade/upgrade-error-codes.md | 13 ++-- .../windows-10-deployment-scenarios.md | 5 +- ...-endpoints-1909-non-enterprise-editions.md | 3 +- .../whats-new/windows-10-insider-preview.md | 3 +- 15 files changed, 60 insertions(+), 77 deletions(-) diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml index 0b2aef014b..0f970282ed 100644 --- a/browsers/edge/group-policies/index.yml +++ b/browsers/edge/group-policies/index.yml @@ -9,7 +9,7 @@ metadata: keywords: Microsoft Edge Legacy, Windows 10 ms.localizationpriority: medium ms.prod: edge - author: shortpatti + author: dougeby ms.author: pashort ms.topic: landing-page ms.devlang: na diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml index 04b23cd56e..accbb0e679 100644 --- a/browsers/edge/index.yml +++ b/browsers/edge/index.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium ms.topic: landing-page # Required ms.collection: collection # Optional; Remove if no collection is used. - author: shortpatti #Required; your GitHub user alias, with correct capitalization. + author: dougeby #Required; your GitHub user alias, with correct capitalization. ms.author: pashort #Required; microsoft alias of author; optional team alias. ms.date: 07/07/2020 #Required; mm/dd/yyyy format. diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md index a285c99103..2738d426b9 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md +++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md @@ -14,9 +14,6 @@ ms.author: dansimp [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)] -Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
                      - -

                      - Full-sized flowchart detailing how document modes are chosen in IE11 -

                      +Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) + ![Full-sized flowchart detailing how document modes are chosen in IE11](images/docmode-decisions-lg.png) diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md index 66b29a20c4..58a2d5298b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md +++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md @@ -36,11 +36,4 @@ Use the topics in this section to learn about how to auto detect your settings, |------|------------| |[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. | |[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. | -|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |  - - - - - - - +|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. | diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index 962ec31ffd..a4f1f93a78 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -1,6 +1,6 @@ --- -title: Whats new in Microsoft Store for Business and Education -description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education. +title: Microsoft Store for Business and Education release history +description: Know the release history of Microsoft Store for Business and Microsoft Store for Education. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -18,7 +18,7 @@ manager: dansimp > [!IMPORTANT] > Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution). -Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. +Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md index f57695f277..08e7950bb0 100644 --- a/store-for-business/sfb-change-history.md +++ b/store-for-business/sfb-change-history.md @@ -76,6 +76,7 @@ ms.localizationpriority: medium | --- | --- | | [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New | | [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. | +| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. | ## June 2017 @@ -84,10 +85,3 @@ ms.localizationpriority: medium | [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. | | [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. | | [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. | - -## July 2017 - -| New or changed topic | Description | -| -------------------- | ----------- | -| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. | -| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. | \ No newline at end of file diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md index d59710d70b..8b0e587b74 100644 --- a/windows/client-management/change-default-removal-policy-external-storage-media.md +++ b/windows/client-management/change-default-removal-policy-external-storage-media.md @@ -3,7 +3,7 @@ title: Windows 10 default media removal policy description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal." ms.prod: w10 author: Teresa-Motiv -ms.author: v-tea +ms.author: dougeby ms.date: 11/25/2020 ms.topic: article ms.custom: diff --git a/windows/client-management/troubleshoot-event-id-41-restart.md b/windows/client-management/troubleshoot-event-id-41-restart.md index 277685cfc8..c1d7a706b0 100644 --- a/windows/client-management/troubleshoot-event-id-41-restart.md +++ b/windows/client-management/troubleshoot-event-id-41-restart.md @@ -2,7 +2,7 @@ title: Advanced troubleshooting for Event ID 41 - "The system has rebooted without cleanly shutting down first" description: Describes the circumstances that cause a computer to generate Event ID 41, and provides guidance for troubleshooting the issue author: Teresa-Motiv -ms.author: v-tea +ms.author: dougeby ms.date: 12/27/2019 ms.prod: w10 ms.topic: article diff --git a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md index fb99d5d919..a22426c30a 100644 --- a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md +++ b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md @@ -2,7 +2,7 @@ title: Stop error occurs when you update the in-box Broadcom network adapter driver description: Describes an issue that causes a stop error when you update an in-box Broadcom driver on Windows Server 2019, version 1809. author: Teresa-Motiv -ms.author: v-tea +ms.author: dougeby ms.date: 2/3/2020 ms.prod: w10 ms.topic: article diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md index 6135a8daf8..b225fd6214 100644 --- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md @@ -105,8 +105,7 @@ You can use the **Fix Description** tab of the Query tool to add parameters that The query runs and the results of the query are displayed in the lower pane. -## Querying by Using the Fix Description Tab - +## Querying by Using the Advanced Tab You can use the **Fix Description** tab of the Query tool to add additional SQL Server SELECT and WHERE clauses to your search criteria. diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index 2e41bda86e..2cf662ee15 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -1,5 +1,5 @@ --- -title: Windows as a service +title: Windows as a service ms.prod: w10 ms.topic: landing-page ms.manager: laurawi @@ -26,21 +26,20 @@ Find the latest and greatest news on Windows 10 deployment and servicing. **Discovering the Windows 10 Update history pages** > [!VIDEO https://www.youtube-nocookie.com/embed/mTnAb9XjMPY] -Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. Bookmark the Windows release health dashboard for near real-time information on known issues, workarounds, and resolutions--as well as the current status of the latest feature update rollout. +Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. Bookmark the [Windows release health dashboard](/windows/release-health/) for near real-time information on known issues, workarounds, and resolutions--as well as the current status of the latest feature update rollout. The latest news: - + +- [How to get Extended Security Updates for eligible Windows devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/How-to-get-Extended-Security-Updates-for-eligible-Windows/ba-p/917807) - October 17, 2019 +- [End of service reminders for Windows 10, versions 1703 and 1803](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/End-of-service-reminders-for-Windows-10-versions-1703-and-1803/ba-p/903715) - October 9, 2019 +- [Using machine learning to improve the Windows 10 update experience](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Using-machine-learning-to-improve-the-Windows-10-update/ba-p/877860) - September 26, 2019 +- [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054) - September 24, 2019 +- [New extended support dates for MDOP tools](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-extended-support-dates-for-MDOP-tools/ba-p/837312) - September 4, 2019 +- [FastTrack for Windows 10 deployment and other migration resources](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/FastTrack-for-Windows-10-deployment-and-other-migration/ba-p/800406) - August 12, 2019 +- [Tactical considerations for creating Windows deployment rings](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) - July 10, 2019 +- [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrading-Windows-10-devices-with-installation-media-different/ba-p/746126) - July 9, 2019 +- [Moving to the next Windows 10 feature update for commercial customers](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Moving-to-the-next-Windows-10-feature-update-for-commercial/ba-p/732968) - July 1, 2019 + [See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog). @@ -49,20 +48,19 @@ Written by IT pros for IT pros, sharing real world examples and scenarios for Wi Champs -**NEW** Tactical considerations for creating Windows deployment rings +[**NEW** Tactical considerations for creating Windows deployment rings](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) -**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization +[**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445) -Deployment rings: The hidden [strategic] gem of Windows as a service +[Deployment rings: The hidden [strategic] gem of Windows as a service](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622) -Classifying Windows updates in common deployment tools +[Classifying Windows updates in common deployment tools](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Classifying-Windows-updates-in-common-deployment-tools/ba-p/331175) -Express updates for Windows Server 2016 re-enabled for November 2018 update - +[Express updates for Windows Server 2016 re-enabled for November 2018 update](/windows-server/get-started/express-updates) -2019 SHA-2 Code Signing Support requirement for Windows and WSUS +[2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/) -Deploying Windows 10 Feature Updates to 24/7 Mission Critical Devices +[Deploying Windows 10 Feature Updates to 24/7 Mission Critical Devices](/windows/deployment/update/feature-update-mission-critical) ## Discover @@ -70,14 +68,14 @@ Learn more about Windows as a service and its value to your organization. Discover -Overview of Windows as a service +[Overview of Windows as a service](waas-overview.md) -Quick guide to Windows as a service +[Quick guide to Windows as a service](waas-quick-start.md) -What's new in Windows 10 deployment +[What's new in Windows 10 deployment](../deploy-whats-new.md) -How Microsoft IT deploys Windows 10 +[How Microsoft IT deploys Windows 10](https://channel9.msdn.com/events/Ignite/2015/BRK3303) ## Plan @@ -85,15 +83,15 @@ Prepare to implement Windows as a service effectively using the right tools, pro Plan -Simplified updates +[Simplified updates](https://www.microsoft.com/windowsforbusiness/simplified-updates) -Windows 10 end user readiness +[Windows 10 end user readiness](https://www.microsoft.com/itpro/windows-10/end-user-readiness) -Ready for Windows +[Ready for Windows](https://developer.microsoft.com/windows/ready-for-windows#/) -Manage Windows upgrades with Upgrade Readiness +[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) -Preparing your organization for a seamless Windows 10 deployment +[Preparing your organization for a seamless Windows 10 deployment](https://www.microsoft.com/itshowcase/windows10deployment) ## Deploy @@ -101,15 +99,15 @@ Secure your organization's deployment investment. Deploy -Update Windows 10 in the enterprise +[Update Windows 10 in the enterprise](index.md) -Deploying as an in-place upgrade +[Deploying as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade) -Configure Windows Update for Business +[Configure Windows Update for Business](waas-configure-wufb.md) -Express update delivery +[Express update delivery](waas-optimize-windows-10-updates.md#express-update-delivery) -Windows 10 deployment considerations +[Windows 10 deployment considerations](../planning/windows-10-deployment-considerations.md) ## Microsoft Ignite 2018 diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 8af8acdd00..dfcc3d607e 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -21,10 +21,9 @@ ms.collection: highpri - Windows 10 >[!NOTE] ->This is a 400 level topic (advanced).
                      +>This is a 400 level topic (advanced). >See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. - If the upgrade process is not successful, Windows Setup will return two codes: 1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error. @@ -39,7 +38,7 @@ Note: If only a result code is returned, this can be because a tool is being use ## Result codes -A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
                      To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. +A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. The following set of result codes are associated with [Windows Setup](/windows-hardware/manufacture/desktop/windows-setup-command-line-options) compatibility warnings: @@ -145,7 +144,7 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4 ## Related topics [Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml) -
                      [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
                      [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications) -
                      [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
                      [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) +[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications) +[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index d283c2d8f3..8dd6d2f734 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -19,6 +19,7 @@ ms.collection: highpri # Windows 10 deployment scenarios **Applies to** + - Windows 10 To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task. @@ -32,9 +33,9 @@ The following tables summarize various Windows 10 deployment scenarios. The scen > [!NOTE] > Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates. -- Dynamic deployment methods enable you to configure applications and settings for specific use cases. +- Dynamic deployment methods enable you to configure applications and settings for specific use cases. -- Traditional deployment methods use existing tools to deploy operating system images.
                        +- Traditional deployment methods use existing tools to deploy operating system images. ### Modern diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index bf8ec55031..3520abedd7 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -148,7 +148,8 @@ The following methodology was used to derive the network endpoints: |ris.api.iris.microsoft.com|TLS v1.2|Windows Spotlight |settings-win.data.microsoft.com|HTTPS/TLS v1.2|Used for Windows apps to dynamically update their configuration |spo-ring.msedge.net|TLSv1.2|Cortana and Live Tiles -|telecommand.telemetry.microsoft.com|TLS v1.2|Used by Windows Error Reporting ||tile-service.weather.microsoft.com|HTTP|Used for the Weather app +|telecommand.telemetry.microsoft.com|TLS v1.2|Used by Windows Error Reporting +|tile-service.weather.microsoft.com|HTTP|Used for the Weather app |tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation |v10.events.data.microsoft.com/onecollector/1.0/|HTTPS/TLS v1.2|Diagnostic Data |v10.events.data.microsoft.com|HTTPS/TLS v1.2|Used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md index 6fd107bf08..2e6f2191f7 100644 --- a/windows/whats-new/windows-10-insider-preview.md +++ b/windows/whats-new/windows-10-insider-preview.md @@ -14,7 +14,8 @@ ms.topic: article # Documentation for Windows 10 Insider Preview -> [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ] +>[!NOTE] +> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This section contains preliminary documentation for some enterprise features in Windows 10 Insider Preview. Information in this section may change frequently. From 77c6b849d4942f7e39442f4b4c5e9d6344afa250 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Fri, 10 Dec 2021 09:01:04 +0100 Subject: [PATCH 197/335] Update windows/client-management/mdm/policy-csp-networklistmanager.md Using this format is not a 'should' but a 'must', otherwise it just doesn't work. --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index ffd0fbfd0b..37197c7b20 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -60,7 +60,7 @@ manager: dansimp This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. -When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should follow this format, even in the UI: +When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI: `````` - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. From e85598d6f8c9d756c1748a2bb9a3dfc16453b60d Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Fri, 10 Dec 2021 14:41:51 +0530 Subject: [PATCH 198/335] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index f1e0b1895c..e17985f888 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -16,7 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -ms.date: 11/29/2021 +ms.date: 12/10/2021 ms.technology: privacy --- From 662c0cca86003bda67323fb1c45078dc6a797e74 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 10 Dec 2021 16:13:43 +0530 Subject: [PATCH 199/335] Converted tables into markdown --- .../mdm/policy-csp-timelanguagesettings.md | 160 ++++-------------- 1 file changed, 32 insertions(+), 128 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index b176166a68..8c80347095 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -43,38 +43,14 @@ manager: dansimp **TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -121,38 +97,14 @@ ADMX Info: **TimeLanguageSettings/ConfigureTimeZone** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -189,38 +141,14 @@ Specifies the time zone to be applied to the device. This is the standard Window **TimeLanguageSettings/MachineUILanguageOverwrite** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      @@ -267,38 +195,14 @@ ADMX Info: **TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      From 37b45d760a8c224c3057f1928142baf3d3ce5ec3 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 10 Dec 2021 16:25:02 +0530 Subject: [PATCH 200/335] converted table into markdown --- .../mdm/policy-csp-windowsautopilot.md | 40 ++++--------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index fedfc265ec..1dc3fde74d 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -34,38 +34,14 @@ manager: dansimp **WindowsAutoPilot/EnableAgilityPostEnrollment** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      EditionWindows 10Windows 11
                      HomeNoNo
                      ProYesYes
                      BusinessYesYes
                      EnterpriseYesYes
                      EducationYesYes
                      + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
                      From f1bff3c3f844a5a38a4edf3a043311952986b30b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 10 Dec 2021 20:02:53 +0530 Subject: [PATCH 201/335] added prefessional , enterprise editions as per user feedback #10185, so i added professional and enterprise editions for windows 11 and 11. --- .../credential-guard/credential-guard-requirements.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 095e9ddef9..bcd7516d2d 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -21,10 +21,10 @@ ms.date: 09/30/2020 ## Applies to -- Windows 10 -- Windows 11 -- Windows Server 2016 +- Windows 11 Professional and Enterprise +- Windows 10 Professional and Enterprise - Windows Server 2019 +- Windows Server 2016 For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). @@ -155,4 +155,4 @@ The following table lists qualifications for Windows 10, version 1703, which are > > - Do not attempt to directly modify executable system memory > -> - Do not use dynamic code \ No newline at end of file +> - Do not use dynamic code From e9f9adcb653fb56385895de444b5def1531928b4 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 11:25:58 -0700 Subject: [PATCH 202/335] Update windows/client-management/mdm/policy-csp-textinput.md --- windows/client-management/mdm/policy-csp-textinput.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 704f861562..be2edb8989 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -657,7 +657,7 @@ Default: Enabled The following list shows the supported values: - 1 (Enabled) - The newer UX is downloaded from Microsoft service. -- 0 (Diabled) - The UX remains unchanged with what the operating system installs. +- 0 (Disabled) - The UX remains unchanged with what the operating system installs. From daa4dc268f1d87d5c7434e2e84263e8924d4cd00 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 11:55:34 -0700 Subject: [PATCH 203/335] Update windows/client-management/mdm/policy-csp-system.md --- windows/client-management/mdm/policy-csp-system.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 92131c2cb0..67975bf4f5 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1395,7 +1395,6 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled -- From f6e3d1ed26791189d63ac6bf53c35820774b8a44 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 11:59:24 -0700 Subject: [PATCH 204/335] Update windows/client-management/mdm/policy-csp-system.md --- windows/client-management/mdm/policy-csp-system.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 67975bf4f5..c3266bea55 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1344,7 +1344,6 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled -- From 7417a4764dbdb84a2625d40308bff6a0ebb5b3fa Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 12:00:45 -0700 Subject: [PATCH 205/335] Update policy-csp-system.md --- windows/client-management/mdm/policy-csp-system.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index c3266bea55..9e31c3a67b 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1344,6 +1344,7 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled + From 91183da4a1033ef79055a64ec8170e176a1e1fbf Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 10 Dec 2021 11:37:02 -0800 Subject: [PATCH 206/335] added full size images to resolve customer-submitted issue in public repo --- .../hello-for-business/hello-how-it-works-provisioning.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index c114cd86e5..bf92834f9b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -39,6 +39,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, ## Azure AD joined provisioning in a Managed environment ![Azure AD joined provisioning in a Managed environment.](images/howitworks/prov-aadj-managed.png) +[Full size image](images/howitworks/prov-aadj-managed.png) | Phase | Description | | :----: | :----------- | @@ -50,6 +51,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Azure AD joined provisioning in a Federated environment ![Azure AD joined provisioning in Managed environment.](images/howitworks/prov-aadj-federated.png) +[Full size image](images/howitworks/prov-aadj-federated.png) | Phase | Description | | :----: | :----------- | @@ -60,7 +62,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment ![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment.](images/howitworks/prov-haadj-keytrust-managed.png) - +[Full size image](images/howitworks/prov-haadj-keytrust-managed.png) | Phase | Description | |:-----:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -78,7 +80,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment ![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment.](images/howitworks/prov-haadj-instant-certtrust-federated.png) - +[Full size image](images/howitworks/prov-haadj-instant-certtrust-federated.png) | Phase | Description | |:-----:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -96,6 +98,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Domain joined provisioning in an On-premises Key Trust deployment ![Domain joined provisioning in an On-premises Key Trust deployment.](images/howitworks/prov-onprem-keytrust.png) +[Full size image](images/howitworks/prov-onprem-keytrust.png) | Phase | Description | | :----: | :----------- | @@ -107,6 +110,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Domain joined provisioning in an On-premises Certificate Trust deployment ![Domain joined provisioning in an On-premises Certificate Trust deployment.](images/howitworks/prov-onprem-certtrust.png) +[Full size image](images/howitworks/prov-onprem-certtrust.png) | Phase | Description | | :----: | :----------- | From 829eeb881b1ab7f977f3a4451904c4c686a184bb Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 13 Dec 2021 15:17:31 +0530 Subject: [PATCH 207/335] Updated the topic as per task 5628377 --- windows/security/threat-protection/intelligence/criteria.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 1f07f8975c..12e405077b 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/04/2021 +ms.date: 12/13/2021 search.appverid: met150 ms.technology: windows-sec --- @@ -49,6 +49,8 @@ Microsoft classifies most malicious software into one of the following categorie * **Backdoor:** A type of malware that gives malicious hackers remote access to and control of your device. +* **Command and Control:** A type of malware that infects your device and establishes communication with the hackers’ command-and-control server to receive instructions. Once communication is established, hackers can send commands that can steal data, shut down and reboot the device, and disrupt web services. + * **Downloader:** A type of malware that downloads other malware onto your device. It must connect to the internet to download files. * **Dropper:** A type of malware that installs other malware files onto your device. Unlike a downloader, a dropper doesn't have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself. From c17c1baf592811bf5d9b717f191a2ecfd4b29dfd Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 13 Dec 2021 19:56:04 +0500 Subject: [PATCH 208/335] Update update-compliance-using.md --- windows/deployment/update/update-compliance-using.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index d27fd0af96..b79203ce61 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -33,7 +33,7 @@ Update Compliance: - Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities. ## The Update Compliance tile -After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you'll see this tile: +After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you can navigate to your log analytics workspace, then select your Update Compliance deployment in the **Solutions** section and click on **Summary** to see this tile: ![Update Compliance tile no data.](images/UC_tile_assessing.png) @@ -93,4 +93,4 @@ See below for a few topics related to Log Analytics: ## Related topics -[Get started with Update Compliance](update-compliance-get-started.md) \ No newline at end of file +[Get started with Update Compliance](update-compliance-get-started.md) From d63715caa0e4e061bbcef5e03bcec871648f0c78 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 13 Dec 2021 13:12:15 -0500 Subject: [PATCH 209/335] Line 63: Replaced broken link --- windows/deployment/update/windows-as-a-service.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index 2cf662ee15..a034dba7a3 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -60,7 +60,7 @@ Written by IT pros for IT pros, sharing real world examples and scenarios for Wi [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/) -[Deploying Windows 10 Feature Updates to 24/7 Mission Critical Devices](/windows/deployment/update/feature-update-mission-critical) +[What is Windows Update for Business?](waas-manage-updates-wufb.md) ## Discover @@ -113,4 +113,4 @@ Secure your organization's deployment investment. ## Microsoft Ignite 2018 Ignite -Looking to learn more? These informative session replays from Microsoft Ignite 2018 (complete with downloadable slide decks) can provide some great insights on Windows as a service. See [MyIgnite - Session catalog](https://myignite.techcommunity.microsoft.com/sessions). \ No newline at end of file +Looking to learn more? These informative session replays from Microsoft Ignite 2018 (complete with downloadable slide decks) can provide some great insights on Windows as a service. See [MyIgnite - Session catalog](https://myignite.techcommunity.microsoft.com/sessions). From d1055728e17e6834e838210483d3fd073c66ed39 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 13 Dec 2021 13:19:33 -0500 Subject: [PATCH 210/335] Line 149: Replaced broken link; Added spacing --- windows/deployment/upgrade/upgrade-error-codes.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index dfcc3d607e..3675d0d71a 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -143,8 +143,8 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4 ## Related topics -[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml) -[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications) -[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml) +[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) +[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) +[Microsoft Windows Q & A](https://docs.microsoft.com/answers/products/windows) +[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) From 19e717e73dc2525e1241a9abb093d80bb31c4f7b Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 13 Dec 2021 13:27:48 -0500 Subject: [PATCH 211/335] Used Docs image extension; Added lightbox --- .../internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md index 2738d426b9..ca1542a952 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md +++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md @@ -16,4 +16,5 @@ ms.author: dansimp Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) - ![Full-sized flowchart detailing how document modes are chosen in IE11](images/docmode-decisions-lg.png) +:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png"::: + From decb8842de7fb51898d8d6e30933c985eb8b38a5 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 13 Dec 2021 11:54:45 -0700 Subject: [PATCH 212/335] Update windows/deployment/upgrade/upgrade-error-codes.md --- windows/deployment/upgrade/upgrade-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 3675d0d71a..2b08e9adc9 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -146,5 +146,5 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4 [Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml) [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) -[Microsoft Windows Q & A](https://docs.microsoft.com/answers/products/windows) +[Microsoft Windows Q & A](/answers/products/windows) [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) From a41b8c02f62d3165d3e7545e18225d786e032155 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 13 Dec 2021 14:50:09 -0500 Subject: [PATCH 213/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 90775c4c17..a9eea631a0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -30,7 +30,7 @@ Topics this article will be discussing are: 5. Best Practices 6. Tutorial/Walkthrough -## File Rule Precendence Order +## File Rule Precedence Order To create effective WDAC deny policies, it is crucial to understand how WDAC parses the policy. The WDAC engine evaluates files against the policy in the following order. @@ -42,7 +42,7 @@ To create effective WDAC deny policies, it is crucial to understand how WDAC par 4. Lastly, WDAC will call the Intelligent Security Graph (ISG) to get reputation on file, if the policy has support for the ISG. -Explicit allow and deny rules encompass rules at any level (e.g. hash rules, signer rules path rules, attribute rules or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. +Explicit allow and deny rules encompass rules at any level (for example hash rules, signer rules path rules, attribute rules, or package family name rules). If there is an explicit deny rule, WDAC does not process any other rules, meaning a deny rule always takes precedence in the case where a deny and allow rule would be at odds. ## Interaction with Existing Policies ### Adding Allow Rules @@ -99,19 +99,19 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ``` ## Multiple Policy Considerations -If you are currently using [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the deny list into your policy set. +If you are currently using [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) on a device, there are two options for integrating the blocklist into your policy set. -(Recommended) The first option is to keep the deny list as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: +(Recommended) The first option is to keep the blocklist as its own policy isolated from your allow policies as it is easier to manage. Since applications need to be [allowed by both WDAC policies to run on the device](deploy-multiple-windows-defender-application-control-policies.md#base-and-supplemental-policy-interaction), you will need to add the Allow All rule(s) to your deny policy. This will not override the set of applications allowed by WDAC illustrated by the following example: -Policy 1 is an allow list of Windows and Microsoft-signed applications. Policy 2 is our new deny policy which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, e.g., ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. +Policy 1 is an allowlist of Windows and Microsoft-signed applications. Policy 2 is our new deny policy, which blocks MaliciousApp.exe with the Allow All rules. MaliciousApp.exe will be blocked since there is an explicit block rule in Policy 2. Windows and Microsoft applications will be allowed since there is an explicit allow rule in Policy 1 and Policy 2 (due to the Allow All rules). All other applications, if not Windows and Microsoft signed, for example, ExampleApp.exe, will not be allowed as this application is only trusted by Policy 2 (due to the Allow All rules) and not Policy 1. -The second option involves merging the deny list with your existing WDAC policy, regardless if the policy is an allow list policy and contains allow and/or deny rules. +The second option involves merging the blocklist with your existing WDAC policy, regardless if the policy is an allowlist policy and contains allow and/or deny rules. ## Best Practices 1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids.md) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) -2. **Recommeneded Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. +2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher, which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. ## Creating a Deny Policy Tutorial @@ -134,7 +134,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath ``` ### Adding Allow All Rules -If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the Allow All xml present on the client system in the WDAC template folder: +If necessary, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the Allow All xml present on the client system in the WDAC template folder: ```PowerShell $DenyPolicy = From 3795d60b9f64c95c9ae03bbbf9d48bea54c573a8 Mon Sep 17 00:00:00 2001 From: MandiOhlinger Date: Mon, 13 Dec 2021 15:55:07 -0500 Subject: [PATCH 214/335] adding info on settings app --- education/windows/windows-11-se-overview.md | 2 +- .../windows/windows-11-se-settings-list.md | 39 +++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 342ce437b3..32f5f7795d 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -20,7 +20,7 @@ ms.topic: article - Windows 11 SE - Microsoft Intune for Education -Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled. +Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately). For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits: diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 0c7227041a..4de2367a08 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -62,6 +62,45 @@ The following settings can't be changed. | Administrative tools | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. | | Apps | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). | +## What's available in the Settings app + +On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown. + +- Accessibility + +- Accounts + - Email & accounts + +- Apps + +- Bluetooth & devices + - Bluetooth + - Printers & scanners + - Mouse + - Touchpad + - Typing + - Pen + - AutoPlay + +- Network & internet + - WiFi + - VPN + +- Personalization + - Taskbar + +- Privacy & security + +- System + - Display + - Notifications + - Tablet mode + - Multitasking + - Projecting to this PC + +- Time & Language + - Language & region + ## Next steps [Windows 11 SE for Education overview](windows-11-se-overview.md) From 02bb1b7a3baac333d8b8c4f7fd430fa95412af54 Mon Sep 17 00:00:00 2001 From: Joe Henry Date: Mon, 13 Dec 2021 16:54:56 -0500 Subject: [PATCH 215/335] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index a9eea631a0..bc8dc984f9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -109,7 +109,7 @@ The second option involves merging the blocklist with your existing WDAC policy, ## Best Practices -1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#microsoft-windows-codeintegrity-operational-log-event-ids.md) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) +1. **Starting with Audit Mode Policies** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3077 block events](event-id-explanations.md#optional-intelligent-security-graph-isg-or-managed-installer-mi-diagnostic-events) to ensure only the applications you intended to block are being blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be utilized where otherwise impossible. The hash of an application is updated for every new version released by the publisher, which quickly becomes impractical to manage and protect against new threats where the attacker is quickly iterating on the payload. Additionally, WDAC has optimized parsing of hash rules, but devices may see performance impacts at runtime evaluation when policies have tens of thousands or more hash rules. From e3739e017bdf39d57ef8f1b423f9e80e278997f8 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 13 Dec 2021 18:16:26 -0500 Subject: [PATCH 216/335] Replaced HREFs with MD links --- smb/cloud-mode-business-setup.md | 79 ++++++++++++++++---------------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index 035e9d080a..4dcd276e03 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -34,7 +34,7 @@ In this walkthrough, we'll show you how to deploy and manage a full cloud IT sol - Create policies and app deployment rules - Log in as a user and start using your Windows device -Go to the Microsoft Business site and select **Products** to learn more about pricing and purchasing options for your business. +Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business. ## Prerequisites @@ -50,16 +50,17 @@ Here's a few things to keep in mind before you get started: To set up a cloud infrastructure for your organization, follow the steps in this section. ### 1.1 Set up Office 365 for business -See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to: + +See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to: - Plan your setup - Create Office 365 accounts and how to add your domain. - Install Office -To set up your Microsoft 365 for business tenant, see Get Started with Microsoft 365 for business. +To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365). If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started: -1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**. +1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**. **Figure 1** - Try or buy Office 365 @@ -68,7 +69,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you 2. Fill out the sign up form and provide information about you and your company. 3. Create a user ID and password to use to sign into your account. - This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal). + This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal). 4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code. 5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center. @@ -91,7 +92,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you ![Complete the Office 365 setup in the Microsoft 365 admin center.](images/office365_admin_portal.png) -8. Go back to the admin center to add or buy a domain. +8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain. 1. Select the **Domains** option. **Figure 4** - Option to add or buy a domain @@ -121,7 +122,7 @@ When adding users, you can also assign admin privileges to certain users in your **To add users and assign product licenses** -1. In the admin center, select **Users > Active users**. +1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**. **Figure 7** - Add users @@ -130,7 +131,7 @@ When adding users, you can also assign admin privileges to certain users in your 2. In the **Home > Active users** page, add users individually or in bulk. - To add users one at a time, select **+ Add a user**. - If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in Add users individually or in bulk to Office 365 - Admin Help. + If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). **Figure 8** - Add an individual user @@ -138,7 +139,7 @@ When adding users, you can also assign admin privileges to certain users in your - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users. - The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users. + The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users. **Figure 9** - Import multiple users @@ -151,11 +152,11 @@ When adding users, you can also assign admin privileges to certain users in your ![Verify users and assigned product licenses.](images/o365_active_users.png) ### 1.3 Add Microsoft Intune -Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune? +Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune). **To add Microsoft Intune to your tenant** -1. In the admin center, select **Billing > Purchase services**. +1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**. 2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now. 3. Confirm your order to enable access to Microsoft Intune. 4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**. @@ -178,7 +179,7 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick **To add Azure AD to your domain** -1. In the admin center, select **Admin centers > Azure AD**. +1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**. > [!NOTE] > You will need Azure AD Premium to configure automatic MDM enrollment with Intune. @@ -203,16 +204,16 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick ![Start managing your Azure subscription.](images/azure_ad_successful_signup.png) - This step will take you to the Microsoft Azure portal. + This step will take you to the [Microsoft Azure portal](https://portal.azure.com). ### 1.5 Add groups in Azure AD -This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups. +This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups. -To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups. +To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups. **To add groups in Azure AD** -1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the classic Azure portal, you will see a screen informing you that your directory is ready for use. +1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use. Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory. @@ -252,14 +253,14 @@ To add Azure AD group(s), we will use the this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough. +You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough. > [!IMPORTANT] > We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune. **To enable automatic MDM enrollment** -1. In the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. +1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list. @@ -296,18 +297,18 @@ You can read Microsoft Intune management portal and Microsoft Store for Business. +In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps). **To associate your Store account with Intune and configure synchronization** -1. From the Microsoft Intune management portal, select **Admin**. +1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**. **Figure 24** - Mobile device management ![Set up mobile device management in Intune.](images/intune_admin_mdm_configure.png) -3. Sign into Microsoft Store for Business using the same tenant account that you used to sign into Intune. +3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune. 4. Accept the EULA. 5. In the Store portal, select **Settings > Management tools** to go to the management tools page. 6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business. @@ -316,7 +317,7 @@ In this part of the walkthrough, we'll be working on the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. +7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. 8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune. **Figure 26** - Configure Store for Business sync in Intune @@ -333,20 +334,20 @@ In this part of the walkthrough, we'll be working on the Microsoft Store for Business portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory: +In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory: - Sway - OneNote - PowerPoint Mobile - Excel Mobile - Word Mobile -In the Intune management portal, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune. +In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune. In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune. **Example 1 - Add other apps like Reader and InstaNote** -1. In the Microsoft Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list. +1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list. **Figure 28** - Shop for Store apps @@ -369,7 +370,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync. -1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**. +1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**. 2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync. **Figure 30** - Force a sync in Intune @@ -377,10 +378,10 @@ If you need to sync your most recently purchased apps and have it appear in your ![Force a sync in Intune.](images/intune_admin_mdm_forcesync.png) **To view purchased apps** -- In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. +- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. **To add more apps** -- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this. +- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this. ## 2. Set up devices @@ -425,7 +426,7 @@ Verify that the device is set up correctly and boots without any issues. 2. Confirm that the Store and built-in apps are working. ### 2.3 Verify the device is Azure AD joined -In the Intune management portal, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune. +In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune. **To verify if the device is joined to Azure AD** 1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**. @@ -434,7 +435,7 @@ In the Intune management ![Check the PC name on your device.](images/win10_settings_pcname.png) -2. Log in to the Intune management portal. +2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 3. Select **Groups** and then go to **Devices**. 4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section. @@ -454,7 +455,7 @@ In this section, we'll show you how to reconfigure app deployment settings and a In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible. **To reconfigure app deployment settings** -1. In the Intune management portal, select **Apps** and go to **Apps > Volume-Purchased Apps**. +1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**. 2. Select the app, right-click, then select **Manage Deployment...**. 3. Select the group(s) whose apps will be managed, and then click **Add** to add the group. 4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app. @@ -477,7 +478,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the ### 3.2 Configure other settings in Intune **To disable the camera** -1. In the Intune management portal, select **Policy > Configuration Policies**. +1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**. 2. In the **Policies** window, click **Add** to create a new policy. 3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**. 4. On the **Create Policy** page, select **Device Capabilities**. @@ -500,7 +501,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the ![New policy appears on the list.](images/intune_policies_newpolicy_deployed.png) **To turn off Windows Hello and PINs during device setup** -1. In the Intune management portal, select **Admin**. +1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Go to **Mobile Device Management > Windows > Windows Hello for Business**. 3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**. @@ -560,22 +561,22 @@ For other devices, such as those personally-owned by employees who need to conne ![Device is enrolled in Azure AD.](images/win10_device_enrolled_in_aad.png) -9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. +9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. ### 4.2 Add a new user You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune. -See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the Intune management portal and verify that the same users were added to the Intune groups as well. +See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well. ## Get more info ### For IT admins To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links: -- Set up Office 365 for business -- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365 -- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation +- [Set up Office 365 for business](/microsoft-365/admin/setup) +- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/) +- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/) - Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/). -- Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business +- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/) ### For information workers Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info: From 10319dc0e8c9fa422d706d49dd343ec3e56fff23 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 13 Dec 2021 20:13:23 -0500 Subject: [PATCH 217/335] Acrolinx above 80 --- ...ion-for-bitlocker-planning-and-policies.md | 64 +++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 1364462a23..ba7ecc2d18 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -30,17 +30,17 @@ ms.custom: bitlocker This topic for the IT professional explains how can you plan your BitLocker deployment. -When you design your BitLocker deployment strategy, define the appropriate policies and configuration requirements based on the business requirements of your organization. The following topics will help you collect information that you can use to frame your decision-making process about deploying and managing BitLocker systems. +When you design your BitLocker deployment strategy, define the appropriate policies and configuration requirements based on the business requirements of your organization. The following sections will help you collect information. Use this information to help with your decision-making process about deploying and managing BitLocker systems. ## Audit your environment -To plan your enterprise deployment of BitLocker, you must first understand your current environment. Conduct an informal audit to define your current policies, procedures, and hardware environment. Begin by reviewing your existing corporate security policies as they relate to disk encryption software. If your organization is not currently using disk encryption software, none of these policies will exist. If you are using disk encryption software, then you might need to modify your organization's policies to address the capabilities of BitLocker. +To plan your BitLocker deployment, understand your current environment. Do an informal audit to define your current policies, procedures, and hardware environment. Review your existing disk encryption software corporate security policies. If your organization isn't using disk encryption software, then none of these policies will exist. If you use disk encryption software, then you might need to change your organization's policies to use the BitLocker features. -Use the following questions to help you document your organization's current disk encryption security policies: +To help you document your organization's current disk encryption security policies, answer the following questions: -1. Are there policies to address which computers will use BitLocker and which computers will not use BitLocker? +1. Are there policies to determine which computers will use BitLocker and which computers won't use BitLocker? 2. What policies exist to control recovery password and recovery key storage? -3. What are the policies for validating the identity of users that need to perform BitLocker recovery? +3. What are the policies for validating the user identities that need to run BitLocker recovery? 4. What policies exist to control who in the organization has access to recovery data? 5. What policies exist to control computer decommissioning or retirement? @@ -51,11 +51,11 @@ BitLocker helps prevent unauthorized access to data on lost or stolen computers - Encrypting the entire Windows operating system volume on the hard disk. - Verifying the boot process integrity. -The trusted platform module (TPM) is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline. +The trusted platform module (TPM) is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data. And, help make sure a computer hasn't been tampered with while the system was offline. -In addition, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented. +Also, BitLocker can lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. These extra security measures provide multifactor authentication. They also make sure that the computer won't start or resume from hibernation until the correct PIN or startup key is presented. -On computers that do not have a TPM version 1.2 or higher, you can still use BitLocker to encrypt the Windows operating system volume. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and does not provide the pre-startup system integrity verification offered by BitLocker working with a TPM. +On computers that don't have a TPM version 1.2 or higher, you can still use BitLocker to encrypt the Windows operating system volume. However, this implementation requires the user to insert a USB startup key to start the computer or resume from hibernation. It doesn't provide the pre-startup system integrity verification offered by BitLocker working with a TPM. ### BitLocker key protectors @@ -76,25 +76,25 @@ On computers that do not have a TPM version 1.2 or higher, you can still use Bi | TPM + PIN | Yes| TPM validates early boot components. The user must enter the correct PIN before the start-up process can continue, and before the drive can be unlocked. The TPM will enter lockout if the incorrect PIN is entered repeatedly to protect the PIN from brute force attacks. The number of repeated attempts that will trigger a lockout is variable.| | TPM + Network key | No | The TPM successfully validates early boot components, and a valid encrypted network key has been provided from the WDS server. This authentication method provides automatic unlock of operating system volumes at system reboot while still maintaining multifactor authentication. | | TPM + startup key| Yes| The TPM successfully validates early boot components, and a USB flash drive containing the startup key has been inserted.| -| Startup key only | Yes| The user is prompted to insert the USB flash drive that holds the recovery key and/or startup key and reboot the computer.| +| Startup key only | Yes| The user is prompted for the USB flash drive that has the recovery key and/or startup key, and then reboot the computer.| **Will you support computers without TPM version 1.2 or higher?** -Determine whether you will support computers that do not have a TPM version 1.2 or higher in your environment. If you choose to support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This requires additional support processes similar to multifactor authentication. +Determine if you're support computers that don't have a TPM version 1.2 or higher. If you support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This startup key requires extra support processes similar to multifactor authentication. **What areas of your organization need a baseline level of data protection?** The TPM-only authentication method will provide the most transparent user experience for organizations that need a baseline level of data protection to meet security policies. It has the lowest total cost of ownership. TPM-only might also be more appropriate for computers that are unattended or that must reboot unattended. -However, TPM-only authentication method offers the lowest level of data protection. This authentication method protects against attacks that modify early boot components, but the level of protection can be affected by potential weaknesses in hardware or in the early boot components. BitLocker’s multifactor authentication methods significantly increase the overall level of data protection. +However, TPM-only authentication method offers the lowest level of data protection. This authentication method protects against attacks that modify early boot components. But, the level of protection can be affected by potential weaknesses in hardware or in the early boot components. BitLocker’s multifactor authentication methods significantly increase the overall level of data protection. **What areas of your organization need a more secure level of data protection?** -If there are areas of your organization where data residing on user computers is considered highly sensitive, consider the best practice of deploying BitLocker with multifactor authentication on those systems. Requiring the user to input a PIN significantly increases the level of protection for the system. You can also use BitLocker Network Unlock to allow these computers to automatically unlock when connected to a trusted wired network that can provide the Network Unlock key. +If there are user computers with highly sensitive data, then deploy BitLocker with multifactor authentication on those systems. Requiring the user to input a PIN significantly increases the level of protection for the system. You can also use BitLocker Network Unlock to allow these computers to automatically unlock when connected to a trusted wired network that can provide the Network Unlock key. **What multifactor authentication method does your organization prefer?** -The protection differences provided by multifactor authentication methods cannot be easily quantified. Consider each authentication method's impact on Helpdesk support, user education, user productivity, and automated systems management processes. +The protection differences provided by multifactor authentication methods can't be easily quantified. Consider each authentication method's impact on Helpdesk support, user education, user productivity, and any automated systems management processes. ## TPM hardware configurations @@ -102,19 +102,19 @@ In your deployment plan, identify what TPM-based hardware platforms will be supp ### TPM 1.2 states and initialization -For TPM 1.2, there are multiple possible states. Windows automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This is the state that BitLocker requires before it can use the TPM. +For TPM 1.2, there are multiple possible states. Windows automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This state is the state that BitLocker requires before it can use the TPM. ### Endorsement keys -For a TPM to be usable by BitLocker, it must contain an endorsement key, which is an RSA key pair. The private half of the key pair is held inside the TPM and is never revealed or accessible outside the TPM. If the TPM does not contain an endorsement key, BitLocker will force the TPM to generate one automatically as part of BitLocker setup. +For a TPM to be usable by BitLocker, it must contain an endorsement key, which is an RSA key pair. The private half of the key pair is held inside the TPM and is never revealed or accessible outside the TPM. If the TPM doesn't have an endorsement key, BitLocker will force the TPM to generate one automatically as part of BitLocker setup. -An endorsement key can be created at various points in the TPM’s lifecycle, but needs to be created only once for the lifetime of the TPM. If an endorsement key does not exist for the TPM, it must be created before TPM ownership can be taken. +An endorsement key can be created at various points in the TPM’s lifecycle, but needs to be created only once for the lifetime of the TPM. If an endorsement key doesn't exist for the TPM, it must be created before TPM ownership can be taken. For more information about the TPM and the TCG, see the Trusted Computing Group: Trusted Platform Module (TPM) Specifications (). ## Non-TPM hardware configurations -Devices that do not include a TPM can still be protected by drive encryption. Windows To Go workspaces can be BitLocker protected using a startup password and PCs without a TPM can use a startup key. +Devices that don't include a TPM can still be protected by drive encryption. Windows To Go workspaces can be BitLocker protected using a startup password and PCs without a TPM can use a startup key. Use the following questions to identify issues that might affect your deployment in a non-TPM configuration: @@ -122,40 +122,40 @@ Use the following questions to identify issues that might affect your deployment - Do you have budget for USB flash drives for each of these computers? - Do your existing non-TPM devices support USB devices at boot time? -Test your individual hardware platforms with the BitLocker system check option while you are enabling BitLocker. The system check will ensure that BitLocker can read the recovery information from a USB device and encryption keys correctly before it encrypts the volume. CD and DVD drives cannot act as a block storage device and cannot be used to store the BitLocker recovery material. +Test your individual hardware platforms with the BitLocker system check option while you're enabling BitLocker. The system check makes sure that BitLocker can read the recovery information from a USB device and encryption keys correctly before it encrypts the volume. CD and DVD drives can't act as a block storage device and can't be used to store the BitLocker recovery material. ## Disk configuration considerations To function correctly, BitLocker requires a specific disk configuration. BitLocker requires two partitions that meet the following requirements: - The operating system partition contains the operating system and its support files; it must be formatted with the NTFS file system -- The system partition (or boot partition) contains the files that are needed to load Windows after the BIOS or UEFI firmware has prepared the system hardware. BitLocker is not enabled on this partition. For BitLocker to work, the system partition must not be encrypted and must be on a different partition than the operating system. On UEFI platforms, the system partition must be formatted with the FAT 32 file system. On BIOS platforms the system partition must be formatted with the NTFS file system. It should be at least 350 MB in size +- The system partition (or boot partition) includes the files needed to load Windows after the BIOS or UEFI firmware has prepared the system hardware. BitLocker isn't enabled on this partition. For BitLocker to work, the system partition must not be encrypted, and must be on a different partition than the operating system. On UEFI platforms, the system partition must be formatted with the FAT 32-file system. On BIOS platforms, the system partition must be formatted with the NTFS file system. It should be at least 350 MB in size. Windows setup will automatically configure the disk drives of your computer to support BitLocker encryption. -Windows Recovery Environment (Windows RE) is an extensible recovery platform that is based on Windows Pre-installation Environment (Windows PE). When the computer fails to start, Windows automatically transitions into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair of an unbootable Windows installation. Windows RE also contains the drivers and tools that are needed to unlock a volume protected by BitLocker by providing a recovery key or recovery password. To use Windows RE in conjunction with BitLocker, the Windows RE boot image must reside on a volume that is not protected by BitLocker. +Windows Recovery Environment (Windows RE) is an extensible recovery platform that is based on Windows Pre-installation Environment (Windows PE). When the computer fails to start, Windows automatically transitions into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair of an unbootable Windows installation. Windows RE also contains the drivers and tools that are needed to unlock a volume protected by BitLocker by providing a recovery key or recovery password. To use Windows RE with BitLocker, the Windows RE boot image must be on a volume that isn't protected by BitLocker. -Windows RE can also be used from boot media other than the local hard disk. If you choose not to install Windows RE on the local hard disk of BitLocker-enabled computers, you can use alternate boot methods, such as Windows Deployment Services, CD-ROM, or USB flash drive, for recovery. +Windows RE can also be used from boot media other than the local hard disk. If you don't install Windows RE on the local hard disk of BitLocker-enabled computers, then you can use different boot methods. For example, you can use Windows Deployment Services, CD-ROM, or USB flash drive for recovery. ## BitLocker provisioning -In Windows Vista and Windows 7, BitLocker was provisioned post installation for system and data volumes through either the manage-bde command line interface or the Control Panel user interface. With newer operating systems, BitLocker can be easily provisioned before the operating system is installed. Preprovisioning requires that the computer have a TPM. +In Windows Vista and Windows 7, BitLocker was provisioned after the installation for system and data volumes. It used the `manage-bde` command line interface or the Control Panel user interface. With newer operating systems, BitLocker can be provisioned before the operating system is installed. Preprovisioning requires the computer have a TPM. -To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet or Windows Explorer. A status of "Waiting For Activation" with a yellow exclamation icon means that the drive was preprovisioned for BitLocker. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not protected and needs to have a secure key added to the volume before the drive is considered fully protected. Administrators can use the control panel options, manage-bde tool, or WMI APIs to add an appropriate key protector and the volume status will be updated. +To check the BitLocker status of a particular volume, administrators can look at the drive status in the BitLocker control panel applet or Windows Explorer. The "Waiting For Activation" status with a yellow exclamation icon means that the drive was preprovisioned for BitLocker. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume isn't protected, and needs to have a secure key added to the volume before the drive is considered fully protected. Administrators can use the control panel options, `manage-bde` tool, or WMI APIs to add an appropriate key protector. The volume status will be updated. -When using the control panel options, administrators can choose to **Turn on BitLocker** and follow the steps in the wizard to add a protector, such as a PIN for an operating system volume (or a password if no TPM exists), or a password or smart card protector to a data volume. Then the drive security window is presented prior to changing the volume status. +When using the control panel options, administrators can choose to **Turn on BitLocker** and follow the steps in the wizard to add a protector, such as a PIN for an operating system volume (or a password if no TPM exists), or a password or smart card protector to a data volume. Then the drive security window is presented before changing the volume status. -Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation Environment (WinPE). This is done with a randomly generated clear key protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. If the encryption uses the Used Disk Space Only option this step takes only a few seconds and so incorporates well into regular deployment processes. +Administrators can enable BitLocker before to operating system deployment from the Windows Pre-installation Environment (WinPE). This step is done with a randomly generated clear key protector applied to the formatted volume. It encrypts the volume before running the Windows setup process. If the encryption uses the Used Disk Space Only option, then this step takes only a few seconds. And, it incorporates into the regular deployment processes. ## Used Disk Space Only encryption The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the new BitLocker Group Policy setting to enforce either Used Disk Space Only or Full disk encryption. -Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, you are asked to choose the drive encryption type, either Used Disk Space Only or Full drive encryption. +Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, you're asked to choose the drive encryption type. Select Used Disk Space Only or Full drive encryption. -Used Disk Space Only means that only the portion of the drive that contains data will be encrypted, unused space will remain unencrypted. This causes the encryption process to be much faster, especially for new PCs and data drives. When BitLocker is enabled with this method as data is added to the drive the portion of the drive used will be encrypted, so there is never unencrypted data stored on the drive. +With Used Disk Space Only, only the portion of the drive that contains data will be encrypted. Unused space will remain unencrypted. This behavior causes the encryption process to be much faster, especially for new PCs and data drives. When BitLocker is enabled with this method, as data is added to the drive, the portion of the drive used is encrypted. So, there's never unencrypted data stored on the drive. -Full drive encryption means that the entire drive will be encrypted, regardless of whether data is stored on it or not. This is useful for drives that have been repurposed and may contain data remnants from their previous use. +With Full drive encryption, the entire drive is encrypted, whether data is stored on it or not. This option is useful for drives that have been repurposed, and may contain data remnants from their previous use. ## Active Directory Domain Services considerations @@ -180,9 +180,9 @@ The following recovery data is saved for each computer object: Functionality introduced in Windows Server 2012 R2 and Windows 8.1, allows BitLocker to be fully functional in FIPS mode. > [!NOTE] -> The United States Federal Information Processing Standard (FIPS) defines security and interoperability requirements for computer systems that are used by the U.S. federal government. The FIPS 140 standard defines approved cryptographic algorithms. The FIPS 140 standard also sets forth requirements for key generation and for key management. The National Institute of Standards and Technology (NIST) uses the Cryptographic Module Validation Program (CMVP) to determine whether a particular implementation of a cryptographic algorithm is compliant with the FIPS 140 standard. An implementation of a cryptographic algorithm is considered FIPS 140-compliant only if it has been submitted for and has passed NIST validation. An algorithm that has not been submitted cannot be considered FIPS-compliant even if the implementation produces identical data as a validated implementation of the same algorithm. +> The United States Federal Information Processing Standard (FIPS) defines security and interoperability requirements for computer systems that are used by the U.S. federal government. The FIPS 140 standard defines approved cryptographic algorithms. The FIPS 140 standard also sets forth requirements for key generation and for key management. The National Institute of Standards and Technology (NIST) uses the Cryptographic Module Validation Program (CMVP) to determine whether a particular implementation of a cryptographic algorithm is compliant with the FIPS 140 standard. An implementation of a cryptographic algorithm is considered FIPS 140-compliant only if it has been submitted for and has passed NIST validation. An algorithm that hasn't been submitted can't be considered FIPS-compliant, even if the implementation produces identical data as a validated implementation of the same algorithm. -Prior to these supported versions of Windows, when Windows was in FIPS mode, BitLocker prevented the creation or use of recovery passwords and instead forced the user to use recovery keys. For more information about these issues, see the support article [kb947249](/troubleshoot/windows-client/windows-security/bitlocker-recovery-password-not-fips-compliant). +Before these supported versions of Windows, when Windows was in FIPS mode, BitLocker prevented the creation or use of recovery passwords and instead forced the user to use recovery keys. For more information about these issues, see the support article [kb947249](/troubleshoot/windows-client/windows-security/bitlocker-recovery-password-not-fips-compliant). But on computers running these supported systems with BitLocker enabled: @@ -194,7 +194,7 @@ But on computers running these supported systems with BitLocker enabled: The BitLocker Group Policy settings for recovery passwords work the same for all Windows versions that support BitLocker, whether in FIPs mode or not. -However, you cannot use recovery passwords generated on a system in FIPS mode for systems earlier than Windows Server 2012 R2 and Windows 8.1. Recovery passwords created on Windows Server 2012 R2 and Windows 8.1 are incompatible with BitLocker on operating systems prior to Windows Server 2012 R2 and Windows 8.1; so recovery keys should be used instead. +On Windows Server 2012 R2 and Windows 8.1 and older, you can't use recovery passwords generated on a system in FIPS mode. Recovery passwords created on Windows Server 2012 R2 and Windows 8.1 are incompatible with BitLocker on operating systems older than Windows Server 2012 R2 and Windows 8.1. So, recovery keys should be used instead. ## More information @@ -203,4 +203,4 @@ However, you cannot use recovery passwords generated on a system in FIPS mode fo - [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) - [BitLocker](bitlocker-overview.md) - [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) -- [BitLocker basic deployment](bitlocker-basic-deployment.md) \ No newline at end of file +- [BitLocker basic deployment](bitlocker-basic-deployment.md) From 4c1ac68713d305ebd30c8aa8e2dae3ac5fea759f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 18:13:02 -0800 Subject: [PATCH 218/335] Acrolinx: ".NET" not ".Net" --- .../app-v/appv-deploying-microsoft-office-2016-with-appv.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index c5900e3088..6899ee3213 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -63,7 +63,7 @@ The computer on which you are installing the Office Deployment Tool must have th | Prerequisite | Description | |----------------------|--------------------| -| Prerequisite software | .Net Framework 4 | +| Prerequisite software | .NET Framework 4 | | Supported operating systems | 64-bit version of Windows 10/11
                      64-bit version of Windows 8 or 8.1
                      64-bit version of Windows 7 | >[!NOTE] From 721b5cf128aefe46a2540d103708b73c6f74cd74 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 18:15:56 -0800 Subject: [PATCH 219/335] Acrolinx: "appllication" and "line of business" as an adjective --- windows/configuration/ue-v/uev-prepare-for-deployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index ef7c732bf1..62045c8277 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -22,7 +22,7 @@ Before you deploy User Experience Virtualization (UE-V), review this topic for i ## Plan your UE-V deployment -With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line of business applications. +With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line-of-business applications. Whether you want to synchronize settings for only default Windows applications or for both Windows and custom applications, you’ll need to first deploy the features required to use UE-V. @@ -120,7 +120,7 @@ UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not s | **Settings group** | **Category** | **Capture** | **Apply** | |--------------------------|----------------|----------------|--------------| -| **Application Settings** | Windows applications | Close appllication
                      Windows application settings change event | Start the UE-V App Monitor at startup
                      Open app
                      Windows application settings change event
                      Arrival of a settings package | +| **Application Settings** | Windows applications | Close application
                      Windows application settings change event | Start the UE-V App Monitor at startup
                      Open app
                      Windows application settings change event
                      Arrival of a settings package | | | Desktop applications | Application closes | Application opens and closes | | **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs | | | Ease of Access (Common – Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on | From 416f861b1ed833f70116027dac55b9efaf224c68 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 20:04:58 -0800 Subject: [PATCH 220/335] Add lightboxes to large images to aid readability --- smb/cloud-mode-business-setup.md | 88 +++++++++---------- ...device-automatically-using-group-policy.md | 28 +++--- .../troubleshoot-stop-errors.md | 4 +- .../troubleshoot-tcpip-rpc-errors.md | 8 +- .../start-layout-troubleshoot.md | 4 +- .../ue-v/uev-prepare-for-deployment.md | 2 +- 6 files changed, 67 insertions(+), 67 deletions(-) diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index 4dcd276e03..29048c501c 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -79,7 +79,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 2** - Microsoft 365 admin center - ![Opens the Microsoft 365 admin center.](images/office365_portal.png) + :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png" lightbox="images/office365_portal.png"::: 6. Select the **Admin** tile to go to the admin center. @@ -89,7 +89,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 3** - Admin center - ![Complete the Office 365 setup in the Microsoft 365 admin center.](images/office365_admin_portal.png) + :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png" lightbox="images/office365_admin_portal.png"::: 8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain. @@ -97,14 +97,14 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 4** - Option to add or buy a domain - ![Add or buy a domain in admin center.](images/office365_buy_domain.png) + :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png" lightbox="images/office365_buy_domain.png"::: 2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`. **Figure 5** - Microsoft-provided domain - ![Microsoft-provided domain.](images/office365_ms_provided_domain.png) + :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png" lightbox="images/office365_ms_provided_domain.png"::: - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain. - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order. @@ -113,7 +113,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 6** - Domains - ![Verify your domains in the admin center.](images/office365_additional_domain.png) + :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png" lightbox="images/office365_additional_domain.png"::: ### 1.2 Add users and assign product licenses Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center. @@ -126,7 +126,7 @@ When adding users, you can also assign admin privileges to certain users in your **Figure 7** - Add users - ![Add Office 365 users.](images/office365_users.png) + :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png" lightbox="images/office365_users.png"::: 2. In the **Home > Active users** page, add users individually or in bulk. - To add users one at a time, select **+ Add a user**. @@ -135,7 +135,7 @@ When adding users, you can also assign admin privileges to certain users in your **Figure 8** - Add an individual user - ![Add an individual user.](images/office365_add_individual_user.png) + :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png" lightbox="images/office365_add_individual_user.png"::: - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users. @@ -143,13 +143,13 @@ When adding users, you can also assign admin privileges to certain users in your **Figure 9** - Import multiple users - ![Import multiple users.](images/office365_import_multiple_users.png) + :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png" lightbox="images/office365_import_multiple_users.png"::: 3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them. **Figure 10** - List of active users - ![Verify users and assigned product licenses.](images/o365_active_users.png) + :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png" lightbox="images/o365_active_users.png"::: ### 1.3 Add Microsoft Intune Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune). @@ -163,14 +163,14 @@ Microsoft Intune provides mobile device management, app management, and PC manag **Figure 11** - Assign Intune licenses - ![Assign Microsoft Intune licenses to users.](images/o365_assign_intune_license.png) + :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png" lightbox="images/o365_assign_intune_license.png"::: 5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again. 6. Select **Intune**. This step opens the Endpoint Manager admin center. **Figure 12** - Microsoft Intune management portal - ![Microsoft Intune management portal.](images/intune_portal_home.png) + :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png" lightbox="images/intune_portal_home.png"::: Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution). @@ -188,21 +188,21 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick **Figure 13** - Access to Azure AD is not available - ![Access to Azure AD not available.](images/azure_ad_access_not_available.png) + :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png" lightbox="images/azure_ad_access_not_available.png"::: 3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365. 4. Select **Azure subscription**. This step will take you to a free trial sign up screen. **Figure 14** - Sign up for Microsoft Azure - ![Sign up for Microsoft Azure.](images/azure_ad_sign_up_screen.png) + :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png" lightbox="images/azure_ad_sign_up_screen.png"::: 5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**. 6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**. **Figure 15** - Start managing your Azure subscription - ![Start managing your Azure subscription.](images/azure_ad_successful_signup.png) + :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png" lightbox="images/azure_ad_successful_signup.png"::: This step will take you to the [Microsoft Azure portal](https://portal.azure.com). @@ -219,26 +219,26 @@ To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure. **Figure 16** - Azure first sign-in screen - ![Select Azure AD.](images/azure_portal_classic_configure_directory.png) + :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png" lightbox="images/azure_portal_classic_configure_directory.png"::: 2. Select the directory (such as Fabrikam Design) to go to the directory's home page. **Figure 17** - Directory home page - ![Directory home page.](images/azure_portal_classic_directory_ready.png) + :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png" lightbox="images/azure_portal_classic_directory_ready.png"::: 3. From the menu options on top, select **Groups**. **Figure 18** - Azure AD groups - ![Add groups in Azure AD.](images/azure_portal_classic_groups.png) + :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png" lightbox="images/azure_portal_classic_groups.png"::: 4. Select **Add a group** (from the top) or **Add group** at the bottom. 5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list. **Figure 19** - Newly added group in Azure AD - ![Verify the new group appears on the list.](images/azure_portal_classic_all_users_group.png) + :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png" lightbox="images/azure_portal_classic_all_users_group.png"::: 6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes. @@ -246,7 +246,7 @@ To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure. **Figure 20** - Members in the new group - ![Members added to the new group.](images/azure_portal_classic_members_added.png) + :::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png" lightbox="images/azure_portal_classic_members_added.png"::: 7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on. @@ -266,14 +266,14 @@ You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://b **Figure 21** - List of applications for your company - ![List of applications for your company.](images/azure_portal_classic_applications.png) + :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png" lightbox="images/azure_portal_classic_applications.png"::: 2. Select **Microsoft Intune** to configure the application. 3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune. **Figure 22** - Configure Microsoft Intune in Azure - ![Configure Microsoft Intune in Azure.](images/azure_portal_classic_configure_intune_app.png) + :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png" lightbox="images/azure_portal_classic_configure_intune_app.png"::: 4. In the Microsoft Intune configuration page: - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance. @@ -292,7 +292,7 @@ You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://b **Figure 23** - Configure Microsoft Intune - ![Configure automatic MDM enrollment with Intune.](images/azure_portal_classic_configure_intune_mdm_enrollment.png) + :::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png" lightbox="images/azure_portal_classic_configure_intune_mdm_enrollment.png"::: ### 1.7 Configure Microsoft Store for Business for app distribution Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune. @@ -306,7 +306,7 @@ In this part of the walkthrough, use the [Microsoft Endpoint Manager admin cente **Figure 24** - Mobile device management - ![Set up mobile device management in Intune.](images/intune_admin_mdm_configure.png) + :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png" lightbox="images/intune_admin_mdm_configure.png"::: 3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune. 4. Accept the EULA. @@ -315,20 +315,20 @@ In this part of the walkthrough, use the [Microsoft Endpoint Manager admin cente **Figure 25** - Activate Intune as the Store management tool - ![Activate Intune from the Store portal.](images/wsfb_management_tools_activate.png) + :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png" lightbox="images/wsfb_management_tools_activate.png"::: 7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. 8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune. **Figure 26** - Configure Store for Business sync in Intune - ![Configure Store for Business sync in Intune.](images/intune_admin_mdm_store_sync.png) + :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png" lightbox="images/intune_admin_mdm_store_sync.png"::: 9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**. **Figure 27** - Enable Microsoft Store for Business sync in Intune - ![Enable Store for Business sync in Intune.](images/intune_configure_store_app_sync_dialog.png) + :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png" lightbox="images/intune_configure_store_app_sync_dialog.png"::: The **Microsoft Store for Business** page will refresh and it will show the details from the sync. @@ -351,7 +351,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S **Figure 28** - Shop for Store apps - ![Shop for Store apps.](images/wsfb_shop_microsoft_apps.png) + :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png" lightbox="images/wsfb_shop_microsoft_apps.png"::: 2. Click to select an app, such as **Reader**. This opens the app page. 3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page. @@ -361,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S **Figure 29** - App inventory shows the purchased apps - ![Confirm that your inventory shows purchased apps.](images/wsfb_manage_inventory_newapps.png) + :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png" lightbox="images/wsfb_manage_inventory_newapps.png"::: > [!NOTE] > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync). @@ -375,7 +375,7 @@ If you need to sync your most recently purchased apps and have it appear in your **Figure 30** - Force a sync in Intune - ![Force a sync in Intune.](images/intune_admin_mdm_forcesync.png) + :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png" lightbox="images/intune_admin_mdm_forcesync.png"::: **To view purchased apps** - In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. @@ -396,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi **Figure 31** - First screen in Windows device setup - ![First screen in Windows device setup.](images/win10_hithere.png) + :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png" lightbox="images/win10_hithere.png"::: > [!NOTE] > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection. @@ -406,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi **Figure 32** - Choose how you'll connect your Windows device - ![Choose how you'll connect the Windows device.](images/win10_choosehowtoconnect.png) + :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png" lightbox="images/win10_choosehowtoconnect.png"::: 4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts. **Figure 33** - Sign in using one of the accounts you added - ![Sign in using one of the accounts you added.](images/win10_signin_admin_account.png) + :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png" lightbox="images/win10_signin_admin_account.png"::: 5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup. @@ -433,7 +433,7 @@ In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink **Figure 34** - Check the PC name on your device - ![Check the PC name on your device.](images/win10_settings_pcname.png) + :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png" lightbox="images/win10_settings_pcname.png"::: 2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 3. Select **Groups** and then go to **Devices**. @@ -444,7 +444,7 @@ In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink **Figure 35** - Check that the device appears in Intune - ![Check that the device appears in Intune.](images/intune_groups_devices_list.png) + :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png" lightbox="images/intune_groups_devices_list.png"::: ## 3. Manage device settings and features You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). @@ -463,7 +463,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 36** - Reconfigure an app's deployment setting in Intune - ![Reconfigure app deployment settings in Intune.](images/intune_apps_deploymentaction.png) + :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png" lightbox="images/intune_apps_deploymentaction.png"::: 6. Click **Finish**. 7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible. @@ -473,7 +473,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 37** - Confirm that additional apps were deployed to the device - ![Confirm that additional apps were deployed to the device.](images/win10_deploy_apps_immediately.png) + :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png" lightbox="images/win10_deploy_apps_immediately.png"::: ### 3.2 Configure other settings in Intune @@ -489,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 38** - Add a configuration policy - ![Add a configuration policy.](images/intune_policy_disablecamera.png) + :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png" lightbox="images/intune_policy_disablecamera.png"::: 7. Click **Save Policy**. A confirmation window will pop up. 8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now. @@ -498,7 +498,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 39** - The new policy should appear in the **Policies** list. - ![New policy appears on the list.](images/intune_policies_newpolicy_deployed.png) + :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png" lightbox="images/intune_policies_newpolicy_deployed.png"::: **To turn off Windows Hello and PINs during device setup** 1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). @@ -507,7 +507,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 40** - Policy to disable Windows Hello for Business - ![Disable Windows Hello for Business.](images/intune_policy_disable_windowshello.png) + :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png" lightbox="images/intune_policy_disable_windowshello.png"::: 4. Click **Save**. @@ -534,32 +534,32 @@ For other devices, such as those personally-owned by employees who need to conne **Figure 41** - Add an Azure AD account to the device - ![Add an Azure AD account to the device.](images/win10_add_new_user_join_aad.png) + :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png" lightbox="images/win10_add_new_user_join_aad.png"::: 4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user. **Figure 42** - Enter the account details - ![Enter the account details.](images/win10_add_new_user_account_aadwork.png) + :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png" lightbox="images/win10_add_new_user_account_aadwork.png"::: 5. You will be asked to update the password so enter a new password. 6. Verify the details to make sure you're connecting to the right organization and then click **Join**. **Figure 43** - Make sure this is your organization - ![Make sure this is your organization.](images/win10_confirm_organization_details.png) + :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png" lightbox="images/win10_confirm_organization_details.png"::: 7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**. **Figure 44** - Confirmation that the device is now connected - ![Confirmation that the device is now connected.](images/win10_confirm_device_connected_to_org.png) + :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png" lightbox="images/win10_confirm_device_connected_to_org.png"::: 8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources. **Figure 45** - Device is now enrolled in Azure AD - ![Device is enrolled in Azure AD.](images/win10_device_enrolled_in_aad.png) + :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png" lightbox="images/win10_device_enrolled_in_aad.png"::: 9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index b98c833fba..c77b8f6df6 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -49,9 +49,10 @@ For this policy to work, you must verify that the MDM service provider allows th ## Verify auto-enrollment requirements and settings To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly. The following steps demonstrate required settings using the Intune service: + 1. Verify that the user who is going to enroll the device has a valid Intune license. - ![Intune license verification.](images/auto-enrollment-intune-license-verification.png) + :::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png"::: 2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). @@ -83,7 +84,7 @@ The following steps demonstrate required settings using the Intune service: 6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**. - ![Mobility setting MDM intune.](images/auto-enrollment-microsoft-intune-setting.png) + :::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png"::: 7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune. You may contact your domain administrators to verify if the group policy has been deployed successfully. @@ -92,7 +93,7 @@ You may contact your domain administrators to verify if the group policy has bee 9. Verify that Microsoft Intune should allow enrollment of Windows devices. - ![Enrollment of Windows devices.](images/auto-enrollment-enrollment-of-windows-devices.png) + :::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png"::: ## Configure the auto-enrollment Group Policy for a single PC @@ -113,12 +114,11 @@ Requirements: 3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**. - > [!div class="mx-imgBorder"] - > ![MDM policies.](images/autoenrollment-mdm-policies.png) + :::image type="content" alt-text="MDM policies." source="images/autoenrollment-mdm-policies.png" lightbox="images/autoenrollment-mdm-policies.png"::: 4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use. - ![MDM autoenrollment policy.](images/autoenrollment-policy.png) + :::image type="content" alt-text="MDM autoenrollment policy." source="images/autoenrollment-policy.png" lightbox="images/autoenrollment-policy.png"::: 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. @@ -159,7 +159,7 @@ Requirements: 3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**. - ![Auto-enrollment scheduled task.](images/autoenrollment-scheduled-task.png) + :::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png"::: To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab. @@ -249,13 +249,13 @@ To collect Event Viewer logs: 3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully: - ![Event ID 75.](images/auto-enrollment-troubleshooting-event-id-75.png) + :::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png"::: If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons: - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed: - ![Event ID 76.](images/auto-enrollment-troubleshooting-event-id-76.png) + :::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png"::: To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors) for more information. @@ -263,7 +263,7 @@ To collect Event Viewer logs: The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot: - ![Task scheduler.](images/auto-enrollment-task-scheduler.png) + :::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png"::: > [!Note] > This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task. @@ -272,24 +272,24 @@ To collect Event Viewer logs: **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107. - ![Event ID 107.](images/auto-enrollment-event-id-107.png) + :::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png"::: When the task is completed, a new event ID 102 is logged. - ![Event ID 102.](images/auto-enrollment-event-id-102.png) + :::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png"::: Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment. If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required. One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen: - ![Outdated enrollment entries.](images/auto-enrollment-outdated-enrollment-entries.png) + :::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png"::: By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016. A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot: - ![Manually deleted entries.](images/auto-enrollment-activation-verification-less-entries.png) + :::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png"::: ### Related topics diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 35bd948c1e..cc92de3f11 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -169,13 +169,13 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols 6. Click on **Open Crash Dump**, and then open the memory.dmp file that you copied. See the example below. - ![WinDbg img.](images/windbg.png) + :::image type="content" alt-text="WinDbg img." source="images/windbg.png" lightbox="images/windbg.png"::: 7. There should be a link that says **!analyze -v** under **Bugcheck Analysis**. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page. 8. A detailed bugcheck analysis will appear. See the example below. - ![Bugcheck analysis.](images/bugcheck-analysis.png) + :::image type="content" alt-text="Bugcheck analysis." source="images/bugcheck-analysis.png" lightbox="images/bugcheck-analysis.png"::: 9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL. diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index 5a6d7c05e5..7185b6660f 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -38,7 +38,7 @@ Before getting in to troubleshooting the *RPC server unavailable- error Client A wants to execute some functions or wants to make use of a service running on the remote server, will first establish the connection with the Remote Server by doing a three-way handshake. -![Diagram illustrating connection to remote server.](images/rpc-flow.png) +:::image type="content" alt-text="Diagram illustrating connection to remote server." source="images/rpc-flow.png" lightbox="images/rpc-flow.png"::: RPC ports can be given from a specific range as well. ### Configure RPC dynamic port allocation @@ -163,13 +163,13 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md) - Now check if you are getting a response from the server. If you get a response, note the dynamic port number that you have been allocated to use. - ![Screenshot of Network Monitor with dynamic port highlighted.](images/tcp-ts-23.png) + :::image type="content" alt-text="Screenshot of Network Monitor with dynamic port highlighted." source="images/tcp-ts-23.png" lightbox="images/tcp-ts-23.png"::: - Check if we are connecting successfully to this Dynamic port successfully. - The filter should be something like this: `tcp.port==` and `ipv4.address==` - ![Screenshot of Network Monitor with filter applied.](images/tcp-ts-24.png) + :::image type="content" alt-text="Screenshot of Network Monitor with filter applied." source="images/tcp-ts-24.png" lightbox="images/tcp-ts-24.png"::: This should help you verify the connectivity and isolate if any network issues are seen. @@ -178,7 +178,7 @@ This should help you verify the connectivity and isolate if any network issues a The most common reason why we would see the RPC server unavailable is when the dynamic port that the client tries to connect is not reachable. The client side trace would then show TCP SYN retransmits for the dynamic port. -![Screenshot of Network Monitor with TCP SYN retransmits.](images/tcp-ts-25.png) +:::image type="content" alt-text="Screenshot of Network Monitor with TCP SYN retransmits." source="images/tcp-ts-25.png" lightbox="images/tcp-ts-25.png"::: The port cannot be reachable due to one of the following reasons: diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index 9de660229c..b6a8fb09d3 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -43,7 +43,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window - `get-AppXPackage -Name Microsoft.Windows.ShellExperienceHost` - `get-AppXPackage -Name Microsoft.Windows.Cortana` - ![Example of output from cmdlets.](images/start-ts-1.png) + :::image type="content" alt-text="Example of output from cmdlets." source="images/start-ts-1.png" lightbox="images/start-ts-1.png"::: Failure messages will appear if they aren't installed @@ -189,7 +189,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded ### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted -![Screenshots that show download icons on app tiles and missing app tiles.](images/start-ts-2.png) +:::image type="content" alt-text="Screenshots that show download icons on app tiles and missing app tiles." source="images/start-ts-2.png" lightbox="images/start-ts-2.png"::: **Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps. diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 62045c8277..b44c774966 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -44,7 +44,7 @@ If you want to use UE-V to synchronize user-defined settings for custom applicat The workflow diagram below illustrates a typical UE-V deployment and the decisions you need to be prepared to make. -![UE-V deployment preparation.](images/uev-deployment-preparation.png) +:::image type="content" alt-text="UE-V deployment preparation." source="images/uev-deployment-preparation.png"::: INACTIVE (1) [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming - +``` > [!NOTE] > In the next to last line the SecMgr transition is suddenly deactivating:
                      @@ -182,7 +182,7 @@ Authenticating to State: Roaming Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition: -
                      +```console
 [3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Associating to State: Authenticating
 [1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -196,7 +196,7 @@ Associating to State: Authenticating
  [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Authenticating to State: Roaming
-
                      +``` The trail backwards reveals a **Port Down** notification: @@ -208,7 +208,7 @@ Below, the MSM is the native wifi stack. These are Windows native wifi drivers w Enable trace filter for **[Microsoft-Windows-NWifi]:** -
                      +```console
 [3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Associating to State: Authenticating
 [1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -222,12 +222,14 @@ Associating to State: Authenticating
 [2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
  [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
-Authenticating to State: Roaming
                      +Authenticating to State: Roaming +``` In the trace above, we see the line: -
                      -[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
                      +```console +[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4 +``` This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP. @@ -238,7 +240,7 @@ This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disas ## Example ETW capture -
                      +```console
 C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
 
 Trace configuration:
@@ -279,7 +281,7 @@ C:\tmp>dir
 01/09/2019  02:59 PM         2,786,540 wireless.txt
                3 File(s)     10,395,004 bytes
                2 Dir(s)  46,648,332,288 bytes free
-
                      +``` ## Wifi filter file diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index 7185b6660f..6601c0c57d 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -110,13 +110,13 @@ If you would like to do a deep dive as to how it works, see [RPC over IT/Pro](ht The best thing to always troubleshoot RPC issues before even getting in to traces is by making use of tools like **PortQry**. You can quickly determine if you are able to make a connection by running the command: -```cmd +```console Portqry.exe -n -e 135 ``` This would give you a lot of output to look for, but you should be looking for *ip_tcp- and the port number in the brackets, which tells whether you were successfully able to get a dynamic port from EPM and also make a connection to it. If the above fails, you can typically start collecting simultaneous network traces. Something like this from the output of “PortQry”: -```cmd +```console Portqry.exe -n 169.254.0.2 -e 135 ``` Partial output below: @@ -141,17 +141,20 @@ The one in bold is the ephemeral port number that you made a connection to succe You can run the commands below to leverage Windows inbuilt netsh captures, to collect a simultaneous trace. Remember to execute the below on an “Admin CMD”, it requires elevation. - On the client - ```cmd + + ```console Netsh trace start scenario=netconnection capture=yes tracefile=c:\client_nettrace.etl maxsize=512 overwrite=yes report=yes ``` - On the Server - ```cmd + + ```console Netsh trace start scenario=netconnection capture=yes tracefile=c:\server_nettrace.etl maxsize=512 overwrite=yes report=yes ``` Now try to reproduce your issue from the client machine and as soon as you feel the issue has been reproduced, go ahead and stop the traces using the command -```cmd + +```console Netsh trace stop ``` diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 73e66f7e52..9d73bacae3 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -158,17 +158,17 @@ Learn how to use Dumpchk.exe to check your dump files: You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator: -```cmd +```console Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00 ``` -```cmd +```console Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10 ``` Then, you can start or stop the log by running the following commands: -```cmd +```console logman start LOGNAME_Long / LOGNAME_Short logman stop LOGNAME_Long / LOGNAME_Short ``` diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index b6a8fb09d3..68c2141629 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -295,7 +295,7 @@ Additionally, users may see blank tiles if sign-in was attempted without network - Open a command prompt, and run the following command: -``` +```console C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache ``` From d1b1484e6b740cf6251a00312b6b0e7b0805cb79 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Tue, 14 Dec 2021 10:02:29 +0530 Subject: [PATCH 222/335] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index e17985f888..51e1e17495 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -16,7 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -ms.date: 12/10/2021 +ms.date: 12/14/2021 ms.technology: privacy --- @@ -1725,7 +1725,7 @@ In Group Policy, configure: ### 25. Personalized Experiences -Personalized experiences provide features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. Example features include Windows Spotlight and Start Suggestions. You can control them by using the Group Policy. +Personalized experiences provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. Example features include Windows Spotlight and Start Suggestions. You can control them by using the Group Policy. > [!NOTE] > This excludes how individual experiences (e.g., Windows Spotlight) can be controlled by users in Windows Settings. From fe600aa142a1a6a1a31ea1ec734fa4cd8b528891 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 20:44:32 -0800 Subject: [PATCH 223/335] Correct alert styles --- .../ue-v/uev-prepare-for-deployment.md | 52 ++++++++++--------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index b44c774966..4ea6381b6f 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -115,8 +115,8 @@ UE-V includes settings location templates that capture settings values for these | Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled | | Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, additional clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled | ->**Important** -UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions. +> [!IMPORTANT] +> UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions. | **Settings group** | **Category** | **Capture** | **Apply** | |--------------------------|----------------|----------------|--------------| @@ -133,8 +133,8 @@ For Windows applications, the application developer specifies which user setting To display a list of Windows applications that can synchronize settings with their package family name, enabled status, and enabled source, open a Windows PowerShell window, type Get-UevAppxPackage, and press ENTER. ->**Note** -Starting in Windows 10, version 1607, you can configure UE-V to not synchronize Windows applications settings if the device is configured to use Enterprise State Roaming. +> [!NOTE] +> Starting in Windows 10, version 1607, you can configure UE-V to not synchronize Windows applications settings if the device is configured to use Enterprise State Roaming. ### UE-V-support for roaming printers @@ -148,8 +148,8 @@ Printer roaming in UE-V requires one of these scenarios: - The printer driver can be imported from Windows Update. ->**Note** -The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided. +> [!NOTE] +> The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided. ### Determine whether you need settings synchronized for other applications @@ -201,8 +201,8 @@ You should also consider these things when you are preparing to deploy UE-V: Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid re-entering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V. -**Important** -Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization after you enable the UE-V service to implement this feature. +> [!IMPORTANT] +> Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization after you enable the UE-V service to implement this feature. UE-V can synchronize enterprise credentials, but does not roam credentials intended only for use on the local device. @@ -210,20 +210,24 @@ Credentials are synchronous settings, meaning that they are applied to users' pr Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings. ->**Important** -If you are using Active Directory Credential Roaming in your environment, we recommend that you do not enable the UE-V credential roaming template. Instead, use PowerShell or Group Policy to enable credentials synchronization. Note that credentials are encrypted during synchronization. +> [!IMPORTANT] +> If you are using Active Directory Credential Roaming in your environment, we recommend that you do not enable the UE-V credential roaming template. Instead, use PowerShell or Group Policy to enable credentials synchronization. Note that credentials are encrypted during synchronization. [PowerShell](uev-administering-uev-with-windows-powershell-and-wmi.md)**:** Enter this PowerShell cmdlet to enable credential synchronization: -`Enable-UevTemplate RoamingCredentialSettings` +```powershell +Enable-UevTemplate RoamingCredentialSettings -`Copy` +Copy +``` Use this PowerShell cmdlet to disable credential synchronization: -`Disable-UevTemplate RoamingCredentialSettings` +```powershell +Disable-UevTemplate RoamingCredentialSettings -`Copy` +Copy +``` @@ -335,10 +339,10 @@ Before you proceed, ensure that your environment meets these requirements for us | Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | | Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | -**Note** -- Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. - -- The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. +> [!NOTE] +> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. +> +> - The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. There are no special random access memory (RAM) requirements specific to UE-V. @@ -368,19 +372,19 @@ Enable this configuration using one of these methods: Restart the device to allow the settings to synchronize. -- >**Note** - These methods do not work for pooled virtual desktop infrastructure (VDI) environments. +> [!NOTE] +> These methods do not work for pooled virtual desktop infrastructure (VDI) environments. ->**Note** -If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path. +> [!NOTE] +> If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path. **Synchronization for external sync engines** The *SyncMethod=External* parameter specifies that if UE-V settings are written to a local folder on the user device, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different devices that users access. **Support for shared VDI sessions** UE-V supports VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. ->**Note** -If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](uev-manage-administrative-backup-and-restore.md). +> [!NOTE] +> If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](uev-manage-administrative-backup-and-restore.md). The VDI template is provided with UE-V and is typically available here after installation: C:\ProgramData\Microsoft\UEV\InboxTemplates From 53ed3d6cff2f5185f2f516f9e818ca94c7ffc90e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 20:59:52 -0800 Subject: [PATCH 224/335] Correct font weight of table headings Table headings are bold by default. Adding formatting for bold results in a lighter weight font than is standard on the platform. --- ...ed-troubleshooting-wireless-network-connectivity.md | 3 +-- .../configuration/ue-v/uev-prepare-for-deployment.md | 10 +++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index c773ad40ec..da66ca39d0 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -37,9 +37,8 @@ It is important to understand the different Wi-Fi components involved, their exp The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem. ### Known Issues and fixes -** ** -| **OS version** | **Fixed in** | +| OS version | Fixed in | | --- | --- | | **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) | | **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) | diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 4ea6381b6f..f7d383dd5d 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -92,7 +92,7 @@ For downloadable UE-V templates, see: When you enable the UE-V service on user devices, it registers a default group of settings location templates that capture settings values for these common Microsoft applications. -| **Application category** | **Description** | +| Application category | Description | |-----------------------------|-------------------| | Microsoft Office 2016 applications
                      [Download a list of all settings synced](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8) | Microsoft Access 2016
                      Microsoft Lync 2016
                      Microsoft Excel 2016
                      Microsoft OneNote 2016
                      Microsoft Outlook 2016
                      Microsoft PowerPoint 2016
                      Microsoft Project 2016
                      Microsoft Publisher 2016
                      Microsoft SharePoint Designer 2013 (not updated for 2016)
                      Microsoft Visio 2016
                      Microsoft Word 2016
                      Microsoft Office Upload Manager
                      Microsoft Infopath has been removed (deprecated) from the Office 2016 suite | | Microsoft Office 2013 applications
                      [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013
                      Microsoft Excel 2013
                      Microsoft Outlook 2013
                      Microsoft Access 2013
                      Microsoft Project 2013
                      Microsoft PowerPoint 2013
                      Microsoft Publisher 2013
                      Microsoft Visio 2013
                      Microsoft InfoPath 2013
                      Microsoft Lync 2013
                      Microsoft OneNote 2013
                      Microsoft SharePoint Designer 2013
                      Microsoft Office 2013 Upload Center
                      Microsoft OneDrive for Business 2013 @@ -109,7 +109,7 @@ UE-V does not synchronize settings between the Microsoft Calculator in Windows 1 UE-V includes settings location templates that capture settings values for these Windows settings. -| **Windows settings** | **Description** | **Apply on** | **Export on** | **Default state** | +| Windows settings | Description | Apply on | Export on | Default state | |----------------------|-----------------|--------------|---------------|-------------------| | Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled | | Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled | @@ -118,7 +118,7 @@ UE-V includes settings location templates that capture settings values for these > [!IMPORTANT] > UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions. -| **Settings group** | **Category** | **Capture** | **Apply** | +| Settings group | Category | Capture | Apply | |--------------------------|----------------|----------------|--------------| | **Application Settings** | Windows applications | Close application
                      Windows application settings change event | Start the UE-V App Monitor at startup
                      Open app
                      Windows application settings change event
                      Arrival of a settings package | | | Desktop applications | Application closes | Application opens and closes | @@ -169,7 +169,7 @@ In general, you can synchronize settings that meet the following criteria: If you’ve decided that you need to synchronize settings for custom applications, use this checklist to determine which applications you’ll include. -|   | **Description** | +|   | Description | |-------|--------------------------| | ![Checklist box.](images/uev-checklist-box.gif) | Does this application contain settings that the user can customize? | | ![Checklist box.](images/uev-checklist-box.gif) | Is it important for the user that these settings are synchronized? | @@ -333,7 +333,7 @@ Computers that run the UE-V service must use a time server to maintain a consist Before you proceed, ensure that your environment meets these requirements for using UE-V. -| **Operating system** | **Edition** | **Service pack** | **System architecture** | **Windows PowerShell** | **Microsoft .NET Framework** | +| Operating system | Edition | Service pack | System architecture | Windows PowerShell | Microsoft .NET Framework | |--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------| | Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | | Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | From 0ebef322b8f590c5e77cd8a0a983da3fd570367a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 21:18:18 -0800 Subject: [PATCH 225/335] Miscellaneous fixes --- ...-troubleshooting-wireless-network-connectivity.md | 10 +++++----- windows/configuration/start-layout-troubleshoot.md | 2 +- .../configuration/ue-v/uev-prepare-for-deployment.md | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index da66ca39d0..49d26516fa 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -104,15 +104,15 @@ The wifi connection state machine has the following states: Standard wifi connections tend to transition between states such as: -**Connecting** +- Connecting -Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected + Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected -**Disconnecting** +- Disconnecting -Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset + Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset ->Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article. +Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article. Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page. diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index 68c2141629..000d733a4e 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -293,7 +293,7 @@ Additionally, users may see blank tiles if sign-in was attempted without network >[!Note] >Corruption recovery removes any manual pins from Start. Apps should still be visible, but you’ll need to re-pin any secondary tiles and/or pin app tiles to the main Start view. Aps that you have installed that are completely missing from “all apps” is unexpected, however. That implies the re-registration didn’t work. -- Open a command prompt, and run the following command: +Open a command prompt, and run the following command: ```console C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index f7d383dd5d..31455009a3 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -100,10 +100,10 @@ When you enable the UE-V service on user devices, it registers a default group o | Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars.
                      **Note**
                      UE-V does not roam settings for Internet Explorer cookies. | | Windows accessories | Microsoft NotePad, WordPad | -**Notes** -An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization. - -UE-V does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems. +> [!NOTE] +> - An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization. +> +> - UE-V does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems. ### Windows settings synchronized by default @@ -340,9 +340,9 @@ Before you proceed, ensure that your environment meets these requirements for us | Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | > [!NOTE] -> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. +> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. > -> - The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. +> - The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. There are no special random access memory (RAM) requirements specific to UE-V. From 1f27ea98635e524d56d153e5cacc2fc78be6db66 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 13 Dec 2021 21:32:39 -0800 Subject: [PATCH 226/335] Remove lightbox from images Most of these images aren't large enough to benefit from the enlarged view. --- smb/cloud-mode-business-setup.md | 88 ++++++++++++++++---------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index 29048c501c..67a2d8f5cb 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -79,7 +79,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 2** - Microsoft 365 admin center - :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png" lightbox="images/office365_portal.png"::: + :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png"::: 6. Select the **Admin** tile to go to the admin center. @@ -89,7 +89,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 3** - Admin center - :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png" lightbox="images/office365_admin_portal.png"::: + :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png"::: 8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain. @@ -97,14 +97,14 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 4** - Option to add or buy a domain - :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png" lightbox="images/office365_buy_domain.png"::: + :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png"::: 2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`. **Figure 5** - Microsoft-provided domain - :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png" lightbox="images/office365_ms_provided_domain.png"::: + :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png"::: - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain. - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order. @@ -113,7 +113,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 6** - Domains - :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png" lightbox="images/office365_additional_domain.png"::: + :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png"::: ### 1.2 Add users and assign product licenses Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center. @@ -126,7 +126,7 @@ When adding users, you can also assign admin privileges to certain users in your **Figure 7** - Add users - :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png" lightbox="images/office365_users.png"::: + :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png"::: 2. In the **Home > Active users** page, add users individually or in bulk. - To add users one at a time, select **+ Add a user**. @@ -135,7 +135,7 @@ When adding users, you can also assign admin privileges to certain users in your **Figure 8** - Add an individual user - :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png" lightbox="images/office365_add_individual_user.png"::: + :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png"::: - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users. @@ -143,13 +143,13 @@ When adding users, you can also assign admin privileges to certain users in your **Figure 9** - Import multiple users - :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png" lightbox="images/office365_import_multiple_users.png"::: + :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png"::: 3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them. **Figure 10** - List of active users - :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png" lightbox="images/o365_active_users.png"::: + :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png"::: ### 1.3 Add Microsoft Intune Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune). @@ -163,14 +163,14 @@ Microsoft Intune provides mobile device management, app management, and PC manag **Figure 11** - Assign Intune licenses - :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png" lightbox="images/o365_assign_intune_license.png"::: + :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png"::: 5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again. 6. Select **Intune**. This step opens the Endpoint Manager admin center. **Figure 12** - Microsoft Intune management portal - :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png" lightbox="images/intune_portal_home.png"::: + :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png"::: Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution). @@ -188,21 +188,21 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick **Figure 13** - Access to Azure AD is not available - :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png" lightbox="images/azure_ad_access_not_available.png"::: + :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png"::: 3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365. 4. Select **Azure subscription**. This step will take you to a free trial sign up screen. **Figure 14** - Sign up for Microsoft Azure - :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png" lightbox="images/azure_ad_sign_up_screen.png"::: + :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png"::: 5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**. 6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**. **Figure 15** - Start managing your Azure subscription - :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png" lightbox="images/azure_ad_successful_signup.png"::: + :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png"::: This step will take you to the [Microsoft Azure portal](https://portal.azure.com). @@ -219,26 +219,26 @@ To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure. **Figure 16** - Azure first sign-in screen - :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png" lightbox="images/azure_portal_classic_configure_directory.png"::: + :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png"::: 2. Select the directory (such as Fabrikam Design) to go to the directory's home page. **Figure 17** - Directory home page - :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png" lightbox="images/azure_portal_classic_directory_ready.png"::: + :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png"::: 3. From the menu options on top, select **Groups**. **Figure 18** - Azure AD groups - :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png" lightbox="images/azure_portal_classic_groups.png"::: + :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png"::: 4. Select **Add a group** (from the top) or **Add group** at the bottom. 5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list. **Figure 19** - Newly added group in Azure AD - :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png" lightbox="images/azure_portal_classic_all_users_group.png"::: + :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png"::: 6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes. @@ -246,7 +246,7 @@ To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure. **Figure 20** - Members in the new group - :::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png" lightbox="images/azure_portal_classic_members_added.png"::: + :::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png"::: 7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on. @@ -266,14 +266,14 @@ You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://b **Figure 21** - List of applications for your company - :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png" lightbox="images/azure_portal_classic_applications.png"::: + :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png"::: 2. Select **Microsoft Intune** to configure the application. 3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune. **Figure 22** - Configure Microsoft Intune in Azure - :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png" lightbox="images/azure_portal_classic_configure_intune_app.png"::: + :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png"::: 4. In the Microsoft Intune configuration page: - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance. @@ -292,7 +292,7 @@ You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://b **Figure 23** - Configure Microsoft Intune - :::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png" lightbox="images/azure_portal_classic_configure_intune_mdm_enrollment.png"::: + :::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png"::: ### 1.7 Configure Microsoft Store for Business for app distribution Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune. @@ -306,7 +306,7 @@ In this part of the walkthrough, use the [Microsoft Endpoint Manager admin cente **Figure 24** - Mobile device management - :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png" lightbox="images/intune_admin_mdm_configure.png"::: + :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png"::: 3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune. 4. Accept the EULA. @@ -315,20 +315,20 @@ In this part of the walkthrough, use the [Microsoft Endpoint Manager admin cente **Figure 25** - Activate Intune as the Store management tool - :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png" lightbox="images/wsfb_management_tools_activate.png"::: + :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png"::: 7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. 8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune. **Figure 26** - Configure Store for Business sync in Intune - :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png" lightbox="images/intune_admin_mdm_store_sync.png"::: + :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png"::: 9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**. **Figure 27** - Enable Microsoft Store for Business sync in Intune - :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png" lightbox="images/intune_configure_store_app_sync_dialog.png"::: + :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png"::: The **Microsoft Store for Business** page will refresh and it will show the details from the sync. @@ -351,7 +351,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S **Figure 28** - Shop for Store apps - :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png" lightbox="images/wsfb_shop_microsoft_apps.png"::: + :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png"::: 2. Click to select an app, such as **Reader**. This opens the app page. 3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page. @@ -361,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S **Figure 29** - App inventory shows the purchased apps - :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png" lightbox="images/wsfb_manage_inventory_newapps.png"::: + :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png"::: > [!NOTE] > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync). @@ -375,7 +375,7 @@ If you need to sync your most recently purchased apps and have it appear in your **Figure 30** - Force a sync in Intune - :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png" lightbox="images/intune_admin_mdm_forcesync.png"::: + :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png"::: **To view purchased apps** - In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. @@ -396,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi **Figure 31** - First screen in Windows device setup - :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png" lightbox="images/win10_hithere.png"::: + :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png"::: > [!NOTE] > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection. @@ -406,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi **Figure 32** - Choose how you'll connect your Windows device - :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png" lightbox="images/win10_choosehowtoconnect.png"::: + :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png"::: 4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts. **Figure 33** - Sign in using one of the accounts you added - :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png" lightbox="images/win10_signin_admin_account.png"::: + :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png"::: 5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup. @@ -433,7 +433,7 @@ In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink **Figure 34** - Check the PC name on your device - :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png" lightbox="images/win10_settings_pcname.png"::: + :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png"::: 2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 3. Select **Groups** and then go to **Devices**. @@ -444,7 +444,7 @@ In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink **Figure 35** - Check that the device appears in Intune - :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png" lightbox="images/intune_groups_devices_list.png"::: + :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png"::: ## 3. Manage device settings and features You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). @@ -463,7 +463,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 36** - Reconfigure an app's deployment setting in Intune - :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png" lightbox="images/intune_apps_deploymentaction.png"::: + :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png"::: 6. Click **Finish**. 7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible. @@ -473,7 +473,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 37** - Confirm that additional apps were deployed to the device - :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png" lightbox="images/win10_deploy_apps_immediately.png"::: + :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png"::: ### 3.2 Configure other settings in Intune @@ -489,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 38** - Add a configuration policy - :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png" lightbox="images/intune_policy_disablecamera.png"::: + :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png"::: 7. Click **Save Policy**. A confirmation window will pop up. 8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now. @@ -498,7 +498,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 39** - The new policy should appear in the **Policies** list. - :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png" lightbox="images/intune_policies_newpolicy_deployed.png"::: + :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png"::: **To turn off Windows Hello and PINs during device setup** 1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). @@ -507,7 +507,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 40** - Policy to disable Windows Hello for Business - :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png" lightbox="images/intune_policy_disable_windowshello.png"::: + :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png"::: 4. Click **Save**. @@ -534,32 +534,32 @@ For other devices, such as those personally-owned by employees who need to conne **Figure 41** - Add an Azure AD account to the device - :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png" lightbox="images/win10_add_new_user_join_aad.png"::: + :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png"::: 4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user. **Figure 42** - Enter the account details - :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png" lightbox="images/win10_add_new_user_account_aadwork.png"::: + :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png"::: 5. You will be asked to update the password so enter a new password. 6. Verify the details to make sure you're connecting to the right organization and then click **Join**. **Figure 43** - Make sure this is your organization - :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png" lightbox="images/win10_confirm_organization_details.png"::: + :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png"::: 7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**. **Figure 44** - Confirmation that the device is now connected - :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png" lightbox="images/win10_confirm_device_connected_to_org.png"::: + :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png"::: 8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources. **Figure 45** - Device is now enrolled in Azure AD - :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png" lightbox="images/win10_device_enrolled_in_aad.png"::: + :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png"::: 9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. From f0aae708c6bac7417e086a4398f84b14f0d1ec17 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 14 Dec 2021 15:07:31 +0200 Subject: [PATCH 227/335] add info about Accounts_EnableAdministratorAccountStatus https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9927 --- ...policy-csp-localpoliciessecurityoptions.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index e8dc4d3729..22c1583ceb 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -23,6 +23,9 @@ manager: dansimp
                      LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                      +
                      + LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus +
                      LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                      @@ -222,6 +225,54 @@ The following list shows the supported values:
                      + +**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
                      + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
                      + + + +This setting allows the administrator to enable the local Administrator account. + +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + + + +GP Info: +- GP Friendly name: *Accounts: Enable Administrator Account Status* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + +The following list shows the supported values: + +- 0 - disabled (local Administrator account is disabled). +- 1 - enabled (local Administrator account is enabled). + + + + +
                      + **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** From 08474a3d45f82690a528ff51e6667ef5777cd97f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 09:42:15 -0800 Subject: [PATCH 228/335] Add lightbox and/or image borders --- windows/deployment/update/waas-wufb-group-policy.md | 10 +++++----- windows/deployment/upgrade/quick-fixes.md | 2 +- .../deployment/upgrade/troubleshoot-upgrade-errors.md | 2 +- windows/deployment/upgrade/windows-error-reporting.md | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index a83c9bbf1e..90d3dd313b 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -85,19 +85,19 @@ A Windows Update for Business administrator can defer or pause updates. You can In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days. -![illustration of devices divided into three rings.](images/waas-wufb-3-rings.png) +:::image type="content" alt-text="illustration of devices divided into three rings." source="images/waas-wufb-3-rings.png" lightbox="images/waas-wufb-3-rings.png"::: When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates. ##### Five days later The devices in the fast ring are offered the quality update the next time they scan for updates. -![illustration of devices with fast ring deployed.](images/waas-wufb-fast-ring.png) +:::image type="content" alt-text="illustration of devices with fast ring deployed." source="images/waas-wufb-fast-ring.png" lightbox="images/waas-wufb-fast-ring.png"::: ##### Ten days later Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates. -![illustration of devices with slow ring deployed.](images/waas-wufb-slow-ring.png) +:::image type="content" alt-text="illustration of devices with slow ring deployed." source="images/waas-wufb-slow-ring.png" lightbox="images/waas-wufb-slow-ring.png"::: If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves. @@ -105,11 +105,11 @@ If no problems occur, all of the devices that scan for updates will be offered t In this example, some problem is discovered during the deployment of the update to the "pilot" ring. -![illustration of devices divided with pilot ring experiencing a problem.](images/waas-wufb-pilot-problem.png) +:::image type="content" alt-text="illustration of devices divided with pilot ring experiencing a problem." source="images/waas-wufb-pilot-problem.png" lightbox="images/waas-wufb-pilot-problem.png"::: At this point, the IT administrator can set a policy to pause the update. In this example, the admin selects the **Pause quality updates** check box. -![illustration of rings with pause quality update check box selected.](images/waas-wufb-pause.png) +:::image type="content" alt-text="illustration of rings with pause quality update check box selected." source="images/waas-wufb-pause.png" lightbox="images/waas-wufb-pause.png"::: Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again. diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index ed61e6c2c4..07c36025e2 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -215,7 +215,7 @@ In the previous example, there is 703 GB of available free space on the system d To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: -![Disk cleanup.](../images/cleanup.png) +:::image type="content" alt-text="Disk cleanup." source="../images/cleanup.png"::: For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index d1caf2efa0..f81c8e5e88 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -85,7 +85,7 @@ When performing an operating system upgrade, Windows Setup uses phases described **Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown): -![Upgrade process.](../images/upgrade-process.png) +:::image type="content" alt-text="Upgrade process." source="../images/upgrade-process.png" lightbox="../images/upgrade-process.png"::: DU = Driver/device updates.
                      OOBE = Out of box experience.
                      diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index c68a62ccb1..7fe4f79fa0 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -63,7 +63,7 @@ Ten parameters are listed in the event: The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below. -![Windows Error Reporting.](../images/event.png) +:::image type="content" alt-text="Windows Error Reporting." source="../images/event.png" lightbox="../images/event.png"::: ## Related topics From ff8dc358f5711820630907b4e75aaf9268492a7a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 09:47:54 -0800 Subject: [PATCH 229/335] Add vertical spacing for readability; replace HTML with Markdown --- .../update/waas-wufb-group-policy.md | 8 +++++ windows/deployment/upgrade/quick-fixes.md | 31 +++++++++++-------- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 90d3dd313b..31fa6ecdf4 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -44,10 +44,15 @@ Follow these steps on a device running the Remote Server Administration Tools or ### Set up a ring 1. Start Group Policy Management Console (gpmc.msc). + 2. Expand **Forest > Domains > *\**. + 3. Right-click *\* and select **Create a GPO in this domain and link it here**. + 4. In the **New GPO** dialog box, enter *Windows Update for Business - Group 1* as the name of the new Group Policy Object. + 5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**. + 6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices. @@ -70,8 +75,11 @@ Drivers are automatically enabled because they are beneficial to device systems. #### I want to receive pre-release versions of the next feature update 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. + 2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds. + 3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation. + 4. Select **OK**. #### I want to manage which released feature update my devices receive diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 07c36025e2..909cc5ad69 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -34,20 +34,25 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr ## List of fixes -
                        -
                      1. Remove nonessential external hardware, such as docks and USB devices. More information.
                        2. -
                      2. Check the system drive for errors and attempt repairs. More information.
                        3. -
                      3. Run the Windows Update troubleshooter. More information.
                        4. -
                      4. Attempt to restore and repair system files. More information.
                        5. -
                      5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
                        6. -
                      6. Temporarily uninstall non-Microsoft antivirus software. - More information.
                        7. +1. Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware). -
                      7. Uninstall all nonessential software. More information.
                        8. -
                      8. Update firmware and drivers. More information
                        9. -
                      9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
                        10. -
                      10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
                        11. -
                      +2. Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive). + +3. Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter). + +4. Attempt to restore and repair system files. [More information](#repair-system-files). + +5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows). + +6. Temporarily uninstall non-Microsoft antivirus software. [More information](#uninstall-non-microsoft-antivirus-software). + +7. Uninstall all nonessential software. [More information](#uninstall-non-essential-software). + +8. Update firmware and drivers. [More information](#update-firmware-and-drivers). + +9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected). + +10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space). ## Step by step instructions From a4ac4938e7e13fc61359c3c78f8f2b342d62726b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 09:51:22 -0800 Subject: [PATCH 230/335] Add or correct labels on code blocks --- windows/deployment/upgrade/quick-fixes.md | 28 +++++++++++++------ .../upgrade/windows-error-reporting.md | 2 +- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 909cc5ad69..b82bc221dc 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -86,14 +86,20 @@ The system drive is the drive that contains the [system partition](/windows-hard To check and repair errors on the system drive: 1. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. Type **chkdsk /F** and press ENTER. -6. When you are prompted to schedule a check the next time the system restarts, type **Y**. -7. See the following example - ``` +2. Type **command**. + +3. Right-click **Command Prompt** and then left-click **Run as administrator**. + +4. If you are prompted by UAC, click **Yes**. + +5. Type **chkdsk /F** and press ENTER. + +6. When you are prompted to schedule a check the next time the system restarts, type **Y**. + +7. See the following example. + + ```console C:\WINDOWS\system32>chkdsk /F The type of the file system is NTFS. Cannot lock current drive. @@ -128,12 +134,16 @@ This fix is also described in detail at [answers.microsoft.com](https://answers. To check and repair system files: 1. Click **Start**. + 2. Type **command**. + 3. Right-click **Command Prompt** and then left-click **Run as administrator**. + 4. If you are prompted by UAC, click **Yes**. + 5. Type **sfc /scannow** and press ENTER. See the following example: - ``` + ```console C:\>sfc /scannow Beginning system scan. This process will take some time. @@ -145,7 +155,7 @@ To check and repair system files: ``` 6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: - ``` + ```console C:\>DISM.exe /Online /Cleanup-image /Restorehealth Deployment Image Servicing and Management tool diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 7fe4f79fa0..bc4687be42 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -32,7 +32,7 @@ To use Windows PowerShell, type the following commands from an elevated Windows > [!IMPORTANT] > The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable. -```Powershell +```powershell $events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"} $event = [xml]$events[0].ToXml() $event.Event.EventData.Data From cc057a12fe379c00d0ede4aa51e8c76dd265b511 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 09:53:48 -0800 Subject: [PATCH 231/335] Correct markup of multiple alerts --- .../configure-client-computers-vamt.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index a42268c33d..ba5fcdeda8 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -24,7 +24,7 @@ To enable the Volume Activation Management Tool (VAMT) to function correctly, ce Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows. -> [IMPORTANT] +> [!IMPORTANT] > This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](/windows/win32/wmisdk/connecting-to-wmi-remotely-with-vbscript). ## Configuring the Windows Firewall to allow VAMT access @@ -38,8 +38,8 @@ Enable the VAMT to access client computers using the **Windows Firewall** Contro 5. Select the **Windows Management Instrumentation (WMI)** checkbox. 6. Click **OK**. - **Warning**   - By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. +> [!WARNING] +> By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. ## Configure Windows Firewall to allow VAMT access across multiple subnets @@ -69,7 +69,7 @@ Enable the VAMT to access client computers across multiple subnets using the **W ## Create a registry value for the VAMT to access workgroup-joined computer -> [WARNING]   +> [!WARNING]   > This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](/troubleshoot/windows-server/performance/windows-registry-advanced-users). On the client computer, create the following registry key using regedit.exe. @@ -81,7 +81,7 @@ On the client computer, create the following registry key using regedit.exe. - **Type: DWORD** - **Value Data: 1** - > [NOTE] + > [!NOTE] > To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client. ## Deployment options From c80dde27c4ba21179da0992ea9cb8fb5758c068b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 09:54:45 -0800 Subject: [PATCH 232/335] Correct note style --- windows/deployment/upgrade/windows-error-reporting.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index bc4687be42..74fb942b19 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -43,7 +43,8 @@ To use Event Viewer: 2. Click **Find**, and then search for **winsetupdiag02**. 3. Double-click the event that is highlighted. -Note: For legacy operating systems, the Event Name was WinSetupDiag01. +> [!NOTE] +> For legacy operating systems, the Event Name was WinSetupDiag01. Ten parameters are listed in the event: From 7826920f92b1fb1cd0150a31184610239b9623ae Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 10:00:57 -0800 Subject: [PATCH 233/335] Minor fixes --- windows/deployment/update/waas-wufb-group-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 31fa6ecdf4..8590d0c0cc 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -45,11 +45,11 @@ Follow these steps on a device running the Remote Server Administration Tools or 1. Start Group Policy Management Console (gpmc.msc). -2. Expand **Forest > Domains > *\**. +2. Expand **Forest > Domains > *\*. 3. Right-click *\* and select **Create a GPO in this domain and link it here**. -4. In the **New GPO** dialog box, enter *Windows Update for Business - Group 1* as the name of the new Group Policy Object. +4. In the **New GPO** dialog box, enter **Windows Update for Business - Group 1** as the name of the new Group Policy Object. 5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**. From 0923f27c827e31646cffeef14106e591322b0d94 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 10:06:09 -0800 Subject: [PATCH 234/335] Deleted spaces after "> [!WARNING]" to fix build warning --- .../volume-activation/configure-client-computers-vamt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index ba5fcdeda8..ec417c9558 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -69,7 +69,7 @@ Enable the VAMT to access client computers across multiple subnets using the **W ## Create a registry value for the VAMT to access workgroup-joined computer -> [!WARNING]   +> [!WARNING] > This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](/troubleshoot/windows-server/performance/windows-registry-advanced-users). On the client computer, create the following registry key using regedit.exe. From b967ac64e278bcdb273b6370195005f9278a0d57 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 13:33:22 -0500 Subject: [PATCH 235/335] Fixed link; Removed HTML; Added note/important tags --- .../threat-protection/auditing/event-4738.md | 93 ++++++++++--------- 1 file changed, 48 insertions(+), 45 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 719ce9e666..39bbbe118d 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -16,10 +16,9 @@ ms.technology: windows-sec # 4738(S): A user account was changed. +:::image type="content" source="images/event-4738.png" alt-text="Event 4738 illustration."::: -Event 4738 illustration - -***Subcategory:*** [Audit User Account Management](audit-user-account-management.md) +***Subcategory:*** [Audit User Account Management](audit-user-account-management.md) ***Event Description:*** @@ -29,16 +28,16 @@ This event generates on domain controllers, member servers, and workstations. For each change, a separate 4738 event will be generated. -You might see this event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the [discretionary access control list](/windows/win32/secauthz/access-control-lists) (DACL) is changed, a 4738 event will generate, but all attributes will be “-“. +You might see this event without any changes inside, that is, where all **Changed Attributes** appear as `-`. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the [discretionary access control list](/windows/win32/secauthz/access-control-lists) (DACL) is changed, a 4738 event will generate, but all attributes will be `-`. Some changes do not invoke a 4738 event. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. -
                      +**Event XML:** -***Event XML:*** -``` +```xml - - @@ -101,7 +100,8 @@ Some changes do not invoke a 4738 event. - **Security ID** \[Type = SID\]**:** SID of account that requested the “change user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change user account” operation. @@ -145,7 +145,7 @@ Unfortunately, for local accounts, all fields, except changed attributes, will h - **Display Name** \[Type = UnicodeString\]: it is a name, displayed in the address book for a particular account. This is usually the combination of the user's first name, middle initial, and last name. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. If the value of **displayName** attribute of user object was changed, you will see the new value here. For local accounts, this field always has some value—if the account's attribute was not changed it will contain the current value of the attribute. -- **User Principal Name** \[Type = UnicodeString\]: internet-style login name for the account, based on the Internet standard RFC 822. By convention this should map to the account's email name. If the value of **userPrincipalName** attribute of user object was changed, you will see the new value here. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. For local accounts, this field is not applicable and always has “-“ value. +- **User Principal Name** \[Type = UnicodeString\]: internet-style login name for the account, based on the Internet standard RFC 822. By convention this should map to the account's email name. If the value of **userPrincipalName** attribute of user object was changed, you will see the new value here. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. For local accounts, this field is not applicable and always has `-` value. - **Home Directory** \[Type = UnicodeString\]: user's home directory. If **homeDrive** attribute is set and specifies a drive letter, **homeDirectory** should be a UNC path. The path must be a network UNC of the form \\\\Server\\Share\\Directory. If the value of **homeDirectory** attribute of user object was changed, you will see the new value here. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. For local accounts, this field always has some value—if the account's attribute was not changed it will contain the current value of the attribute. @@ -155,7 +155,7 @@ Unfortunately, for local accounts, all fields, except changed attributes, will h - **Profile Path** \[Type = UnicodeString\]: specifies a path to the account's profile. This value can be a null string, a local absolute path, or a UNC path. If the value of **profilePath** attribute of user object was changed, you will see the new value here. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. For local accounts, this field always has some value—if the account's attribute was not changed it will contain the current value of the attribute. -- **User Workstations** \[Type = UnicodeString\]: contains the list of NetBIOS or DNS names of the computers from which the user can logon. Each computer name is separated by a comma. The name of a computer is the **sAMAccountName** property of a computer object. If the value of **userWorkstations** attribute of user object was changed, you will see the new value here. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. For local accounts, this field is not applicable and always appears as “**<value not set>**.“ +- **User Workstations** \[Type = UnicodeString\]: contains the list of NetBIOS or DNS names of the computers from which the user can logon. Each computer name is separated by a comma. The name of a computer is the **sAMAccountName** property of a computer object. If the value of **userWorkstations** attribute of user object was changed, you will see the new value here. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. For local accounts, this field is not applicable and always appears as ``. - **Password Last Set** \[Type = UnicodeString\]**:** last time the account’s password was modified. If the value of **pwdLastSet** attribute of user object was changed, you will see the new value here. For example: 8/12/2015 11:41:39 AM. This value will be changed, for example, after manual user account password reset. For local accounts, this field always has some value—if the account's attribute was not changed it will contain the current value of the attribute. @@ -163,7 +163,8 @@ Unfortunately, for local accounts, all fields, except changed attributes, will h - **Primary Group ID** \[Type = UnicodeString\]: Relative Identifier (RID) of user’s object primary group. -> **Note**  **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. + > [!NOTE] + > **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. This field will contain some value if user’s object primary group was changed. You can change user’s primary group using Active Directory Users and Computers management console in the **Member Of** tab of user object properties. You will see a RID of new primary group as a field value. For example, RID 513 (Domain Users) is a default primary group for users. @@ -171,7 +172,7 @@ Typical **Primary Group** values for user accounts: - 513 (Domain Users. For local accounts this RID means Users) – for domain and local users. - See this article for more information. If the value of **primaryGroupID** attribute of user object was changed, you will see the new value here. + See the [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers) for more information. If the value of **primaryGroupID** attribute of user object was changed, you will see the new value here. @@ -183,11 +184,12 @@ Typical **Primary Group** values for user accounts: If the value of **msDS-AllowedToDelegateTo** attribute of user object was changed, you will see the new value here. - The value can be “**<value not set>**”, for example, if delegation was disabled. + The value can be ``, for example, if delegation was disabled. - For local accounts, this field is not applicable and always has “-“ value. + For local accounts, this field is not applicable and always has `-` value. -> **Note**  **Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. + > [!NOTE] + > **Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. - **Old UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. This parameter contains the previous value of **userAccountControl** attribute of user object. @@ -225,7 +227,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT - **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. -- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. +- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see `` in this field. For local accounts, this field is not applicable and always has `` value. - **SID History** \[Type = UnicodeString\]: contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and becomes the objectSID. The previous SID is added to the **sIDHistory** property. If the value of **sIDHistory** attribute of user object was changed, you will see the new value here. @@ -249,7 +251,8 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT For 4738(S): A user account was changed. -> **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). +> [!IMPORTANT] +> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). - Some organizations monitor every [4738](event-4738.md) event. @@ -259,34 +262,34 @@ For 4738(S): A user account was changed. - Consider whether to track the following fields: -| **Field to track** | **Reason to track** | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Display Name**
                      **User Principal Name**
                      **Home Directory**
                      **Home Drive**
                      **Script Path**
                      **Profile Path**
                      **User Workstations**
                      **Password Last Set**
                      **Account Expires**
                      **Primary Group ID
                      Logon Hours** | We recommend monitoring all changes for these fields for critical domain and local accounts. | -| **Primary Group ID** is not 513 | Typically, the **Primary Group** value is 513 for domain and local users. Other values should be monitored. | -| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | -| **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | + | **Field to track** | **Reason to track** | + |---|---| + | **Display Name**
                      **User Principal Name**
                      **Home Directory**
                      **Home Drive**
                      **Script Path**
                      **Profile Path**
                      **User Workstations**
                      **Password Last Set**
                      **Account Expires**
                      **Primary Group ID
                      Logon Hours** | We recommend monitoring all changes for these fields for critical domain and local accounts. | + | **Primary Group ID** is not 513 | Typically, the **Primary Group** value is 513 for domain and local users. Other values should be monitored. | + | For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked `` | If **AllowedToDelegateTo** is marked `` on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | + | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following user account control flags: -| **User account control flag to track** | **Information about the flag** | -|---------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **'Normal Account'** – Disabled | Should not be disabled for user accounts. | -| **'Password Not Required'** – Enabled | Should not typically be enabled for user accounts because it weakens security for the account. | -| **'Encrypted Text Password Allowed'** – Enabled | Should not typically be enabled for user accounts because it weakens security for the account. | -| **'Server Trust Account'** – Enabled | Should never be enabled for user accounts. Applies only to domain controller (computer) accounts. | -| **'Don't Expire Password'** – Enabled | Should be monitored for critical accounts, or all accounts if your organization does not allow this flag. | -| **'Smartcard Required'** – Enabled | Should be monitored for critical accounts. | -| **'Password Not Required'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | -| **'Encrypted Text Password Allowed'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | -| **'Don't Expire Password'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | -| **'Smartcard Required'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | -| **'Trusted For Delegation'** – Enabled | Means that Kerberos Constraint or Unconstraint delegation was enabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | +| **User account control flag to track** | **Information about the flag** | +|---|---| +| **'Normal Account'** – Disabled | Should not be disabled for user accounts. | +| **'Password Not Required'** – Enabled | Should not typically be enabled for user accounts because it weakens security for the account. | +| **'Encrypted Text Password Allowed'** – Enabled | Should not typically be enabled for user accounts because it weakens security for the account. | +| **'Server Trust Account'** – Enabled | Should never be enabled for user accounts. Applies only to domain controller (computer) accounts. | +| **'Don't Expire Password'** – Enabled | Should be monitored for critical accounts, or all accounts if your organization does not allow this flag. | +| **'Smartcard Required'** – Enabled | Should be monitored for critical accounts. | +| **'Password Not Required'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | +| **'Encrypted Text Password Allowed'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | +| **'Don't Expire Password'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | +| **'Smartcard Required'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | +| **'Trusted For Delegation'** – Enabled | Means that Kerberos Constraint or Unconstraint delegation was enabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | | **'Trusted For Delegation'** – Disabled | Means that Kerberos Constraint or Unconstraint delegation was disabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of user accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | -| **'Trusted To Authenticate For Delegation'** – Enabled | Means that Protocol Transition delegation was enabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | -| **'Trusted To Authenticate For Delegation'** – Disabled | Means that Protocol Transition delegation was disabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of user accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | -| **'Not Delegated'** – Enabled | Means that **Account is sensitive and cannot be delegated** was checked for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | -| **'Not Delegated'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” Means that **Account is sensitive and cannot be delegated** was unchecked for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | -| **'Use DES Key Only'** – Enabled | Should not typically be enabled for user accounts because it weakens security for the account’s Kerberos authentication. | -| **'Don't Require Preauth'** – Enabled | Should not be enabled for user accounts because it weakens security for the account’s Kerberos authentication. | -| **'Use DES Key Only'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | -| **'Don't Require Preauth'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | \ No newline at end of file +| **'Trusted To Authenticate For Delegation'** – Enabled | Means that Protocol Transition delegation was enabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | +| **'Trusted To Authenticate For Delegation'** – Disabled | Means that Protocol Transition delegation was disabled for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of user accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | +| **'Not Delegated'** – Enabled | Means that **Account is sensitive and cannot be delegated** was checked for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | +| **'Not Delegated'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” Means that **Account is sensitive and cannot be delegated** was unchecked for the user account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | +| **'Use DES Key Only'** – Enabled | Should not typically be enabled for user accounts because it weakens security for the account’s Kerberos authentication. | +| **'Don't Require Preauth'** – Enabled | Should not be enabled for user accounts because it weakens security for the account’s Kerberos authentication. | +| **'Use DES Key Only'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | +| **'Don't Require Preauth'** – Disabled | Should be monitored for all accounts where the setting should be “**Enabled**.” | From d7f1c68aeb9f68333a808c9e7a66dfbd476ecb51 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 14:30:06 -0500 Subject: [PATCH 236/335] Link; Note/Important; Removed HTML --- .../threat-protection/auditing/event-4741.md | 222 +++++++++--------- 1 file changed, 113 insertions(+), 109 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index 8637623f1b..71203dab84 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -27,12 +27,12 @@ This event generates every time a new computer object is created. This event generates only on domain controllers. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. - -
                      +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. ***Event XML:*** -``` + +```xml - - @@ -95,7 +95,8 @@ This event generates only on domain controllers. - **Security ID** \[Type = SID\]**:** SID of account that requested the “create Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create Computer object” operation. @@ -129,27 +130,28 @@ This event generates only on domain controllers. - **SAM Account Name** \[Type = UnicodeString\]: logon name for account used to support clients and servers from previous versions of Windows (pre-Windows 2000 logon name). The value of **sAMAccountName** attribute of new computer object. For example: WIN81$. -- **Display Name** \[Type = UnicodeString\]: the value of **displayName** attribute of new computer object. It is a name displayed in the address book for a particular account (typically – user account). This is usually the combination of the user's first name, middle initial, and last name. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Display Name** \[Type = UnicodeString\]: the value of **displayName** attribute of new computer object. It is a name displayed in the address book for a particular account (typically – user account). This is usually the combination of the user's first name, middle initial, and last name. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **User Principal Name** \[Type = UnicodeString\]: internet-style login name for the account, based on the Internet standard RFC 822. By convention this should map to the account's email name. This parameter contains the value of **userPrincipalName** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **User Principal Name** \[Type = UnicodeString\]: internet-style login name for the account, based on the Internet standard RFC 822. By convention this should map to the account's email name. This parameter contains the value of **userPrincipalName** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **Home Directory** \[Type = UnicodeString\]: user's home directory. If **homeDrive** attribute is set and specifies a drive letter, **homeDirectory** should be a UNC path. The path must be a network UNC of the form \\\\Server\\Share\\Directory. This parameter contains the value of **homeDirectory** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Home Directory** \[Type = UnicodeString\]: user's home directory. If **homeDrive** attribute is set and specifies a drive letter, **homeDirectory** should be a UNC path. The path must be a network UNC of the form \\\\Server\\Share\\Directory. This parameter contains the value of **homeDirectory** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **Home Drive** \[Type = UnicodeString\]**:** specifies the drive letter to which to map the UNC path specified by **homeDirectory** account’s attribute. The drive letter must be specified in the form “DRIVE\_LETTER:”. For example – “H:”. This parameter contains the value of **homeDrive** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Home Drive** \[Type = UnicodeString\]**:** specifies the drive letter to which to map the UNC path specified by **homeDirectory** account’s attribute. The drive letter must be specified in the form `DRIVE\_LETTER:`. For example – `H:`. This parameter contains the value of **homeDrive** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **Script Path** \[Type = UnicodeString\]**:** specifies the path of the account's logon script. This parameter contains the value of **scriptPath** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Script Path** \[Type = UnicodeString\]**:** specifies the path of the account's logon script. This parameter contains the value of **scriptPath** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **Profile Path** \[Type = UnicodeString\]: specifies a path to the account's profile. This value can be a null string, a local absolute path, or a UNC path. This parameter contains the value of **profilePath** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Profile Path** \[Type = UnicodeString\]: specifies a path to the account's profile. This value can be a null string, a local absolute path, or a UNC path. This parameter contains the value of **profilePath** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **User Workstations** \[Type = UnicodeString\]: contains the list of NetBIOS or DNS names of the computers from which the user can logon. Each computer name is separated by a comma. The name of a computer is the **sAMAccountName** property of a computer object. This parameter contains the value of **userWorkstations** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **User Workstations** \[Type = UnicodeString\]: contains the list of NetBIOS or DNS names of the computers from which the user can logon. Each computer name is separated by a comma. The name of a computer is the **sAMAccountName** property of a computer object. This parameter contains the value of **userWorkstations** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. -- **Password Last Set** \[Type = UnicodeString\]**:** last time the account’s password was modified. For manually created computer account, using Active Directory Users and Computers snap-in, this field typically has value “**<never>”**. For computer account created during standard domain join procedure this field will contains time when computer object was created, because password creates during domain join procedure. For example: 8/12/2015 11:41:39 AM. This parameter contains the value of **pwdLastSet** attribute of new computer object. +- **Password Last Set** \[Type = UnicodeString\]**:** last time the account’s password was modified. For manually created computer account, using Active Directory Users and Computers snap-in, this field typically has value ``. For computer account created during standard domain join procedure this field will contains time when computer object was created, because password creates during domain join procedure. For example: 8/12/2015 11:41:39 AM. This parameter contains the value of **pwdLastSet** attribute of new computer object. -- **Account Expires** \[Type = UnicodeString\]: the date when the account expires. This parameter contains the value of **accountExpires** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as “-”. +- **Account Expires** \[Type = UnicodeString\]: the date when the account expires. This parameter contains the value of **accountExpires** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. This parameter might not be captured in the event, and in that case appears as `-`. - **Primary Group ID** \[Type = UnicodeString\]: Relative Identifier (RID) of computer’s object primary group. -> **Note**  **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. + > [!NOTE] + > **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. Typically, **Primary Group** field for new computer accounts has the following values: @@ -159,15 +161,16 @@ Typically, **Primary Group** field for new computer accounts has the following v - 515 (Domain Computers) – for member servers and workstations. - See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new computer object. + See the [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers) for more information. This parameter contains the value of **primaryGroupID** attribute of new computer object. -- **AllowedToDelegateTo** \[Type = UnicodeString\]: the list of SPNs to which this account can present delegated credentials. Can be changed using Active Directory Users and Computers management console in **Delegation** tab of computer account. Typically it is set to “**-“** for new computer objects. This parameter contains the value of **AllowedToDelegateTo** attribute of new computer object. See description of **AllowedToDelegateTo** field for “[4742](event-4742.md): A computer account was changed” event for more details. +- **AllowedToDelegateTo** \[Type = UnicodeString\]: the list of SPNs to which this account can present delegated credentials. Can be changed using Active Directory Users and Computers management console in **Delegation** tab of computer account. Typically it is set to `-` for new computer objects. This parameter contains the value of **AllowedToDelegateTo** attribute of new computer object. See description of **AllowedToDelegateTo** field for “[4742](event-4742.md): A computer account was changed” event for more details. -> **Note**  **Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. + > [!NOTE] + > **Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. -- **Old UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user or computer account. **Old UAC value** always **“0x0”** for new computer accounts. This parameter contains the previous value of **userAccountControl** attribute of computer object. +- **Old UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user or computer account. **Old UAC value** always `0x0` for new computer accounts. This parameter contains the previous value of **userAccountControl** attribute of computer object. - **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user or computer account. This parameter contains the value of **userAccountControl** attribute of new computer object. @@ -201,45 +204,45 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. For new computer accounts, when the object for this account was created, the **userAccountControl** value was considered to be **“0x0”**, and then it was changed from **“0x0”** to the real value for the account's **userAccountControl** attribute. See possible values in the table below. In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4741 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. For new computer accounts, when the object for this account was created, the **userAccountControl** value was considered to be `0x0`, and then it was changed from `0x0` to the real value for the account's **userAccountControl** attribute. See possible values in the table below. In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4741 event. -| Flag Name | userAccountControl in hexadecimal | userAccountControl in decimal | Description | User Account Control field text | -|-------------------------------------------------------------------------------|-----------------------------------|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------| -| SCRIPT | 0x0001 | 1 | The logon script will be run. | Changes of this flag do not show in 4741 events. | -| ACCOUNTDISABLE | 0x0002 | 2 | The user account is disabled. | Account Disabled
                      Account Enabled | -| Undeclared | 0x0004 | 4 | This flag is undeclared. | Changes of this flag do not show in 4741 events. | -| HOMEDIR\_REQUIRED | 0x0008 | 8 | The home folder is required. | 'Home Directory Required' - Enabled
                      'Home Directory Required' - Disabled | -| LOCKOUT | 0x0010 | 16 | | Changes of this flag do not show in 4741 events. | -| PASSWD\_NOTREQD | 0x0020 | 32 | No password is required. | 'Password Not Required' - Enabled
                      'Password Not Required' - Disabled | -| PASSWD\_CANT\_CHANGE | 0x0040 | 64 | The user cannot change the password. This is a permission on the user's object. | Changes of this flag do not show in 4741 events. | -| ENCRYPTED\_TEXT\_PWD\_ALLOWED | 0x0080 | 128 | The user can send an encrypted password.
                      Can be set using “Store password using reversible encryption” checkbox. | 'Encrypted Text Password Allowed' - Disabled
                      'Encrypted Text Password Allowed' - Enabled | -| TEMP\_DUPLICATE\_ACCOUNT | 0x0100 | 256 | This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. This is sometimes referred to as a local user account. | Cannot be set for computer account. | -| NORMAL\_ACCOUNT | 0x0200 | 512 | This is a default account type that represents a typical user. | 'Normal Account' - Disabled
                      'Normal Account' - Enabled | -| INTERDOMAIN\_TRUST\_ACCOUNT | 0x0800 | 2048 | This is a permit to trust an account for a system domain that trusts other domains. | Cannot be set for computer account. | -| WORKSTATION\_TRUST\_ACCOUNT | 0x1000 | 4096 | This is a computer account for a computer that is running Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Professional, or Windows 2000 Server and is a member of this domain. | 'Workstation Trust Account' - Disabled
                      'Workstation Trust Account' - Enabled | -| SERVER\_TRUST\_ACCOUNT | 0x2000 | 8192 | This is a computer account for a domain controller that is a member of this domain. | 'Server Trust Account' - Enabled
                      'Server Trust Account' - Disabled | -| DONT\_EXPIRE\_PASSWORD | 0x10000 | 65536 | Represents the password, which should never expire on the account.
                      Can be set using “Password never expires” checkbox. | 'Don't Expire Password' - Disabled
                      'Don't Expire Password' - Enabled | -| MNS\_LOGON\_ACCOUNT | 0x20000 | 131072 | This is an MNS logon account. | 'MNS Logon Account' - Disabled
                      'MNS Logon Account' - Enabled | -| SMARTCARD\_REQUIRED | 0x40000 | 262144 | When this flag is set, it forces the user to log on by using a smart card. | 'Smartcard Required' - Disabled
                      'Smartcard Required' - Enabled | -| TRUSTED\_FOR\_DELEGATION | 0x80000 | 524288 | When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account.
                      If you enable Kerberos constraint or unconstraint delegation or disable these types of delegation in Delegation tab you will get this flag changed. | 'Trusted For Delegation' - Enabled
                      'Trusted For Delegation' - Disabled | -| NOT\_DELEGATED | 0x100000 | 1048576 | When this flag is set, the security context of the user is not delegated to a service even if the service account is set as trusted for Kerberos delegation.
                      Can be set using “Account is sensitive and cannot be delegated” checkbox. | 'Not Delegated' - Disabled
                      'Not Delegated' - Enabled | -| USE\_DES\_KEY\_ONLY | 0x200000 | 2097152 | Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
                      Can be set using “Use Kerberos DES encryption types for this account” checkbox. | 'Use DES Key Only' - Disabled
                      'Use DES Key Only' - Enabled | -| DONT\_REQ\_PREAUTH | 0x400000 | 4194304 | This account does not require Kerberos pre-authentication for logging on.
                      Can be set using “Do not require Kerberos preauthentication” checkbox. | 'Don't Require Preauth' - Disabled
                      'Don't Require Preauth' - Enabled | -| PASSWORD\_EXPIRED | 0x800000 | 8388608 | The user's password has expired. | Changes of this flag do not show in 4741 events. | -| TRUSTED\_TO\_AUTH\_FOR\_DELEGATION | 0x1000000 | 16777216 | The account is enabled for delegation. This is a security-sensitive setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service that runs under the account assume a client's identity and authenticate as that user to other remote servers on the network.
                      If you enable Kerberos protocol transition delegation or disable this type of delegation in Delegation tab you will get this flag changed. | 'Trusted To Authenticate For Delegation' - Disabled
                      'Trusted To Authenticate For Delegation' - Enabled | -| PARTIAL\_SECRETS\_ACCOUNT | 0x04000000 | 67108864 | The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. | No information. | +| Flag Name | userAccountControl in hexadecimal | userAccountControl in decimal | Description | User Account Control field text | +|---|---|---|---|---| +| SCRIPT | 0x0001 | 1 | The logon script will be run. | Changes of this flag do not show in 4741 events. | +| ACCOUNTDISABLE | 0x0002 | 2 | The user account is disabled. | Account Disabled
                      Account Enabled | +| Undeclared | 0x0004 | 4 | This flag is undeclared. | Changes of this flag do not show in 4741 events. | +| HOMEDIR\_REQUIRED | 0x0008 | 8 | The home folder is required. | 'Home Directory Required' - Enabled
                      'Home Directory Required' - Disabled | +| LOCKOUT | 0x0010 | 16 | | Changes of this flag do not show in 4741 events. | +| PASSWD\_NOTREQD | 0x0020 | 32 | No password is required. | 'Password Not Required' - Enabled
                      'Password Not Required' - Disabled | +| PASSWD\_CANT\_CHANGE | 0x0040 | 64 | The user cannot change the password. This is a permission on the user's object. | Changes of this flag do not show in 4741 events. | +| ENCRYPTED\_TEXT\_PWD\_ALLOWED | 0x0080 | 128 | The user can send an encrypted password.
                      Can be set using “Store password using reversible encryption” checkbox. | 'Encrypted Text Password Allowed' - Disabled
                      'Encrypted Text Password Allowed' - Enabled | +| TEMP\_DUPLICATE\_ACCOUNT | 0x0100 | 256 | This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. This is sometimes referred to as a local user account. | Cannot be set for computer account. | +| NORMAL\_ACCOUNT | 0x0200 | 512 | This is a default account type that represents a typical user. | 'Normal Account' - Disabled
                      'Normal Account' - Enabled | +| INTERDOMAIN\_TRUST\_ACCOUNT | 0x0800 | 2048 | This is a permit to trust an account for a system domain that trusts other domains. | Cannot be set for computer account. | +| WORKSTATION\_TRUST\_ACCOUNT | 0x1000 | 4096 | This is a computer account for a computer that is running Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Professional, or Windows 2000 Server and is a member of this domain. | 'Workstation Trust Account' - Disabled
                      'Workstation Trust Account' - Enabled | +| SERVER\_TRUST\_ACCOUNT | 0x2000 | 8192 | This is a computer account for a domain controller that is a member of this domain. | 'Server Trust Account' - Enabled
                      'Server Trust Account' - Disabled | +| DONT\_EXPIRE\_PASSWORD | 0x10000 | 65536 | Represents the password, which should never expire on the account.
                      Can be set using “Password never expires” checkbox. | 'Don't Expire Password' - Disabled
                      'Don't Expire Password' - Enabled | +| MNS\_LOGON\_ACCOUNT | 0x20000 | 131072 | This is an MNS logon account. | 'MNS Logon Account' - Disabled
                      'MNS Logon Account' - Enabled | +| SMARTCARD\_REQUIRED | 0x40000 | 262144 | When this flag is set, it forces the user to log on by using a smart card. | 'Smartcard Required' - Disabled
                      'Smartcard Required' - Enabled | +| TRUSTED\_FOR\_DELEGATION | 0x80000 | 524288 | When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account.
                      If you enable Kerberos constraint or unconstraint delegation or disable these types of delegation in Delegation tab you will get this flag changed. | 'Trusted For Delegation' - Enabled
                      'Trusted For Delegation' - Disabled | +| NOT\_DELEGATED | 0x100000 | 1048576 | When this flag is set, the security context of the user is not delegated to a service even if the service account is set as trusted for Kerberos delegation.
                      Can be set using “Account is sensitive and cannot be delegated” checkbox. | 'Not Delegated' - Disabled
                      'Not Delegated' - Enabled | +| USE\_DES\_KEY\_ONLY | 0x200000 | 2097152 | Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
                      Can be set using “Use Kerberos DES encryption types for this account” checkbox. | 'Use DES Key Only' - Disabled
                      'Use DES Key Only' - Enabled | +| DONT\_REQ\_PREAUTH | 0x400000 | 4194304 | This account does not require Kerberos pre-authentication for logging on.
                      Can be set using “Do not require Kerberos preauthentication” checkbox. | 'Don't Require Preauth' - Disabled
                      'Don't Require Preauth' - Enabled | +| PASSWORD\_EXPIRED | 0x800000 | 8388608 | The user's password has expired. | Changes of this flag do not show in 4741 events. | +| TRUSTED\_TO\_AUTH\_FOR\_DELEGATION | 0x1000000 | 16777216 | The account is enabled for delegation. This is a security-sensitive setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service that runs under the account assume a client's identity and authenticate as that user to other remote servers on the network.
                      If you enable Kerberos protocol transition delegation or disable this type of delegation in Delegation tab you will get this flag changed. | 'Trusted To Authenticate For Delegation' - Disabled
                      'Trusted To Authenticate For Delegation' - Enabled | +| PARTIAL\_SECRETS\_ACCOUNT | 0x04000000 | 67108864 | The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. | No information. | > Table 7. User’s or Computer’s account UAC flags. -- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of computer’s account properties, then you will see **<value changed, but not displayed>** in this field in “[4742](event-4742.md)(S): A computer account was changed.” This parameter might not be captured in the event, and in that case appears as “-”. +- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of computer’s account properties, then you will see `` in this field in “[4742](event-4742.md)(S): A computer account was changed.” This parameter might not be captured in the event, and in that case appears as `-`. -- **SID History** \[Type = UnicodeString\]: contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and becomes the objectSID. The previous SID is added to the **sIDHistory** property. This parameter contains the value of **sIDHistory** attribute of new computer object. This parameter might not be captured in the event, and in that case appears as “-”. +- **SID History** \[Type = UnicodeString\]: contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and becomes the objectSID. The previous SID is added to the **sIDHistory** property. This parameter contains the value of **sIDHistory** attribute of new computer object. This parameter might not be captured in the event, and in that case appears as `-`. -- **Logon Hours** \[Type = UnicodeString\]: hours that the account is allowed to logon to the domain. The value of **logonHours** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. You will see **<value not set>** value for new created computer accounts in event 4741. +- **Logon Hours** \[Type = UnicodeString\]: hours that the account is allowed to logon to the domain. The value of **logonHours** attribute of new computer object. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. You will see `` value for new created computer accounts in event 4741. -- **DNS Host Name** \[Type = UnicodeString\]: name of computer account as registered in DNS. The value of **dNSHostName** attribute of new computer object. For manually created computer account objects this field has value “**-**“. +- **DNS Host Name** \[Type = UnicodeString\]: name of computer account as registered in DNS. The value of **dNSHostName** attribute of new computer object. For manually created computer account objects this field has value `-`. -- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation: +- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals `-`. This is an example of **Service Principal Names** field for new domain joined workstation: HOST/Win81.contoso.local @@ -251,45 +254,45 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT **Additional Information:** -- **Privileges** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below: +- **Privileges** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as `-`. See full list of user privileges in the table below: -| Privilege Name | User Right Group Policy Name | Description | -|---------------------------------|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| SeAssignPrimaryTokenPrivilege | Replace a process-level token | Required to assign the [*primary token*](/windows/win32/secgloss/p-gly#_security_primary_token_gly) of a process.
                      With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. | -| SeAuditPrivilege | Generate security audits | With this privilege, the user can add entries to the security log. | -| SeBackupPrivilege | Back up files and directories | - Required to perform backup operations.
                      With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system.
                      This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](/windows/win32/secgloss/a-gly#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. The following access rights are granted if this privilege is held:
                      READ\_CONTROL
                      ACCESS\_SYSTEM\_SECURITY
                      FILE\_GENERIC\_READ
                      FILE\_TRAVERSE | -| SeChangeNotifyPrivilege | Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.
                      With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. | -| SeCreateGlobalPrivilege | Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. | -| SeCreatePagefilePrivilege | Create a pagefile | With this privilege, the user can create and change the size of a pagefile. | -| SeCreatePermanentPrivilege | Create permanent shared objects | Required to create a permanent object.
                      This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. | -| SeCreateSymbolicLinkPrivilege | Create symbolic links | Required to create a symbolic link. | -| SeCreateTokenPrivilege | Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs.
                      When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. | -| SeDebugPrivilege | Debug programs | Required to debug and adjust the memory of a process owned by another account.
                      With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. | -| SeEnableDelegationPrivilege | Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation.
                      With this privilege, the user can set the **Trusted for Delegation** setting on a user or computer object.
                      The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. | -| SeImpersonatePrivilege | Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. | -| SeIncreaseBasePriorityPrivilege | Increase scheduling priority | Required to increase the base priority of a process.
                      With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | -| SeIncreaseQuotaPrivilege | Adjust memory quotas for a process | Required to increase the quota assigned to a process.
                      With this privilege, the user can change the maximum memory that can be consumed by a process. | -| SeIncreaseWorkingSetPrivilege | Increase a process working set | Required to allocate more memory for applications that run in the context of users. | -| SeLoadDriverPrivilege | Load and unload device drivers | Required to load or unload a device driver.
                      With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | -| SeLockMemoryPrivilege | Lock pages in memory | Required to lock physical pages in memory.
                      With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | -| SeMachineAccountPrivilege | Add workstations to domain | With this privilege, the user can create a computer account.
                      This privilege is valid only on domain controllers. | -| SeManageVolumePrivilege | Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. | -| SeProfileSingleProcessPrivilege | Profile single process | Required to gather profiling information for a single process.
                      With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. | -| SeRelabelPrivilege | Modify an object label | Required to modify the mandatory integrity level of an object. | -| SeRemoteShutdownPrivilege | Force shutdown from a remote system | Required to shut down a system using a network request. | +| Privilege Name | User Right Group Policy Name | Description | +|---|---|---| +| SeAssignPrimaryTokenPrivilege | Replace a process-level token | Required to assign the [*primary token*](/windows/win32/secgloss/p-gly#_security_primary_token_gly) of a process.
                      With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. | +| SeAuditPrivilege | Generate security audits | With this privilege, the user can add entries to the security log. | +| SeBackupPrivilege | Back up files and directories | - Required to perform backup operations.
                      With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system.
                      This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](/windows/win32/secgloss/a-gly#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. The following access rights are granted if this privilege is held:
                      READ\_CONTROL
                      ACCESS\_SYSTEM\_SECURITY
                      FILE\_GENERIC\_READ
                      FILE\_TRAVERSE | +| SeChangeNotifyPrivilege | Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.
                      With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. | +| SeCreateGlobalPrivilege | Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. | +| SeCreatePagefilePrivilege | Create a pagefile | With this privilege, the user can create and change the size of a pagefile. | +| SeCreatePermanentPrivilege | Create permanent shared objects | Required to create a permanent object.
                      This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. | +| SeCreateSymbolicLinkPrivilege | Create symbolic links | Required to create a symbolic link. | +| SeCreateTokenPrivilege | Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs.
                      When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. | +| SeDebugPrivilege | Debug programs | Required to debug and adjust the memory of a process owned by another account.
                      With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. | +| SeEnableDelegationPrivilege | Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation.
                      With this privilege, the user can set the **Trusted for Delegation** setting on a user or computer object.
                      The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. | +| SeImpersonatePrivilege | Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. | +| SeIncreaseBasePriorityPrivilege | Increase scheduling priority | Required to increase the base priority of a process.
                      With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. | +| SeIncreaseQuotaPrivilege | Adjust memory quotas for a process | Required to increase the quota assigned to a process.
                      With this privilege, the user can change the maximum memory that can be consumed by a process. | +| SeIncreaseWorkingSetPrivilege | Increase a process working set | Required to allocate more memory for applications that run in the context of users. | +| SeLoadDriverPrivilege | Load and unload device drivers | Required to load or unload a device driver.
                      With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. | +| SeLockMemoryPrivilege | Lock pages in memory | Required to lock physical pages in memory.
                      With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). | +| SeMachineAccountPrivilege | Add workstations to domain | With this privilege, the user can create a computer account.
                      This privilege is valid only on domain controllers. | +| SeManageVolumePrivilege | Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. | +| SeProfileSingleProcessPrivilege | Profile single process | Required to gather profiling information for a single process.
                      With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. | +| SeRelabelPrivilege | Modify an object label | Required to modify the mandatory integrity level of an object. | +| SeRemoteShutdownPrivilege | Force shutdown from a remote system | Required to shut down a system using a network request. | | SeRestorePrivilege | Restore files and directories | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held:
                      WRITE\_DAC
                      WRITE\_OWNER
                      ACCESS\_SYSTEM\_SECURITY
                      FILE\_GENERIC\_WRITE
                      FILE\_ADD\_FILE
                      FILE\_ADD\_SUBDIRECTORY
                      DELETE
                      With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. | -| SeSecurityPrivilege | Manage auditing and security log | Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log.
                      With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.
                      A user with this privilege can also view and clear the security log. | -| SeShutdownPrivilege | Shut down the system | Required to shut down a local system. | -| SeSyncAgentPrivilege | Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers.
                      With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. | -| SeSystemEnvironmentPrivilege | Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. | -| SeSystemProfilePrivilege | Profile system performance | Required to gather profiling information for the entire system.
                      With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. | -| SeSystemtimePrivilege | Change the system time | Required to modify the system time.
                      With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. | -| SeTakeOwnershipPrivilege | Take ownership of files or other objects | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object.
                      With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. | -| SeTcbPrivilege | Act as part of the operating system | This privilege identifies its holder as part of the trusted computer base.
                      This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. | -| SeTimeZonePrivilege | Change the time zone | Required to adjust the time zone associated with the computer's internal clock. | -| SeTrustedCredManAccessPrivilege | Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. | -| SeUndockPrivilege | Remove computer from docking station | Required to undock a laptop.
                      With this privilege, the user can undock a portable computer from its docking station without logging on. | -| SeUnsolicitedInputPrivilege | Not applicable | Required to read unsolicited input from a [*terminal*](/windows/win32/secgloss/t-gly#_security_terminal_gly) device. | +| SeSecurityPrivilege | Manage auditing and security log | Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log.
                      With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.
                      A user with this privilege can also view and clear the security log. | +| SeShutdownPrivilege | Shut down the system | Required to shut down a local system. | +| SeSyncAgentPrivilege | Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers.
                      With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. | +| SeSystemEnvironmentPrivilege | Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. | +| SeSystemProfilePrivilege | Profile system performance | Required to gather profiling information for the entire system.
                      With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. | +| SeSystemtimePrivilege | Change the system time | Required to modify the system time.
                      With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. | +| SeTakeOwnershipPrivilege | Take ownership of files or other objects | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object.
                      With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. | +| SeTcbPrivilege | Act as part of the operating system | This privilege identifies its holder as part of the trusted computer base.
                      This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. | +| SeTimeZonePrivilege | Change the time zone | Required to adjust the time zone associated with the computer's internal clock. | +| SeTrustedCredManAccessPrivilege | Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. | +| SeUndockPrivilege | Remove computer from docking station | Required to undock a laptop.
                      With this privilege, the user can undock a portable computer from its docking station without logging on. | +| SeUnsolicitedInputPrivilege | Not applicable | Required to read unsolicited input from a [*terminal*](/windows/win32/secgloss/t-gly#_security_terminal_gly) device. | > Table 8. User Privileges. @@ -297,33 +300,34 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT For 4741(S): A computer account was created. -> **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). +> [!IMPORTANT] +> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). - If your information security monitoring policy requires you to monitor computer account creation, monitor this event. - Consider whether to track the following fields and values: -| **Field and value to track** | **Reason to track** | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **SAM Account Name**: empty or - | This field must contain the computer account name. If it is empty or **-**, it might indicate an anomaly. | -| **Display Name** is not -
                      **User Principal Name** is not -
                      **Home Directory** is not -
                      **Home Drive** is not -
                      **Script Path** is not -
                      **Profile Path** is not -
                      **User Workstations** is not -
                      **AllowedToDelegateTo** is not - | Typically these fields are **-** for new computer accounts. Other values might indicate an anomaly and should be monitored. | -| **Password Last Set** is **<never>** | This typically means this is a manually created computer account, which you might need to monitor. | -| **Account Expires** is not **<never>** | Typically this field is **<never>** for new computer accounts. Other values might indicate an anomaly and should be monitored. | -| **Primary Group ID** is any value other than 515. | Typically, the **Primary Group ID** value is one of the following:
                      **516** for domain controllers
                      **521** for read only domain controllers (RODCs)
                      **515** for servers and workstations (domain computers)
                      If the **Primary Group ID** is 516 or 521, it is a new domain controller or RODC, and the event should be monitored.
                      If the value is not 516, 521, or 515, it is not a typical value and should be monitored. | -| **Old UAC Value** is not 0x0 | Typically this field is **0x0** for new computer accounts. Other values might indicate an anomaly and should be monitored. | -| **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | -| **Logon Hours** value other than **<value not set>** | This should always be **<value not set>** for new computer accounts. | + | **Field and value to track** | **Reason to track** | + |---|---| + | **SAM Account Name**: empty or `-` | This field must contain the computer account name. If it is empty or **-**, it might indicate an anomaly. | + | **Display Name** is not -
                      **User Principal Name** is not -
                      **Home Directory** is not -
                      **Home Drive** is not -
                      **Script Path** is not -
                      **Profile Path** is not -
                      **User Workstations** is not -
                      **AllowedToDelegateTo** is not - | Typically these fields are **-** for new computer accounts. Other values might indicate an anomaly and should be monitored. | + | **Password Last Set** is `` | This typically means this is a manually created computer account, which you might need to monitor. | + | **Account Expires** is not `` | Typically this field is `` for new computer accounts. Other values might indicate an anomaly and should be monitored. | + | **Primary Group ID** is any value other than 515. | Typically, the **Primary Group ID** value is one of the following:
                      **516** for domain controllers
                      **521** for read only domain controllers (RODCs)
                      **515** for servers and workstations (domain computers)
                      If the **Primary Group ID** is 516 or 521, it is a new domain controller or RODC, and the event should be monitored.
                      If the value is not 516, 521, or 515, it is not a typical value and should be monitored. | + | **Old UAC Value** is not 0x0 | Typically this field is **0x0** for new computer accounts. Other values might indicate an anomaly and should be monitored. | + | **SID History** is not `-` | This field will always be set to - unless the account was migrated from another domain. | + | **Logon Hours** value other than `` | This should always be `` for new computer accounts. | - Consider whether to track the following account control flags: -| **User account control flag to track** | **Information about the flag** | -|--------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **'Encrypted Text Password Allowed'** – Enabled | Should not be set for computer accounts. By default, it will not be set, and it cannot be set in the account properties in Active Directory Users and Computers. | -| **'Server Trust Account'** – Enabled | Should be enabled **only** for domain controllers. | -| **'Don't Expire Password'** – Enabled | Should not be enabled for new computer accounts, because the password automatically changes every 30 days by default. For computer accounts, this flag cannot be set in the account properties in Active Directory Users and Computers. | -| **'Smartcard Required'** – Enabled | Should not be enabled for new computer accounts. | -| **'Trusted For Delegation'** – Enabled | Should not be enabled for new member servers and workstations. It is enabled by default for new domain controllers. | -| **'Not Delegated'** – Enabled | Should not be enabled for new computer accounts. | -| **'Use DES Key Only'** – Enabled | Should not be enabled for new computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | -| **'Don't Require Preauth'** – Enabled | Should not be enabled for new computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | -| **'Trusted To Authenticate For Delegation'** – Enabled | Should not be enabled for new computer accounts by default. | \ No newline at end of file + | **User account control flag to track** | **Information about the flag** | + |---|---| + | **'Encrypted Text Password Allowed'** – Enabled | Should not be set for computer accounts. By default, it will not be set, and it cannot be set in the account properties in Active Directory Users and Computers. | + | **'Server Trust Account'** – Enabled | Should be enabled **only** for domain controllers. | + | **'Don't Expire Password'** – Enabled | Should not be enabled for new computer accounts, because the password automatically changes every 30 days by default. For computer accounts, this flag cannot be set in the account properties in Active Directory Users and Computers. | + | **'Smartcard Required'** – Enabled | Should not be enabled for new computer accounts. | + | **'Trusted For Delegation'** – Enabled | Should not be enabled for new member servers and workstations. It is enabled by default for new domain controllers. | + | **'Not Delegated'** – Enabled | Should not be enabled for new computer accounts. | + | **'Use DES Key Only'** – Enabled | Should not be enabled for new computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | + | **'Don't Require Preauth'** – Enabled | Should not be enabled for new computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | + | **'Trusted To Authenticate For Delegation'** – Enabled | Should not be enabled for new computer accounts by default. | From 75ec9e4f7674a4cd0f191f51c0ba7d383a0b015f Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 15:04:09 -0500 Subject: [PATCH 237/335] link; note/important; HTML --- .../threat-protection/auditing/event-4742.md | 87 ++++++++++--------- 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 3ff909ccfe..714672c0cb 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -16,10 +16,9 @@ ms.technology: windows-sec # 4742(S): A computer account was changed. +:::image type="content" source="images/event-4742.png" alt-text="Event 4742 illustration"::: -Event 4742 illustration - -***Subcategory:*** [Audit Computer Account Management](audit-computer-account-management.md) +***Subcategory:*** [Audit Computer Account Management](audit-computer-account-management.md) ***Event Description:*** @@ -33,16 +32,19 @@ For each change, a separate 4742 event will be generated. Some changes do not invoke a 4742 event, for example, changes made using Active Directory Users and Computers management console in **Managed By** tab in computer account properties. -You might see this event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the **Description** of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](/windows/win32/secauthz/access-control-lists) (DACL) is changed, a 4742 event will generate, but all attributes will be “-“. +You might see this event without any changes inside, that is, where all **Changed Attributes** appear as `-`. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the **Description** of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](/windows/win32/secauthz/access-control-lists) (DACL) is changed, a 4742 event will generate, but all attributes will be `-`. -***Important*:** If you manually change any user-related setting or attribute, for example if you set the SMARTCARD\_REQUIRED flag in **userAccountControl** for the computer account, then the **sAMAccountType** of the computer account will be changed to NORMAL\_USER\_ACCOUNT and you will get “[4738](event-4738.md): A user account was changed” instead of 4742 for this computer account. Essentially, the computer account will “become” a user account. For NORMAL\_USER\_ACCOUNT you will always get events from [Audit User Account Management](audit-user-account-management.md) subcategory. We strongly recommend that you avoid changing any user-related settings manually for computer objects. - -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!IMPORTANT] +> +> - If you manually change any user-related setting or attribute, for example if you set the SMARTCARD\_REQUIRED flag in **userAccountControl** for the computer account, then the **sAMAccountType** of the computer account will be changed to NORMAL\_USER\_ACCOUNT and you will get “[4738](event-4738.md): A user account was changed” instead of 4742 for this computer account. Essentially, the computer account will “become” a user account. For NORMAL\_USER\_ACCOUNT you will always get events from [Audit User Account Management](audit-user-account-management.md) subcategory. We strongly recommend that you avoid changing any user-related settings manually for computer objects. +> +> - For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
                      ***Event XML:*** -``` + +```xml - - @@ -106,7 +108,8 @@ You might see this event without any changes inside, that is, where all **Change - **Security ID** \[Type = SID\]**:** SID of account that requested the “change Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change Computer object” operation. @@ -138,7 +141,8 @@ You might see this event without any changes inside, that is, where all **Change **Changed Attributes:** -> **Note**  If attribute was not changed it will have “-“ value. +> [!NOTE] +> If attribute was not changed it will have `-` value. - **SAM Account Name** \[Type = UnicodeString\]: logon name for account used to support clients and servers from previous versions of Windows (pre-Windows 2000 logon name). If the value of **sAMAccountName** attribute of computer object was changed, you will see the new value here. For example: WIN8$. @@ -148,7 +152,7 @@ You might see this event without any changes inside, that is, where all **Change - **Home Directory** \[Type = UnicodeString\]: user's home directory. If **homeDrive** attribute is set and specifies a drive letter, **homeDirectory** should be a UNC path. The path must be a network UNC of the form \\\\Server\\Share\\Directory. If the value of **homeDirectory** attribute of computer object was changed, you will see the new value here. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. -- **Home Drive** \[Type = UnicodeString\]**:** specifies the drive letter to which to map the UNC path specified by **homeDirectory** account’s attribute. The drive letter must be specified in the form “DRIVE\_LETTER:”. For example – “H:”. If the value of **homeDrive** attribute of computer object was changed, you will see the new value here. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. +- **Home Drive** \[Type = UnicodeString\]**:** specifies the drive letter to which to map the UNC path specified by **homeDirectory** account’s attribute. The drive letter must be specified in the form `DRIVE\_LETTER:`. For example – `H:`. If the value of **homeDrive** attribute of computer object was changed, you will see the new value here. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. - **Script Path** \[Type = UnicodeString\]**:** specifies the path of the account’s logon script. If the value of **scriptPath** attribute of computer object was changed, you will see the new value here. For computer objects, it is optional, and typically is not set. You can change this attribute by using Active Directory Users and Computers, or through a script, for example. @@ -162,7 +166,8 @@ You might see this event without any changes inside, that is, where all **Change - **Primary Group ID** \[Type = UnicodeString\]: Relative Identifier (RID) of computer’s object primary group. -> **Note**  **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. + > [!NOTE] + > **Relative identifier (RID)** is a variable length number that is assigned to objects at creation and becomes part of the object's Security Identifier (SID) that uniquely identifies an account or group within a domain. This field will contain some value if computer’s object primary group was changed. You can change computer’s primary group using Active Directory Users and Computers management console in the **Member Of** tab of computer object properties. You will see a RID of new primary group as a field value. For example, 515 (Domain Computers) for workstations, is a default primary group. @@ -174,7 +179,7 @@ Typical **Primary Group** values for computer accounts: - 515 (Domain Computers) – servers and workstations. - See this article for more information. If the value of **primaryGroupID** attribute of computer object was changed, you will see the new value here. + See the [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers) for more information. If the value of **primaryGroupID** attribute of computer object was changed, you will see the new value here. @@ -186,9 +191,10 @@ Typical **Primary Group** values for computer accounts: If the value of **msDS-AllowedToDelegateTo** attribute of computer object was changed, you will see the new value here. - The value can be **<value not set>**, for example, if delegation was disabled. + The value can be ``, for example, if delegation was disabled. -> **Note**  **Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. + > [!NOTE] + > **Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. - **Old UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user or computer account. This parameter contains the previous value of **userAccountControl** attribute of computer object. @@ -228,7 +234,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of computer’s account properties, then you will see **<value changed, but not displayed>** in this field. +- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of computer’s account properties, then you will see `` in this field. - **SID History** \[Type = UnicodeString\]: contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and becomes the objectSID. The previous SID is added to the **sIDHistory** property. If the value of **sIDHistory** attribute of computer object was changed, you will see the new value here. @@ -254,13 +260,14 @@ TERMSRV/Win81.contoso.local **Additional Information:** -- **Privileges** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in “Table 8. User Privileges.”. +- **Privileges** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as `-`. See full list of user privileges in “Table 8. User Privileges.”. ## Security Monitoring Recommendations For 4742(S): A computer account was changed. -> **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). +> [!IMPORTANT] +> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). - If you have critical domain computer accounts (database servers, domain controllers, administration workstations, and so on) for which you need to monitor each change, monitor this event with the **“Computer Account That Was Changed\\Security ID”** that corresponds to the high-value account or accounts. @@ -268,28 +275,28 @@ For 4742(S): A computer account was changed. - Consider whether to track the following fields and values: -| **Field and value to track** | **Reason to track** | -|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Display Name** is not -
                      **User Principal Name** is not -
                      **Home Directory** is not -
                      **Home Drive** is not -
                      **Script Path** is not -
                      **Profile Path** is not -
                      **User Workstations** is not -
                      **Account Expires** is not -
                      **Logon Hours** is not **-** | Typically these fields are **-** for computer accounts. Other values might indicate an anomaly and should be monitored. | -| **Password Last Set** changes occur more often than usual | Changes that are more frequent than the default (typically once a month) might indicate an anomaly or attack. | -| **Primary Group ID** is not 516, 521, or 515 | Typically, the **Primary Group ID** value is one of the following:
                      **516** for domain controllers
                      **521** for read only domain controllers (RODCs)
                      **515** for servers and workstations (domain computers)
                      Other values should be monitored. | -| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | -| **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | + | **Field and value to track** | **Reason to track** | + |---|---| + | **Display Name** is not -
                      **User Principal Name** is not -
                      **Home Directory** is not -
                      **Home Drive** is not -
                      **Script Path** is not -
                      **Profile Path** is not -
                      **User Workstations** is not -
                      **Account Expires** is not -
                      **Logon Hours** is not - | Typically these fields are `-` for computer accounts. Other values might indicate an anomaly and should be monitored. | + | **Password Last Set** changes occur more often than usual | Changes that are more frequent than the default (typically once a month) might indicate an anomaly or attack. | + | **Primary Group ID** is not 516, 521, or 515 | Typically, the **Primary Group ID** value is one of the following:
                      **516** for domain controllers
                      **521** for read only domain controllers (RODCs)
                      **515** for servers and workstations (domain computers)
                      Other values should be monitored. | + | For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked `` | If **AllowedToDelegateTo** is marked `` on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | + | **SID History** is not - | This field will always be set to `-` unless the account was migrated from another domain. | - Consider whether to track the following account control flags: -| **User account control flag to track** | **Information about the flag** | -|---------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **'Password Not Required'** – Enabled | Should not be set for computer accounts. Computer accounts typically require a password by default, except manually created computer objects. | -| **'Encrypted Text Password Allowed'** – Enabled | Should not be set for computer accounts. By default, it will not be set, and it cannot be set in the account properties in Active Directory Users and Computers. | -| **'Server Trust Account'** – Enabled | Should be enabled **only** for domain controllers. | -| **'Server Trust Account'** – Disabled | Should **not** be disabled for domain controllers. | -| **'Don't Expire Password'** – Enabled | Should not be enabled for computer accounts, because the password automatically changes every 30 days by default. For computer accounts, this flag cannot be set in the account properties in Active Directory Users and Computers. | -| **'Smartcard Required'** – Enabled | Should not be enabled for computer accounts. | -| **'Trusted For Delegation'** – Enabled | Means that Kerberos Constraint or Unconstraint delegation was enabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | -| **'Trusted For Delegation'** – Disabled | Means that Kerberos Constraint or Unconstraint delegation was disabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of computer accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | -| **'Trusted To Authenticate For Delegation'** – Enabled | Means that Protocol Transition delegation was enabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | -| **'Trusted To Authenticate For Delegation'** – Disabled | Means that Protocol Transition delegation was disabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of computer accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | -| **'Not Delegated'** – Enabled | Means that **Account is sensitive and cannot be delegated** was selected for the computer account. For computer accounts, this flag cannot be set using the graphical interface. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | -| **'Use DES Key Only'** – Enabled | Should not be enabled for computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | -| **'Don't Require Preauth'** - Enabled | Should not be enabled for computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | \ No newline at end of file + | **User account control flag to track** | **Information about the flag** | + |---|---| + | **'Password Not Required'** – Enabled | Should not be set for computer accounts. Computer accounts typically require a password by default, except manually created computer objects. | + | **'Encrypted Text Password Allowed'** – Enabled | Should not be set for computer accounts. By default, it will not be set, and it cannot be set in the account properties in Active Directory Users and Computers. | + | **'Server Trust Account'** – Enabled | Should be enabled **only** for domain controllers. | + | **'Server Trust Account'** – Disabled | Should **not** be disabled for domain controllers. | + | **'Don't Expire Password'** – Enabled | Should not be enabled for computer accounts, because the password automatically changes every 30 days by default. For computer accounts, this flag cannot be set in the account properties in Active Directory Users and Computers. | + | **'Smartcard Required'** – Enabled | Should not be enabled for computer accounts. | + | **'Trusted For Delegation'** – Enabled | Means that Kerberos Constraint or Unconstraint delegation was enabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | + | **'Trusted For Delegation'** – Disabled | Means that Kerberos Constraint or Unconstraint delegation was disabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of computer accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | + | **'Trusted To Authenticate For Delegation'** – Enabled | Means that Protocol Transition delegation was enabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | + | **'Trusted To Authenticate For Delegation'** – Disabled | Means that Protocol Transition delegation was disabled for the computer account. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action.
                      Also, if you have a list of computer accounts for which delegation is critical and should not be disabled, monitor this for those accounts. | + | **'Not Delegated'** – Enabled | Means that **Account is sensitive and cannot be delegated** was selected for the computer account. For computer accounts, this flag cannot be set using the graphical interface. We recommend monitoring this to discover whether it is an approved action (done by an administrator), a mistake, or a malicious action. | + | **'Use DES Key Only'** – Enabled | Should not be enabled for computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | + | **'Don't Require Preauth'** - Enabled | Should not be enabled for computer accounts. For computer accounts, it cannot be set in the account properties in Active Directory Users and Computers. | From c5a01f4f8cb0011962f6eb573f884d6644c7fd38 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 16:48:55 -0500 Subject: [PATCH 238/335] Removed broken KB links: Couldn't find replacements --- .../ue-v/uev-release-notes-1607.md | 38 +++++-------------- 1 file changed, 9 insertions(+), 29 deletions(-) diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 2e2e1408c0..875c435895 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -28,12 +28,12 @@ With the release of Windows 10, version 1607, the Company Settings Center was re Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell. -**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable: - -- Contact IT Link Text -- Contact IT URL -- Tray Icon - +> [!NOTE] +> With the removal of the Company Settings Center, the following group policies are no longer applicable: +> +> - Contact IT Link Text +> - Contact IT URL +> - Tray Icon ### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked @@ -99,31 +99,11 @@ Operating system settings for Narrator and currency characters specific to the l WORKAROUND: None -## Hotfixes and Knowledge Base articles for UE-V - -This section contains hotfixes and KB articles for UE-V. - -| KB Article | Title | Link | -|------------|---------|--------| -| 3018608 | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing | [support.microsoft.com/kb/3018608](https://support.microsoft.com/kb/3018608) | -| 2903501 | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles | [support.microsoft.com/kb/2903501](https://support.microsoft.com/kb/2903501) | -| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](https://support.microsoft.com/kb/2770042) | -| 2847017 | Internet Explorer settings replicated by UE-V | [support.microsoft.com/kb/2847017](https://support.microsoft.com/kb/2847017) | -| 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) | -| 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) | -| 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) | -| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) | -| 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) | -| 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) | -| 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) | -| 2843592 | Information on User Experience Virtualization and High Availability | [support.microsoft.com/kb/2843592](https://support.microsoft.com/kb/2843592) | - - - - - **Additional resources for this feature** +- [UE-V Registry Settings](troubleshoot/windows-client/ue-v/ue-v-registry-settings) + +- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)(/troubleshoot/windows-client/ue-v/enable-debug-logging) - [User Experience Virtualization](uev-for-windows.md) From d37032badc344f162202d02f5252b80311f270d4 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 16:53:01 -0500 Subject: [PATCH 239/335] Links --- .../threat-protection/auditing/event-4908.md | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 22e010e5b9..5173543a28 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -16,10 +16,9 @@ ms.technology: windows-sec # 4908(S): Special Groups Logon table modified. +:::image type="content" source="images/event-4908.png" alt-text="Event 4908 illustration"::: -Event 4908 illustration - -***Subcategory:*** [Audit Policy Change](audit-audit-policy-change.md) +***Subcategory:*** [Audit Policy Change](audit-audit-policy-change.md) ***Event Description:*** @@ -29,18 +28,16 @@ This event also generates during system startup. This event is always logged regardless of the "Audit Policy Change" sub-category setting. -More information about Special Groups auditing can be found here: +For more information about Special Groups auditing, see [4908(S): Special Groups Logon table modified](/windows/security/threat-protection/auditing/event-4908). - - - - -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
                      ***Event XML:*** -``` + +```xml - - @@ -75,11 +72,12 @@ More information about Special Groups auditing can be found here: **Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). “HKEY\_LOCAL\_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Audit\\SpecialGroups” registry value contains current list of SIDs which are included in Special Groups: -Registry Editor Audit key illustration +:::image type="content" source="images/registry-editor-audit.png" alt-text="Registry Editor Audit key illustration"::: ## Security Monitoring Recommendations From 2c72890160114ccf970bf887caac4d19602ee2f2 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 17:04:49 -0500 Subject: [PATCH 240/335] Fixed validation warnings --- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 875c435895..ad7afab8b0 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -101,7 +101,7 @@ WORKAROUND: None **Additional resources for this feature** -- [UE-V Registry Settings](troubleshoot/windows-client/ue-v/ue-v-registry-settings) +- [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) - [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)(/troubleshoot/windows-client/ue-v/enable-debug-logging) From 9a22f72cb7f65d35a2ac673e2402fb4309f0ee0e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 18:57:43 -0800 Subject: [PATCH 241/335] Fix broken link in new content --- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index ad7afab8b0..e648b9ed6b 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -103,7 +103,7 @@ WORKAROUND: None - [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) -- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)(/troubleshoot/windows-client/ue-v/enable-debug-logging) +- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)](/troubleshoot/windows-client/ue-v/enable-debug-logging) - [User Experience Virtualization](uev-for-windows.md) From 2d43e91baf31f1508ae7f92321762b0b82d8b480 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 19:01:23 -0800 Subject: [PATCH 242/335] Fix broken link from PR 2687 This commit fixes a broken link that was added in PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/2687 --- .../deployment/update/olympia/olympia-enrollment-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index eb22188154..91fc25dcd6 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -100,7 +100,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi 3. Click **Connect**, then click **Join this device to Azure Active Directory**. - ![Joining device to Azure AD.]](images/2-3.png) + ![Joining device to Azure AD.](images/2-3.png) 4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**. From e7c2ca7e7718e15d5bd0e629f7b5e3a4cfc3f393 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 19:04:50 -0800 Subject: [PATCH 243/335] Add lightbox to aid readability --- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 1771f72297..123a9eef64 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -168,7 +168,7 @@ One of the most common techniques used to gain access to a system is to find a v Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 3 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts. -![ASLR at work.](images/security-fig4-aslr.png) +:::image type="content" alt-text="ASLR at work." source="images/security-fig4-aslr.png" lightbox="images/security-fig4-aslr.png"::: **Figure 3.  ASLR at work** From e7ff5a99ee5a7f7610ed5f5a81baafc67d46b865 Mon Sep 17 00:00:00 2001 From: dlmsft <91010553+dlmsft@users.noreply.github.com> Date: Wed, 15 Dec 2021 10:43:36 +0200 Subject: [PATCH 244/335] Update policy-csp-defender.md --- windows/client-management/mdm/policy-csp-defender.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 102d605e73..b062db74a9 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -571,6 +571,9 @@ The following list shows the supported values: +> [!IMPORTANT] +> AllowOnAccessProtection is officially being deprecated. +
                      From bd21da381f9641535f249286205de7199b2c96cc Mon Sep 17 00:00:00 2001 From: MandiOhlinger Date: Wed, 15 Dec 2021 18:58:09 -0500 Subject: [PATCH 245/335] Removing Windows 10 Mobile and Windows Phone --- .openpublishing.redirection.json | 62 +- ...onfiguration-service-provider-reference.md | 577 +++++---- .../client-management/mdm/devdetail-csp.md | 6 +- .../mdm/enterpriseappmanagement-csp.md | 535 -------- .../mdm/enterpriseassignedaccess-csp.md | 1116 ----------------- .../mdm/enterpriseassignedaccess-ddf.md | 328 ----- .../mdm/enterpriseassignedaccess-xsd.md | 270 ---- .../mdm/enterprisedataprotection-csp.md | 23 +- .../mdm/enterprisedataprotection-ddf-file.md | 23 - .../mdm/enterpriseext-csp.md | 386 ------ .../mdm/enterpriseext-ddf.md | 320 ----- .../mdm/enterpriseextfilessystem-csp.md | 140 --- .../mdm/enterpriseextfilesystem-ddf.md | 273 ---- .../mdm/enterprisemodernappmanagement-csp.md | 4 +- .../client-management/mdm/filesystem-csp.md | 107 -- .../mdm/healthattestation-csp.md | 2 +- windows/client-management/mdm/hotspot-csp.md | 200 --- ...ent-tool-for-windows-store-for-business.md | 2 +- windows/client-management/mdm/maps-csp.md | 175 --- .../client-management/mdm/maps-ddf-file.md | 125 -- .../client-management/mdm/networkproxy-csp.md | 36 +- .../mdm/oma-dm-protocol-support.md | 2 +- .../mdm/passportforwork-csp.md | 2 +- .../mdm/policy-csp-accounts.md | 6 - .../mdm/policy-csp-browser.md | 30 +- .../mdm/policy-csp-connectivity.md | 4 +- windows/client-management/mdm/toc.yml | 28 - 27 files changed, 382 insertions(+), 4400 deletions(-) delete mode 100644 windows/client-management/mdm/enterpriseappmanagement-csp.md delete mode 100644 windows/client-management/mdm/enterpriseassignedaccess-csp.md delete mode 100644 windows/client-management/mdm/enterpriseassignedaccess-ddf.md delete mode 100644 windows/client-management/mdm/enterpriseassignedaccess-xsd.md delete mode 100644 windows/client-management/mdm/enterpriseext-csp.md delete mode 100644 windows/client-management/mdm/enterpriseext-ddf.md delete mode 100644 windows/client-management/mdm/enterpriseextfilessystem-csp.md delete mode 100644 windows/client-management/mdm/enterpriseextfilesystem-ddf.md delete mode 100644 windows/client-management/mdm/filesystem-csp.md delete mode 100644 windows/client-management/mdm/hotspot-csp.md delete mode 100644 windows/client-management/mdm/maps-csp.md delete mode 100644 windows/client-management/mdm/maps-ddf-file.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1965f039f3..1261e72c0f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,5 +1,65 @@ { "redirections": [ + { + "source_path": "windows/client-management/mdm/maps-ddf-file.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/maps-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/hotspot-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/filesystem-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseext-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseext-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md", "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", @@ -16411,7 +16471,7 @@ "redirect_document_id": false }, { - "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md", + "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md", "redirect_url": "/microsoft-365/security/defender-endpoint/gov", "redirect_document_id": false }, diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 4790193f0a..36a38d6c45 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -35,9 +35,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -47,9 +47,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -59,9 +59,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -71,9 +71,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -83,9 +83,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -95,9 +95,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -107,9 +107,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -119,9 +119,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -131,9 +131,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -143,9 +143,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -155,9 +155,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -167,9 +167,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -179,9 +179,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -191,9 +191,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -203,9 +203,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -215,9 +215,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -227,9 +227,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -239,9 +239,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|Yes|Yes|Yes| @@ -251,9 +251,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -263,9 +263,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -275,9 +275,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -287,9 +287,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -299,9 +299,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -311,9 +311,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -323,9 +323,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -335,9 +335,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -347,9 +347,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -359,9 +359,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -371,9 +371,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -383,9 +383,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -395,9 +395,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -407,9 +407,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes| @@ -419,9 +419,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -431,9 +431,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -443,9 +443,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -455,9 +455,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -467,9 +467,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes| @@ -479,9 +479,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -491,9 +491,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes
                      [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes
                      [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes| @@ -503,9 +503,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -515,10 +515,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| - +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -527,9 +526,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -539,9 +538,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -551,9 +550,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -563,9 +562,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -575,9 +574,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -587,9 +586,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -599,9 +598,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -611,9 +610,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile|Mobile Enterprise| -|--- |--- |--- |--- |--- |--- |--- | -|Yes|Yes|No|Yes|Yes|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|No|Yes|Yes| @@ -622,9 +621,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -634,9 +633,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -646,9 +645,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -658,9 +657,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -670,9 +669,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -682,9 +681,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -694,9 +693,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -706,9 +705,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -718,9 +717,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -730,9 +729,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -742,9 +741,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -754,9 +753,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -766,9 +765,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes| @@ -778,9 +777,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -790,9 +789,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -802,9 +801,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -814,9 +813,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -826,9 +825,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -838,9 +837,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -850,9 +849,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -862,9 +861,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -874,9 +873,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -886,9 +885,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -898,9 +897,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -910,9 +909,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -922,9 +921,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -934,9 +933,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -946,9 +945,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -958,9 +957,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -970,9 +969,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -||||||| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|||||| @@ -982,9 +981,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -994,9 +993,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1006,9 +1005,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1018,9 +1017,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|Yes|Yes|Yes| @@ -1030,9 +1029,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1042,9 +1041,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -1054,9 +1053,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1066,9 +1065,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -||||||Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|||||| @@ -1078,9 +1077,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1090,9 +1089,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1102,9 +1101,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1114,9 +1113,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1126,9 +1125,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1139,9 +1138,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1151,9 +1150,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -1163,9 +1162,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1175,9 +1174,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -||||||Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|||||| diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 788d14f999..7a1c219d01 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -77,7 +77,7 @@ For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it r Supported operation is Get. **SwV** -Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge. +Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge. Supported operation is Get. @@ -114,6 +114,8 @@ Supported operation is Get. This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length. + + **Ext/Microsoft/RadioSwV** Required. Returns the radio stack software version number. diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md deleted file mode 100644 index 2b9c043f7c..0000000000 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ /dev/null @@ -1,535 +0,0 @@ ---- -title: EnterpriseAppManagement CSP -description: Handle enterprise application management tasks using EnterpriseAppManagement configuration service provider (CSP). -ms.assetid: 698b8bf4-652e-474b-97e4-381031357623 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# EnterpriseAppManagement CSP - - -The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment. - -> [!NOTE] -> The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile. - - - -The following shows the EnterpriseAppManagement configuration service provider in tree format. - -```console -./Vendor/MSFT -EnterpriseAppManagement -----EnterpriseID ---------EnrollmentToken ---------StoreProductID ---------StoreUri ---------CertificateSearchCriteria ---------Status ---------CRLCheck ---------EnterpriseApps -------------Inventory -----------------ProductID ---------------------Version ---------------------Title ---------------------Publisher ---------------------InstallDate -------------Download -----------------ProductID ---------------------Version ---------------------Name ---------------------URL ---------------------Status ---------------------LastError ---------------------LastErrorDesc ---------------------DownloadInstall -``` - -***EnterpriseID*** -Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications. - -Supported operations are Add, Delete, and Get. - -***EnterpriseID*/EnrollmentToken** -Required. Used to install or update the binary representation of the application enrollment token (AET) and initiate "phone home" token validation. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -***EnterpriseID*/StoreProductID** -Required. The node to host the ProductId node. Scope is dynamic. - -Supported operation is Get. - -**/StoreProductID/ProductId** -The character string that contains the ID of the first enterprise application (usually a Company Hub app), which is automatically installed on the device. Scope is dynamic. - -Supported operations are Get and Add. - -***EnterpriseID*/StoreUri** -Optional. The character string that contains the URI of the first enterprise application to be installed on the device. The enrollment client downloads and installs the application from this URI. Scope is dynamic. - -Supported operations are Get and Add. - -***EnterpriseID*/CertificateSearchCriteria** -Optional. The character string that contains the search criteria to search for the DM-enrolled client certificate. The certificate is used for client authentication during enterprise application download. The company's application content server should use the enterprise-enrolled client certificate to authenticate the device. The value must be a URL encoded representation of the X.500 distinguished name of the client certificates Subject property. The X.500 name must conform to the format required by the [CertStrToName](/windows/win32/api/wincrypt/nf-wincrypt-certstrtonamea) function. This search parameter is case sensitive. Scope is dynamic. - -Supported operations are Get and Add. - -> [!NOTE] -> Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00 - - - -***EnterpriseID*/Status** -Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic. - -Supported operation is Get. - -***EnterpriseID*/CRLCheck** -Optional. Character value that specifies whether the device should do a CRL check when using a certificate to authenticate the server. Valid values are "1" (CRL check required), "0" (CRL check not required). Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -***EnterpriseID*/EnterpriseApps** -Required. The root node to for individual enterprise application related settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). - -Supported operation is Get. - -**/EnterpriseApps/Inventory** -Required. The root node for individual enterprise application inventory settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). - -Supported operation is Get. - -**/Inventory/***ProductID* -Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Version** -Required. The character string that contains the current version of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Title** -Required. The character string that contains the name of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Publisher** -Required. The character string that contains the name of the publisher of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/InstallDate** -Required. The time (in the character format YYYY-MM-DD-HH:MM:SS) that the application was installed or updated. Scope is dynamic. - -Supported operation is Get. - -**/EnterpriseApps/Download** -Required. This node groups application download-related parameters. The enterprise server can only automatically update currently installed enterprise applications. The end user controls which enterprise applications to download and install. Scope is dynamic. - -Supported operation is Get. - -**/Download/***ProductID* -Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Version** -Optional. The character string that contains version information (set by the caller) for the application currently being downloaded. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Name** -Required. The character string that contains the name of the installed application. Scope is dynamic. - -Supported operation is Get. - -**/Download/*ProductID*/URL** -Optional. The character string that contains the URL for the updated version of the installed application. The device will download application updates from this link. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Status** -Required. The integer value that indicates the status of the current download process. The following table shows the possible values. - -|Value|Description| -|--- |--- | -|0: CONFIRM|Waiting for confirmation from user.| -|1: QUEUED|Waiting for download to start.| -|2: DOWNLOADING|In the process of downloading.| -|3: DOWNLOADED|Waiting for installation to start.| -|4: INSTALLING|Handed off for installation.| -|5: INSTALLED|Successfully installed| -|6: FAILED|Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)| -|7:DOWNLOAD_FAILED|Unable to connect to server, file doesn't exist, etc.| - -Scope is dynamic. Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/LastError** -Required. The integer value that indicates the HRESULT of the last error code. If there are no errors, the value is 0 (S\_OK). Scope is dynamic. - -Supported operation is Get. - -**/Download/*ProductID*/LastErrorDesc** -Required. The character string that contains the human readable description of the last error code. - -**/Download/*ProductID*/DownloadInstall** -Required. The node to allow the server to trigger the download and installation for an updated version of the user installed application. The format for this node is null. The server must query the device later to determine the status. For each product ID, the status field is retained for up to one week. Scope is dynamic. - -Supported operation is Exec. - -## Remarks - - -### Install and Update Line of Business (LOB) applications - -A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support a variety of file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section. - -### Uninstall Line of Business (LOB) applications - -A workplace can also remotely uninstall Line of Business applications on the device. It is not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that are not installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section - -### Query installed Store application - -You can determine if a Store application is installed on a system. First, you need the Store application GUID. You can get the Store application GUID by going to the URL for the Store application. - -The Microsoft Store application has a GUID of d5dc1ebb-a7f1-df11-9264-00237de2db9e. - -Use the following SyncML format to query to see if the application is installed on a managed device: - -```xml - - 1 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D - - - -``` - -Response from the device (it contains list of subnodes if this app is installed in the device). - -```xml - - 3 - 1 - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D - - - node - - -Version/Title/Publisher/InstallDate - - -``` - -### Node Values - -All node values under the ProviderID interior node represent the policy values that the management server wants to set. - -- An Add or Replace command on those nodes returns success in both of the following cases: - - - The value is actually applied to the device. - - - The value isn’t applied to the device because the device has a more secure value set already. - -From a security perspective, the device complies with the policy request that is at least as secure as the one requested. - -- A Get command on those nodes returns the value that the server pushes down to the device. - -- If a Replace command fails, the node value is set to be the previous value before Replace command was applied. - -- If an Add command fails, the node is not created. - -The value actually applied to the device can be queried via the nodes under the DeviceValue interior node. - -## OMA DM examples - - -Enroll enterprise ID “4000000001” for the first time: - -```xml - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken - - - chr - - InsertTokenHere - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/CertificateSearchCriteria - - - - chr - - SearchCriteriaInsertedHere - - -``` - -Update the enrollment token (for example, to update an expired application enrollment token): - -```xml - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken - - - chr - - InsertUpdaedTokenHere - - -``` - -Query all installed applications that belong to enterprise id “4000000001”: - -```xml - - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory?list=StructData - - - - -``` - -Response from the device (that contains two installed applications): - -```xml - - 3 - 1 - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version - - - 1.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title - - - Sample1 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher - - - ExamplePublisher - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate - - - 2012-10-30T21:09:52Z - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version - - - 1.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title - - - Sample2 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher - - - Contoso - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate - - - 2012-10-31T21:23:31Z - - -``` - -## Install and update an enterprise application - - -Install or update the installed app with the product ID “{B316008A-141D-4A79-810F-8B764C4CFDFB}”. - -To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog. - -> [!NOTE] -> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). -> -> - The application product ID curly braces need to be escaped where { is %7B and } is %7D. - - - -```xml - - 2 - - - 3 - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Name - - - - chr - - ContosoApp1 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/URL - - - - chr - - http://contoso.com/enterpriseapps/ContosoApp1.xap - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Version - - - chr - - 2.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall - - - 1 - - - - 4 - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall - - - - int - - 0 - - - -``` - -## Uninstall enterprise application - - -Uninstall an installed enterprise application with product ID “{7BB316008A-141D-4A79-810F-8B764C4CFDFB }”: - -```xml - - - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D - - - - - - -``` - -## Related topics - - -[Configuration service provider reference](configuration-service-provider-reference.md) - - - diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md deleted file mode 100644 index d13206d6cb..0000000000 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ /dev/null @@ -1,1116 +0,0 @@ ---- -title: EnterpriseAssignedAccess CSP -description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device. -ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 07/12/2017 ---- - -# EnterpriseAssignedAccess CSP - - -The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings, such as language and themes, lock down a device, and configure custom layouts on a device. For example, the administrator can lock down a device so that only applications specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view and blocked from launching. - -> [!NOTE] -> The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. - -For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile). - -The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. - -```console -./Vendor/MSFT -EnterpriseAssignedAccess -----AssignedAccess ---------AssignedAccessXml -----LockScreenWallpaper ---------BGFileName -----Theme ---------ThemeBackground ---------ThemeAccentColorID ---------ThemeAccentColorValue -----Clock ---------TimeZone -----Locale ---------Language -``` - -The following list shows the characteristics and parameters. - -**./Vendor/MSFT/EnterpriseAssignedAccess/** -The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace. - -**AssignedAccess/** -The parent node of assigned access XML. - -**AssignedAccess/AssignedAccessXml** -The XML code that controls the assigned access settings that will be applied to the device. - -Supported operations are Add, Delete, Get and Replace. - -The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML. - -> [!IMPORTANT] -> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. - -When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters. - -Entry | Description ------------ | ------------ -ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center. -ActionCenter | Example: `` -ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md) -ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `` -ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `` -StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. -StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` -Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. -Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `` -Application | modern app notification -Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically. - -Application example: -```xml - - - Large - - 0 - 2 - - - -``` - -Entry | Description ------------ | ------------ -Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. The following example shows how to pin both Outlook mail and Outlook calendar. - -Application example: -```xml - - - - - Large - - 1 - 4 - - - - - - - Large - - 1 - 6 - - - - -``` - -Entry | Description ------------ | ------------ -Folder | A folder should be contained in `` node among with other `` nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. - -Folder example: -```xml - - - Large - - 0 - 2 - - - -``` -An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder. - -```xml - - - Medium - - 0 - 0 - - 2 - - -``` - -Entry | Description ------------ | ------------ -Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages. - -
                        -
                      • System (main menu) - SettingsPageGroupPCSystem -
                          -
                        • Display - SettingsPageDisplay
                          • -
                        • Notifications & actions - SettingsPageAppsNotifications
                          • -
                        • Phone - SettingsPageCalls
                          • -
                        • Messaging - SettingsPageMessaging
                          • -
                        • Battery saver - SettingsPageBatterySaver
                          • -
                        • Storage - SettingsPageStorageSenseStorageOverview
                          • -
                        • Driving mode - SettingsPageDrivingMode
                          • -
                        • Offline maps - SettingsPageMaps
                          • -
                        • About - SettingsPagePCSystemInfo
                          • -
                        • Apps for websites - SettingsPageAppsForWebsites
                          • -
                        • -
                      • Devices (main menu) - SettingsPageGroupDevices -
                          -
                        • Default camera - SettingsPagePhotos
                          • -
                        • Bluetooth - SettingsPagePCSystemBluetooth
                          • -
                        • NFC - SettingsPagePhoneNFC
                          • -
                        • Mouse - SettingsPageMouseTouchpad
                          • -
                        • USB - SettingsPageUsb
                          • -
                        • -
                      • Network and wireless (main menu) - SettingsPageGroupNetwork -
                          -
                        • Cellular and SIM - SettingsPageNetworkCellular
                          • -
                        • Wi-Fi - SettingsPageNetworkWiFi
                          • -
                        • Airplane mode - SettingsPageNetworkAirplaneMode
                          • -
                        • Data usage - SettingsPageDataSenseOverview
                          • -
                        • Mobile hotspot - SettingsPageNetworkMobileHotspot
                          • -
                        • VPN - SettingsPageNetworkVPN
                          • -
                        • -
                        • -
                      • Personalization (main menu) - SettingsPageGroupPersonalization -
                          -
                        • Start - SettingsPageBackGround
                          • -
                        • Colors - SettingsPageColors
                          • -
                        • Sounds - SettingsPageSounds
                          • -
                        • Lock screen - SettingsPageLockscreen
                          • -
                        • Glance - SettingsPageGlance
                          • -
                        • Navigation bar - SettingsNavigationBar
                          • -
                        • -
                      • Accounts (main menu) - SettingsPageGroupAccounts -
                          -
                        • Your account - SettingsPageAccountsPicture
                          • -
                        • Sign-in options - SettingsPageAccountsSignInOptions
                          • -
                        • Work access - SettingsPageWorkAccess
                          • -
                        • Sync your settings - SettingsPageAccountsSync
                          • -
                        • Apps corner* - SettingsPageAppsCorner
                          • -
                        • Email - SettingsPageAccountsEmailApp
                          • -
                        • -
                      • Time and language (main menu) - SettingsPageGroupTimeRegion -
                          -
                        • Date and time - SettingsPageTimeRegionDateTime
                          • -
                        • Language - SettingsPageTimeLanguage
                          • -
                        • Region - SettingsPageRegion
                          • -
                        • Keyboard - SettingsPageKeyboard
                          • -
                        • Speech - SettingsPageSpeech
                          • -
                        • -
                      • Ease of access (main menu) - SettingsPageGroupEaseOfAccess -
                          -
                        • Narrator - SettingsPageEaseOfAccessNarrator
                          • -
                        • Magnifier - SettingsPageEaseOfAccessMagnifier
                          • -
                        • High contrast - SettingsPageEaseOfAccessHighContrast
                          • -
                        • Closed captions - SettingsPageEaseOfAccessClosedCaptioning
                          • -
                        • More options - SettingsPageEaseOfAccessMoreOptions
                          • -
                        • -
                      • Privacy (main menu) - SettingsPageGroupPrivacy -
                          -
                        • Location - SettingsPagePrivacyLocation
                          • -
                        • Camera - SettingsPagePrivacyWebcam
                          • -
                        • Microphone - SettingsPagePrivacyMicrophone
                          • -
                        • Motion - SettingsPagePrivacyMotionData
                          • -
                        • Speech inking and typing - SettingsPagePrivacyPersonalization
                          • -
                        • Account info - SettingsPagePrivacyAccountInfo
                          • -
                        • Contacts - SettingsPagePrivacyContacts
                          • -
                        • Calendar - SettingsPagePrivacyCalendar
                          • -
                        • Messaging - SettingsPagePrivacyMessaging
                          • -
                        • Radios - SettingsPagePrivacyRadios
                          • -
                        • Background apps - SettingsPagePrivacyBackgroundApps
                          • -
                        • Accessory apps - SettingsPageAccessories
                          • -
                        • Advertising ID - SettingsPagePrivacyAdvertisingId
                          • -
                        • Other devices - SettingsPagePrivacyCustomPeripherals
                          • -
                        • Feedback & diagnostics - SettingsPagePrivacySIUFSettings
                          • -
                        • Call history - SettingsPagePrivacyCallHistory
                          • -
                        • Email - SettingsPagePrivacyEmail
                          • -
                        • Phone call - SettingsPagePrivacyPhoneCall
                          • -
                        • Notifications - SettingsPagePrivacyNotifications
                          • -
                        • CDP - SettingsPagePrivacyCDP
                          • -
                        • -
                      • Update and Security (main menu) - SettingsPageGroupRestore -
                          -
                        • Phone update - SettingsPageRestoreMusUpdate
                          • -
                        • Backup - SettingsPageRestoreOneBackup
                          • -
                        • Find my phone - SettingsPageFindMyDevice
                          • -
                        • For developers - SettingsPageSystemDeveloperOptions
                          • -
                        • Windows Insider Program - SettingsPageFlights
                          • -
                        • Device encryption - SettingsPageGroupPCSystemDeviceEncryption
                          • -
                        • -
                      • OEM (main menu) - SettingsPageGroupExtensibility -
                          -
                        • Extensibility - SettingsPageExtensibility
                          • -
                        • -
                      - -Entry | Description ------------ | ------------ -Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI. - -For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page. - -Here is an example for Windows 10, version 1703. - -```xml - - - - - - - - - -``` - -**Quick action settings** - -Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). - -> [!NOTE] -> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. - -
                        -

                      • SystemSettings_System_Display_QuickAction_Brightness

                        -

                        Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay

                        • -

                      • SystemSettings_System_Display_Internal_Rotation

                        -

                        Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay

                        • -

                      • SystemSettings_QuickAction_WiFi

                        -

                        Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkWiFi

                        • -

                      • SystemSettings_QuickAction_InternetSharing

                        -

                        Dependencies - SettingsPageGroupNetwork, SettingsPageInternetSharing

                        • -

                      • SystemSettings_QuickAction_CellularData

                        -

                        Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkCellular

                        • -

                      • SystemSettings_QuickAction_AirplaneMode

                        -

                        Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkAirplaneMode

                        • -

                      • SystemSettings_Privacy_LocationEnabledUserPhone

                        -

                        Dependencies - SettingsGroupPrivacyLocationGlobals, SettingsPagePrivacyLocation

                        • -

                      • SystemSettings_Network_VPN_QuickAction

                        -

                        Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkVPN

                        • -

                      • SystemSettings_Launcher_QuickNote

                        -

                        Dependencies - none

                        • -

                      • SystemSettings_Flashlight_Toggle

                        -

                        Dependencies - none

                        • -

                      • SystemSettings_Device_BluetoothQuickAction

                        -

                        Dependencies - SettingsPageGroupDevices, SettingsPagePCSystemBluetooth

                        • -

                      • SystemSettings_BatterySaver_LandingPage_OverrideControl

                        -

                        Dependencies - BatterySaver_LandingPage_SettingsConfiguration, SettingsPageBatterySaver

                        • -

                      • QuickActions_Launcher_DeviceDiscovery

                        -

                        Dependencies - none

                        • -

                      • QuickActions_Launcher_AllSettings

                        -

                        Dependencies - none

                        • -

                      • SystemSettings_QuickAction_QuietHours

                        -

                        Dependencies - none

                        • -

                      • SystemSettings_QuickAction_Camera

                        -

                        Dependencies - none

                        • -
                      - -Starting in Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. Here is the list: -- QuickActions_Launcher_AllSettings -- QuickActions_Launcher_DeviceDiscovery -- SystemSettings_BatterySaver_LandingPage_OverrideControl -- SystemSettings_Device_BluetoothQuickAction -- SystemSettings_Flashlight_Toggle -- SystemSettings_Launcher_QuickNote -- SystemSettings_Network_VPN_QuickAction -- SystemSettings_Privacy_LocationEnabledUserPhone -- SystemSettings_QuickAction_AirplaneMode -- SystemSettings_QuickAction_Camera -- SystemSettings_QuickAction_CellularData -- SystemSettings_QuickAction_InternetSharing -- SystemSettings_QuickAction_QuietHours -- SystemSettings_QuickAction_WiFi -- SystemSettings_System_Display_Internal_Rotation -- SystemSettings_System_Display_QuickAction_Brightness - - -In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked. - -```xml - - -``` - -In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names. - -```xml - - - - - - - - - - - - -``` -Here is an example for Windows 10, version 1703. - -```xml - - - - - - - - - -``` - -Entry | Description ------------ | ------------ -Buttons | The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen. - -
                        -

                      • Start

                        -

                      • Back

                        • -

                      • Search

                        • -

                      • Camera

                        • -

                      • Custom1

                        • -

                      • Custom2

                        • -

                      • Custom3

                        • -
                      - -> [!NOTE] -> Lock down of the Start button only prevents the press and hold event. -> -> Custom buttons are hardware buttons that can be added to devices by OEMs. - -Buttons example: -```xml - - - - - - - - - -``` -The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users. - -> [!NOTE] -> The lockdown settings for a button, per user role, will apply regardless of the button mapping. -> -> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role. - -To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. - -```xml - - - -``` -**Disabling navigation buttons** -To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press"). - -The following section contains a sample lockdown XML file that shows how to disable navigation buttons. - -```xml - - - - - - - - - Large - - 0 - 0 - - - - - - - - Small - - 2 - 2 - - - - - - - - - - - - - - - - - - - - - - - - - Small - - -``` - -Entry | Description ------------ | ------------ -MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create. - -> [!IMPORTANT] -> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps. - -MenuItems example: - -```xml - - - -``` - -Entry | Description ------------ | ------------ -Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. - -> [!IMPORTANT] -> If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. - -The following sample file contains configuration for enabling tile manipulation. - -> [!NOTE] -> Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node. - -```xml - - - - - - - - - Large - - 0 - 0 - - - - - - - - Small - - 2 - 2 - - - - - - - - - - - - - - - - - - - - - - - - - Small - - -``` - -Entry | Description ------------ | ------------ -CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role. - - -**LockscreenWallpaper/** -The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace. - -**LockscreenWallpaper/BGFileName** -The file name of the lock screen. The image file for the lock screen can be in .jpg or .png format and must not exceed 2 MB. The file name can also be in the Universal Naming Convention (UNC) format, in which case the device downloads it from the shared network and then sets it as the lock screen wallpaper. - -Supported operations are Add, Get, and Replace. - -**Theme/** -The parent node of theme-related parameters. - -Supported operations are Add, Delete, Get and Replace. - -**Theme/ThemeBackground** -Indicates whether the background color is light or dark. Set to **0** for light; set to **1** for dark. - -Supported operations are Get and Replace. - -**Theme/ThemeAccentColorID** -The accent color to apply as the foreground color for tiles, controls, and other visual elements on the device. The following table shows the possible values. - -|Value|Description| -|--- |--- | -|0|Lime| -|1|Green| -|2|Emerald| -|3|Teal (Viridian)| -|4|Cyan (Blue)| -|5|Cobalt| -|6|Indigo| -|7|Violet (Purple)| -|8|Pink| -|9|Magenta| -|10|Crimson| -|11|Red| -|12|Orange (Mango)| -|13|Amber| -|14|Yellow| -|15|Brown| -|16|Olive| -|17|Steel| -|18|Mauve| -|19|Sienna| -|101 through 104|Optional colors, as defined by the OEM| -|151|Custom accent color for Enterprise| - -Supported operations are Get and Replace. - -**Theme/ThemeAccentColorValue** -A 6-character string for the accent color to apply to controls and other visual elements. - -To use a custom accent color for Enterprise, enter **151** for *ThemeAccentColorID* before *ThemeAccentColorValue* in lockdown XML. *ThemeAccentColorValue* configures the custom accent color using hex values for red, green, and blue, in RRGGBB format. For example, enter FF0000 for red. - -Supported operations are Get and Replace. - -**PersistData** -Not supported in Windows 10. - -The parent node of whether to persist data that has been provisioned on the device. - -**PersistData/PersistProvisionedData** -Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CSP](remotewipe-csp.md) instead. - -**Clock/TimeZone/** -An integer that specifies the time zone of the device. The following table shows the possible values. - -Supported operations are Get and Replace. - -|Value|Time zone| -|--- |--- | -|0|UTC-12 International Date Line West| -|100|UTC+13 Samoa| -|110|UTC-11 Coordinated Universal Time-11| -|200|UTC-10 Hawaii| -|300|UTC-09 Alaska| -|400|UTC-08 Pacific Time (US & Canada)| -|410|UTC-08 Baja California| -|500|UTC-07 Mountain Time (US & Canada)| -|510|UTC-07 Chihuahua, La Paz, Mazatlan| -|520|UTC-07 Arizona| -|600|UTC-06 Saskatchewan| -|610|UTC-06 Central America| -|620|UTC-06 Central Time (US & Canada)| -|630|UTC-06 Guadalajara, Mexico City, Monterrey| -|700|UTC-05 Eastern Time (US & Canada)| -|710|UTC-05 Bogota, Lima, Quito| -|720|UTC-05 Indiana (East)| -|800|UTC-04 Atlantic Time (Canada)| -|810|UTC-04 Cuiaba| -|820|UTC-04 Santiago| -|830|UTC-04 Georgetown, La Paz, Manaus, San Juan| -|840|UTC-04 Caracas| -|850|UTC-04 Asuncion| -|900|UTC-03:30 Newfoundland| -|910|UTC-03 Brasilia| -|920|UTC-03 Greenland| -|930|UTC-03 Montevideo| -|940|UTC-03 Cayenne, Fortaleza| -|950|UTC-03 Buenos Aires| -|960|UTC-03 Salvador| -|1000|UTC-02 Mid-Atlantic| -|1010|UTC-02 Coordinated Universal Time-02| -|1100|UTC-01 Azores| -|1110|UTC-01 Cabo Verde| -|1200|UTC Dublin, Edinburgh, Lisbon, London| -|1210|UTC Monrovia, Reykjavik| -|1220|UTC Casablanca| -|1230|UTC Coordinated Universal Time| -|1300|UTC+01 Belgrade, Bratislava, Budapest, Ljubljana, Prague| -|1310|UTC+01 Sarajevo, Skopje, Warsaw, Zagreb| -|1320|UTC+01 Brussels, Copenhagen, Madrid, Paris| -|1330|UTC+01 West Central Africa| -|1340|UTC+01 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna| -|1350|UTC+01 Windhoek| -|1360|UTC+01 Tripoli| -|1400|UTC+02 E. Europe| -|1410|UTC+02 Cairo| -|1420|UTC+02 Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius| -|1430|UTC+02 Athens, Bucharest| -|1440|UTC+02 Jerusalem| -|1450|UTC+02 Amman| -|1460|UTC+02 Beirut| -|1470|UTC+02 Harare, Pretoria| -|1480|UTC+02 Damascus| -|1490|UTC+02 Istanbul| -|1500|UTC+03 Kuwait, Riyadh| -|1510|UTC+03 Baghdad| -|1520|UTC+03 Nairobi| -|1530|UTC+03 Kaliningrad, Minsk| -|1540|UTC+04 Moscow, St. Petersburg, Volgograd| -|1550|UTC+03 Tehran| -|1600|UTC+04 Abu Dhabi, Muscat| -|1610|UTC+04 Baku| -|1620|UTC+04 Yerevan| -|1630|UTC+04 Kabul| -|1640|UTC+04 Tbilisi| -|1650|UTC+04 Port Louis| -|1700|UTC+06 Ekaterinburg| -|1710|UTC+05 Tashkent| -|1720|UTC+05 Chennai, Kolkata, Mumbai, New Delhi| -|1730|UTC+05 Sri Jayawardenepura| -|1740|UTC+05 Kathmandu| -|1750|UTC+05 Islamabad, Karachi| -|1800|UTC+06 Astana| -|1810|UTC+07 Novosibirsk| -|1820|UTC+06 Yangon (Rangoon)| -|1830|UTC+06 Dhaka| -|1900|UTC+08 Krasnoyarsk| -|1910|UTC+07 Bangkok, Hanoi, Jakarta| -|1900|UTC+08 Krasnoyarsk| -|2000|UTC+08 Beijing, Chongqing, Hong Kong SAR, Urumqi| -|2010|UTC+09 Irkutsk| -|2020|UTC+08 Kuala Lumpur, Singapore| -|2030|UTC+08 Taipei| -|2040|UTC+08 Perth| -|2050|UTC+08 Ulaanbaatar| -|2100|UTC+09 Seoul| -|2110|UTC+09 Osaka, Sapporo, Tokyo| -|2120|UTC+10 Yakutsk| -|2130|UTC+09 Darwin| -|2140|UTC+09 Adelaide| -|2200|UTC+10 Canberra, Melbourne, Sydney| -|2210|UTC+10 Brisbane| -|2220|UTC+10 Hobart| -|2230|UTC+11 Vladivostok| -|2240|UTC+10 Guam, Port Moresby| -|2300|UTC+11 Solomon Is., New Caledonia| -|2310|UTC+12 Magadan| -|2400|UTC+12 Fiji| -|2410|UTC+12 Auckland, Wellington| -|2420|UTC+12 Petropavlovsk-Kamchatsky| -|2430|UTC+12 Coordinated Universal Time +12| -|2500|UTC+13 Nuku'alofa| - -**Locale/Language/** -The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c). - -The language setting is configured in the Default User profile only. - -> [!NOTE] -> Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required. - -Supported operations are Get and Replace. - -## OMA client provisioning examples - - -The XML examples in this section show how to perform various tasks by using OMA client provisioning. - -> [!NOTE] -> These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file. - - - -### Assigned Access settings - -The following example shows how to add a new policy. - -```xml - - - - "/> - - - -``` - -### Language - -The following example shows how to specify the language to display on the device. - -```xml - - - - - - -``` - -## OMA DM examples - - -These XML examples show how to perform various tasks using OMA DM. - -### Assigned access settings - -The following example shows how to lock down a device. - -```xml - - - - 2 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml - -