From 6c954f96b86dac859d4bee61c68d87964c8cd377 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 25 Mar 2019 17:39:17 -0700 Subject: [PATCH 001/118] info prot --- ...ormation-protection-in-windows-overview.md | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md index 976dfff7e4..870dab0be9 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 12/05/2018 --- # Information protection in Windows overview @@ -38,14 +37,28 @@ Windows Defender ATP applies two methods to discover and protect data: ## Data discovery -Windows Defender ATP automatically discovers files with sensitivity labels on Windows devices when the feature is enabled. You can enable the Azure Information Protection integration feature from Windows Defender Security Center. For more information, see [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md#azure-information-protection). +Windows Defender ATP automatically discovers files with sensitivity labels and files that contain sensitive information types. +Sensitivity labels classify and help protect sensitive content. + + +Sensitive information types in the Office 365 data loss prevention (DLP) implementation fall under two categories: +- Default +- Custom + +Default sensitive information types include information such as bank account numbers, social security numbers, or national IDs. For more information, see [What the sensitive information type look for](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for). + +Custom types are ones that you define and is designed to protect a different type of sensitive information (for example, employee IDs or project numbers). For more information see, [Create a custom sensitive information type](https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-type). + + + +When a file is created or edited on a Windows device, Windows Defender ATP scans the content to evaluate if it contains sensitive information. + +Turn on the Azure Information Protection integration so that when a file that contains sensitive information is discovered by Windows Defender ATP though labels or information types, it is automatically forwarded to Azure Information Protection from the device. ![Image of settings page with Azure Information Protection](images/atp-settings-aip.png) -After enabling the Azure Information Protection integration, data discovery signals are immediately forwarded to Azure Information Protection from the device. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically reports the signal to Azure Information Protection. - -The reported signals can be viewed on the Azure Information Protection - Data discovery dashboard. +The reported signals can be viewed on the Azure Information Protection – Data discovery dashboard. ### Azure Information Protection - Data discovery dashboard This dashboard presents a summarized discovery information of data discovered by both Windows Defender ATP and Azure Information Protection. Data from Windows Defender ATP is marked with Location Type - Endpoint. From 6afaaaaebf60a2e857cdc57239ffc3270212f4c2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 May 2019 17:51:58 -0700 Subject: [PATCH 002/118] add auto labeling content --- ...nformation-protection-in-windows-config.md | 20 ++++++++++++-- ...ormation-protection-in-windows-overview.md | 26 +++++++++++++++---- 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md index a8696ec1d9..092c8798c9 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 12/05/2018 --- # Configure information protection in Windows @@ -32,7 +31,7 @@ Learn how you can use Windows Defender ATP to expand the coverage of Windows Inf - Your tenant needs to be onboarded to Azure Information Protection analytics, for more information see, [Configure a Log Analytics workspace for the reports](https://docs.microsoft.comazure/information-protection/reports-aip#configure-a-log-analytics-workspace-for-the-reports) -## Configuration steps +## Configure endpoint data loss prevention 1. Define a WIP policy and assign it to the relevant devices. For more information, see [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). If WIP is already configured on the relevant devices, skip this step. 2. Define which labels need to get WIP protection in Office 365 Security and Compliance. @@ -50,5 +49,22 @@ After completing these steps Windows Defender ATP will automatically identify la >- The Windows Defender ATP configuration is pulled every 15 minutes. Allow up to 30 minutes for the new policy to take effect and ensure that the endpoint is online. Otherwise, it will not receive the policy. >- Data forwarded to Azure Information Protection is stored in the same location as your other Azure Information Protection data. + +## Configure auto labeling +1. In Office 365 Security & Compliance, go to **Classifications > Labels**. + +2. Create a new label or edit an existing one. + + +3. Set a policy for Data classification: + + 1. Go through the label creation wizard. + 2. When you reach the Auto labeling page, turn on auto labeling toggle on. + 3. Add a new auto-labeling rule with the conditions that you require. + 4. Validate that ‘When content matches these conditions’ setting is set to ‘Automatically apply the label’. + + + + ## Related topic - [Information protection in Windows overview](information-protection-in-windows-overview.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md index 870dab0be9..8c87317f15 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md @@ -31,12 +31,13 @@ Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to > Read our blog post about how [Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/). -Windows Defender ATP applies two methods to discover and protect data: +Windows Defender ATP applies the following methods to discover, classify, and protect data: - **Data discovery** - Identify sensitive data on Windows devices at risk +- **Data classification** - Automatically classify data based on common Microsoft Information Protection (MIP) policies managed in Office 365 Security & Compliance Center. Auto-classification allows you to protect sensitive data even if the end user hasn’t manually classified it. - **Data protection** - Windows Information Protection (WIP) as outcome of Azure Information Protection label -## Data discovery +## Data discovery and data classification Windows Defender ATP automatically discovers files with sensitivity labels and files that contain sensitive information types. Sensitivity labels classify and help protect sensitive content. @@ -51,7 +52,6 @@ Default sensitive information types include information such as bank account num Custom types are ones that you define and is designed to protect a different type of sensitive information (for example, employee IDs or project numbers). For more information see, [Create a custom sensitive information type](https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-type). - When a file is created or edited on a Windows device, Windows Defender ATP scans the content to evaluate if it contains sensitive information. Turn on the Azure Information Protection integration so that when a file that contains sensitive information is discovered by Windows Defender ATP though labels or information types, it is automatically forwarded to Azure Information Protection from the device. @@ -96,10 +96,15 @@ InformationProtectionLogs_CL ## Data protection -For data to be protected, they must first be identified through labels. Sensitivity labels are created in Office Security and Compliance (SCC). Windows Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them. +### Endpoint data loss prevention +For data to be protected, they must first be identified through labels. -When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Windows Defender ATP is the Data loss prevention. You'll need to turn on the Data loss prevention and select Enable Windows end point protection (DLP for devices). +Sensitivity labels are created in Office 365 Security & Compliance Center. Windows Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them. + +When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Windows Defender ATP is the Endpoint data loss prevention. + +For the endpoint data loss prevention, you'll need to turn on the Endpoint Data loss prevention and select Enable Windows end point protection (DLP for devices). ![Image of Office 365 Security and Compliance sensitivity label](images/office-scc-label.png) @@ -108,6 +113,17 @@ Once, the policy is set and published, Windows Defender ATP automatically enable This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin. +For more information, see [Configure information protection in Windows](information-protection-in-windows-config.md). + +## Auto labeling + +Auto labeling is another way to protect data and can also be configured in Office 365 Security & Compliance Center. When Windows Defender ATP scans the content of a file in a Windows device and finds that it contains sensitive information, it will automatically apply a label to it even if the user hasn't manually classified it. + +> [!NOTE] +> Auto-labeling is supported in Office apps only when the Azure Information Protection unified labeling client is installed. When sensitive content is detected in email or documents matching the conditions you choose, a label can automatically be applied or a message can be shown to users recommending they apply it themselves. + + + For more information, see [Configure information protection in Windows](information-protection-in-windows-config.md). From 87a472e9d90efad9c2e61a21fafba545decb4e2e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 May 2019 18:01:45 -0700 Subject: [PATCH 003/118] Update information-protection-in-windows-overview.md --- .../information-protection-in-windows-overview.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md index 8c87317f15..9d98ef9db0 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md @@ -60,7 +60,7 @@ Turn on the Azure Information Protection integration so that when a file that co The reported signals can be viewed on the Azure Information Protection – Data discovery dashboard. -### Azure Information Protection - Data discovery dashboard +## Azure Information Protection - Data discovery dashboard This dashboard presents a summarized discovery information of data discovered by both Windows Defender ATP and Azure Information Protection. Data from Windows Defender ATP is marked with Location Type - Endpoint. ![Image of Azure Information Protection - Data discovery](images/azure-data-discovery.png) @@ -68,13 +68,15 @@ This dashboard presents a summarized discovery information of data discovered by Notice the Device Risk column on the right, this device risk is derived directly from Windows Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Windows Defender ATP. -Clicking the device risk level will redirect you to the device page in Windows Defender ATP, where you can get a comprehensive view of the device security status and its active alerts. - +Click on a device to view a list of files observed on this device, with their sensitivity labels and information types. >[!NOTE] ->Windows Defender ATP does not currently report the Information Types. +>Please allow approximately 15-20 minutes for the Azure Information Protection Dashboard Discovery to reflect discovered files. -### Log Analytics + + + +## Log Analytics Data discovery based on Windows Defender ATP is also available in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-overview), where you can perform complex queries over the raw data. For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip). From 629e5413e04f63ca6f37b8ef1d325c5d649b0368 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 May 2019 18:05:55 -0700 Subject: [PATCH 004/118] Update information-protection-in-windows-config.md space --- .../information-protection-in-windows-config.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md index 092c8798c9..4be3024686 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md @@ -66,5 +66,6 @@ After completing these steps Windows Defender ATP will automatically identify la + ## Related topic - [Information protection in Windows overview](information-protection-in-windows-overview.md) \ No newline at end of file From 9178e4ce729b15b09e800c8c4e43e737fe806cc6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 10 May 2019 09:52:59 -0700 Subject: [PATCH 005/118] Added 19H1 new policy doc and policy --- .../policy-configuration-service-provider.md | 9 ++ .../mdm/policy-csp-servicecontrolmanager.md | 115 ++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-servicecontrolmanager.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a27926a537..58bba60460 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2927,6 +2927,13 @@ The following diagram shows the Policy configuration service provider in tree fo +### ServiceControlManager policies +
+
+ ServiceControlManager/SvchostProcessMitigation +
+
+ ### Settings policies
@@ -4112,6 +4119,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses) - [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells) - [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) +- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation) - [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) @@ -4833,6 +4841,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb) - [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries) - [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready) +- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation) - [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips) - [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar) - [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md new file mode 100644 index 0000000000..a2558d44fc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -0,0 +1,115 @@ +--- +title: Policy CSP - ServiceControlManager +description: Policy CSP - ServiceControlManager +ms.author: Heidi.Lohr +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: Heidilohr +ms.date: 05/10/2019 +--- + +# Policy CSP - ServiceControlManager + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + + +
+ + +## ServiceControlManager policies + +
+
+ ServiceControlManager/SvchostProcessMitigation +
+
+ +
+ + +**ServiceControlManager/SvchostProcessMitigation** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcross markcheck mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting enables process mitigation options on svchost.exe processes. + +If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them. + +This includes Microsoft to sign a policy requiring all binaries loaded on SVCHOST processes and a policy disallowing dynamically generated code. + +If you disable or do not configure this policy setting, the stricter security settings will not be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable svchost.exe mitigation options* +- GP name: *SvchostProcessMitigationEnable* +- GP path: *System/Service Control Manager Settings/Security Settings* +- GP ADMX file name: *ServiceControlManager.admx* + + + +Supported values: +- disabled - Do not add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes. +- enabled - Add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes. + + + + + + + + + + + +
+ +Footnotes: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. +- 4 - Added in Windows 10, version 1803. +- 5 - Added in Windows 10, version 1809. +- 6 - Added in Windows 10, version 1903. \ No newline at end of file From 0698551ddba4bd99d3d06c7550a103103680f912 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Fri, 10 May 2019 12:52:08 -0500 Subject: [PATCH 006/118] Update hello-hybrid-key-trust-prereqs.md --- .../hello-hybrid-key-trust-prereqs.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 1993139da7..73a2919976 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -58,7 +58,20 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012. +The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can use a 3rd Party enterprise certification authority too. The detailed requieriments for the Domain Controller certificate are shown below. + +* The certificate must have a CRL distribution-point extension that points to a valid certificate revocation list (CRL). +* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name) +* The certificate Key Usage section must contain: +Digital Signature, Key Encipherment +* Optionally, the certificate Basic Constraints section should contain: +[Subject Type=End Entity, Path Length Constraint=None] +* The certificate Enhanced Key Usage section must contain: Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1) +* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. +* The certificate template must have an extension that has the BMP data value "DomainController." +* The domain controller certificate must be installed in the local computer's certificate store + + > [!IMPORTANT] > For Azure AD joined device to authenticate to and use on-premises resources, ensure you: From d51bdc2327b1e520721a2e53b33a06aadaa75113 Mon Sep 17 00:00:00 2001 From: illfated Date: Fri, 19 Apr 2019 16:45:28 +0200 Subject: [PATCH 007/118] Surface Hub: note for creating accounts using EAC According to user feedback, using the Exchange Admin Center to create Surface Hub device user accounts requires on-premises Active Directory to synchronize from, for that method to work. Closes #3295 --- devices/surface-hub/create-a-device-account-using-office-365.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index 2d52e698c0..7166019087 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -217,6 +217,8 @@ In order to enable Skype for Business, your environment will need to meet the fo ## Create a device account using the Exchange Admin Center +>[!NOTE] +>This method will only work if you have an on-premises Active Directory that you are syncing from. You can use the Exchange Admin Center to create a device account: From d42a7b0c3b97ca0c8f40495219e917f95e764845 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 11:57:49 -0500 Subject: [PATCH 008/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 73a2919976..2e9bd1375c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -58,7 +58,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can use a 3rd Party enterprise certification authority too. The detailed requieriments for the Domain Controller certificate are shown below. +The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below. * The certificate must have a CRL distribution-point extension that points to a valid certificate revocation list (CRL). * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name) From 250089d828d765c881cb41693a911bf249907ea8 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 11:58:41 -0500 Subject: [PATCH 009/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 2e9bd1375c..cfa4d2724c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -60,7 +60,7 @@ Key trust deployments do not need client issued certificates for on-premises aut The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below. -* The certificate must have a CRL distribution-point extension that points to a valid certificate revocation list (CRL). +* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name) * The certificate Key Usage section must contain: Digital Signature, Key Encipherment From 70f35d9b556ca77586782b3fa234d89b59e7ebee Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 11:59:11 -0500 Subject: [PATCH 010/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index cfa4d2724c..8e2a006a40 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -61,7 +61,7 @@ Key trust deployments do not need client issued certificates for on-premises aut The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below. * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. -* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name) +* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). * The certificate Key Usage section must contain: Digital Signature, Key Encipherment * Optionally, the certificate Basic Constraints section should contain: From 6f1af988debf6ac45f39b9d2dd82f20f68fad894 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 11:59:46 -0500 Subject: [PATCH 011/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 8e2a006a40..fa127fbc9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -63,7 +63,6 @@ The minimum required enterprise certificate authority that can be used with Wind * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). * The certificate Key Usage section must contain: -Digital Signature, Key Encipherment * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None] * The certificate Enhanced Key Usage section must contain: Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1) From 479a1ff8734f6d075d3ef75328f6d9013145d24b Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 12:00:13 -0500 Subject: [PATCH 012/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index fa127fbc9c..5255ad8eec 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -62,7 +62,7 @@ The minimum required enterprise certificate authority that can be used with Wind * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). -* The certificate Key Usage section must contain: +* The certificate Key Usage section must contain Digital Signature and Key Encipherment. * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None] * The certificate Enhanced Key Usage section must contain: Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1) From 72371c8e34b8d360a8036c9f662f20da9f9debe2 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 12:00:31 -0500 Subject: [PATCH 013/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 5255ad8eec..dfe1bdb31d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -65,7 +65,7 @@ The minimum required enterprise certificate authority that can be used with Wind * The certificate Key Usage section must contain Digital Signature and Key Encipherment. * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None] -* The certificate Enhanced Key Usage section must contain: Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1) +* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. * The certificate template must have an extension that has the BMP data value "DomainController." * The domain controller certificate must be installed in the local computer's certificate store From 6f42299166ef7a8eb90d449098abd5fd088c077a Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 12:00:54 -0500 Subject: [PATCH 014/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index dfe1bdb31d..c6ad8bf880 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -64,7 +64,6 @@ The minimum required enterprise certificate authority that can be used with Wind * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). * The certificate Key Usage section must contain Digital Signature and Key Encipherment. * Optionally, the certificate Basic Constraints section should contain: -[Subject Type=End Entity, Path Length Constraint=None] * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. * The certificate template must have an extension that has the BMP data value "DomainController." From dca438d5b4f8cbf5c36ad1d1d5085956a2a00dd4 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 12:01:09 -0500 Subject: [PATCH 015/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index c6ad8bf880..86afa736bf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -66,7 +66,7 @@ The minimum required enterprise certificate authority that can be used with Wind * Optionally, the certificate Basic Constraints section should contain: * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. -* The certificate template must have an extension that has the BMP data value "DomainController." +* The certificate template must have an extension that has the BMP data value "DomainController". * The domain controller certificate must be installed in the local computer's certificate store From 3aa10bc1504fdadd15316df6265672b3d99120bb Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 12:01:35 -0500 Subject: [PATCH 016/118] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 86afa736bf..9b3432c015 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -67,7 +67,7 @@ The minimum required enterprise certificate authority that can be used with Wind * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. * The certificate template must have an extension that has the BMP data value "DomainController". -* The domain controller certificate must be installed in the local computer's certificate store +* The domain controller certificate must be installed in the local computer's certificate store. From 5f13583ff5b73766b3cf8ae44a172f4cf1b48936 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Tue, 14 May 2019 10:44:54 -0500 Subject: [PATCH 017/118] Update user-roles-windows-defender-advanced-threat-protection.md --- ...-roles-windows-defender-advanced-threat-protection.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md index ab60042a21..c68c954776 100644 --- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md @@ -59,6 +59,10 @@ The following steps guide you on how to create roles in Windows Defender Securit After creating roles, you'll need to create a machine group and provide access to the machine group by assigning it to a role that you just created. +>[!NOTE] +>The Windows Defender ATP administrator (default) role has administrator permissions. The administrator permissions cannot be assigned >to any other role. On>groups assigned the Windows Defender ATP administrator role have access to all machine groups. + + ## Edit roles 1. Select the role you'd like to edit. @@ -76,6 +80,7 @@ After creating roles, you'll need to create a machine group and provide access t 2. Click the drop-down button and select **Delete role**. -##Related topic + +## Related topic - [User basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md) -- [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) From 9d4c6f334383da0079c3ca9ac277acbb521a3600 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Tue, 14 May 2019 10:49:36 -0500 Subject: [PATCH 018/118] Update user-roles-windows-defender-advanced-threat-protection.md --- .../user-roles-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md index c68c954776..70a52291c3 100644 --- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md @@ -60,7 +60,7 @@ After creating roles, you'll need to create a machine group and provide access t >[!NOTE] ->The Windows Defender ATP administrator (default) role has administrator permissions. The administrator permissions cannot be assigned >to any other role. On>groups assigned the Windows Defender ATP administrator role have access to all machine groups. +>The Windows Defender ATP administrator (default) role has administrator permissions. The administrator permissions cannot be assigned to any other role. On groups assigned the Windows Defender ATP administrator role have access to all machine groups. ## Edit roles From 111800e5bd586ad579d72d28a7bba9c9b36fce22 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 15 May 2019 10:19:09 +0500 Subject: [PATCH 019/118] update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 32055b2546..957c81811a 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -57,12 +57,15 @@ This section covers requirements for each feature in Windows Defender EG. | ![supported](./images/ball_50.png) | Supported | | ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Windows Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.| -| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | -| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | -| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 Enterprise | Windows 10 with Enterprise E3 subscription | Windows 10 with Enterprise E5 subscription | +| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | :--------------------------------------: | +| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | + +>[!NOTE] +> [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as Enterprise E5 subscription. The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. From 3586e4e66216238a436bd3ec69076f9ecbe91c98 Mon Sep 17 00:00:00 2001 From: Marcus <49599477+h3xmarcux@users.noreply.github.com> Date: Wed, 15 May 2019 15:18:46 +0100 Subject: [PATCH 020/118] Update advanced-security-auditing-faq.md --- .../auditing/advanced-security-auditing-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md index 6935b85eb1..3d4c6fe39a 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md @@ -83,7 +83,7 @@ The rules that govern how Group Policy settings are applied propagate to the sub | - | - | - | -| | Detailed File Share Auditing | Success | Failure | Success | | Process Creation Auditing | Disabled | Success | Disabled | -| Logon Auditing | Success | Failure | Failure | +| Logon Auditing | Success | Failure | Success | ## What is the difference between an object DACL and an object SACL? From 13d8ad3af499a258e2f748ec71c252ff43d7fe04 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 15 May 2019 17:29:56 -0500 Subject: [PATCH 021/118] Do a Reboot for Restart the PC. --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 11f72817b6..69de4938f5 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -769,7 +769,7 @@ To remove the News app: -or- >[!IMPORTANT] -> If you have any issues with these commands, do a system reboot and try the scripts again. +> If you have any issues with these commands, restart the PC and try the scripts again. > - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}** From e5b83dc638fe50dc32fae1d283465bccf11e789e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 16 May 2019 02:56:41 +0200 Subject: [PATCH 022/118] Update devices/surface-hub/create-a-device-account-using-office-365.md Pragmatic grammar change. --- devices/surface-hub/create-a-device-account-using-office-365.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index 7166019087..d1fbebaa56 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -218,7 +218,7 @@ In order to enable Skype for Business, your environment will need to meet the fo ## Create a device account using the Exchange Admin Center >[!NOTE] ->This method will only work if you have an on-premises Active Directory that you are syncing from. +> This method will only work if you are syncing from an on-premises Active Directory. You can use the Exchange Admin Center to create a device account: From 73c4c68274a2c4b7c52884ab29e822febd5b4534 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 16 May 2019 10:28:13 +0500 Subject: [PATCH 023/118] update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 957c81811a..da228553fc 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -65,7 +65,7 @@ This section covers requirements for each feature in Windows Defender EG. | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | >[!NOTE] -> [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as Enterprise E5 subscription. +> The [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as Enterprise E5 subscription. The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. From ad020077ac6c17a8f95057765b4a4e413e7a14e5 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Thu, 16 May 2019 01:22:04 -0500 Subject: [PATCH 024/118] Resolving ISsue#915 --- .../whats-new-windows-10-version-1803.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index a4846edc0d..359a0c2ae5 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -22,11 +22,8 @@ This article lists new and updated features and content that are of interest to The following 3-minute video summarizes some of the new features that are available for IT Pros in this release. -  - > [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false] - ## Deployment ### Windows Autopilot @@ -135,7 +132,7 @@ Portions of the work done during the offline phases of a Windows update have bee ### Co-management -Intune and System Center Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. +**Intune** and **System Center Configuration Manager** policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) @@ -231,8 +228,12 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu ## See Also -[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.
-[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
-[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
+[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. + +[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. + +[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. + [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. + From 590ba2a7ecfa171d0dd4abb8dac043d09680fdc7 Mon Sep 17 00:00:00 2001 From: alexander7567 <1144391+alexander7567@users.noreply.github.com> Date: Thu, 16 May 2019 10:16:53 -0400 Subject: [PATCH 025/118] Fixed missing colon in path Fixed missing colon in path --- .../client-management/advanced-troubleshooting-boot-problems.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 101ca103bc..b80840d43d 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -385,6 +385,6 @@ If the dump file shows an error that is related to a driver (for example, window 1. Start WinRE, and open a Command Prompt window. 2. Start a text editor, such as Notepad. - 3. Navigate to C\Windows\System32\Config\. + 3. Navigate to C:\Windows\System32\Config\. 4. Rename the all five hives by appending ".old" to the name. 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. From 3279e783ff5721e26416fe24157a90498403d8cf Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:17:29 -0500 Subject: [PATCH 026/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 359a0c2ae5..b0aa87146e 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -228,7 +228,7 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu ## See Also -[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. +- [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. From 7e3c471554b2d1cbb176262bb34acdc35d2846e7 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:17:42 -0500 Subject: [PATCH 027/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index b0aa87146e..4976aba0c4 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -229,7 +229,6 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu ## See Also - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. - [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. From c307294550eaf40eb189a8a73f2679bfc725dcfa Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:17:49 -0500 Subject: [PATCH 028/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 4976aba0c4..b303d7d580 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -230,7 +230,6 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. - [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. From 0557f502a02d9a9a7293b12f82d483ee7577396c Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:17:57 -0500 Subject: [PATCH 029/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index b303d7d580..8ff528af58 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -231,7 +231,6 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. - [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. From 66d8ae4a07ab0f86234bf97985d834aec332f5ce Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:18:06 -0500 Subject: [PATCH 030/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 8ff528af58..0f56c2a037 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -231,6 +231,6 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. -[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. +- [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. From 800d7f46112996a0c0fd85910340ff7801ac283d Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:18:16 -0500 Subject: [PATCH 031/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 0f56c2a037..edf483eab6 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -230,7 +230,7 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. -[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. +- [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. - [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. From 60cf9d4e55b19e1f158a115337ec8a175686c28d Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 16 May 2019 11:18:42 -0500 Subject: [PATCH 032/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index edf483eab6..220d35e86c 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -229,7 +229,7 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu ## See Also - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. -[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. +- [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. - [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. - [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. From c5ae6b310f7d669c18483802fb3b6c7c49477343 Mon Sep 17 00:00:00 2001 From: John Rajunas Date: Thu, 16 May 2019 12:49:20 -0400 Subject: [PATCH 033/118] Change "Windows Management Instruction" Proposing the correct the phrase "Windows Management Instruction" to "Windows Management Instrumentation" to more accurately reflect the proper meaning of the acronym WMI in this context, and to match the rest of the topic's use of "WMI". --- ...iguration-management-reference-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md index 901c6c4995..471d647e37 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md @@ -26,7 +26,7 @@ You can manage and configure Windows Defender Antivirus with the following tools - System Center Configuration Manager - Group Policy - PowerShell cmdlets -- Windows Management Instruction (WMI) +- Windows Management Instrumentation (WMI) - The mpcmdrun.exe utility The topics in this section provide further information, links, and resources for using these tools to manage and configure Windows Defender Antivirus. From 9fd74e4aa21426c7eb7e9a542a159135e97319fc Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 17 May 2019 12:00:30 +0500 Subject: [PATCH 034/118] update windows-defender-exploit-guard.md --- .../windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index da228553fc..45b1954386 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -65,7 +65,7 @@ This section covers requirements for each feature in Windows Defender EG. | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | >[!NOTE] -> The [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as Enterprise E5 subscription. +> The [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as the Enterprise E5 subscription. The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. From 707ecda1ab12f0a332e02544480c4c6973030bf5 Mon Sep 17 00:00:00 2001 From: illfated Date: Fri, 17 May 2019 10:32:39 +0200 Subject: [PATCH 035/118] Update hello-how-it-works-technology.md (TPM section) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - replace 3 occurrences of the character `�` with a normal No-Break Space character (ASCII 32) - remove 13 redundant blank lines at the end of the document (redundant whitespace) --- .../hello-how-it-works-technology.md | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 99026497a4..c8fbed37c7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -284,9 +284,9 @@ A TPM implements controls that meet the specification described by the Trusted C - The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard. - The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015. -Windows�10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948). +Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948). -Windows�10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows�10 supports only TPM 2.0. +Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. TPM 2.0 provides a major revision to the capabilities over TPM 1.2: @@ -316,16 +316,3 @@ In a simplified manner, the TPM is a passive component with limited resources. I [Return to Top](hello-how-it-works-technology.md) - - - - - - - - - - - - - From 959f88dbd27966614e2401cbea3fdfec98a035b0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 17 May 2019 12:50:09 -0700 Subject: [PATCH 036/118] Updated SKU --- .../client-management/mdm/policy-csp-servicecontrolmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index a2558d44fc..ec32296079 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -44,7 +44,7 @@ ms.date: 05/10/2019 cross mark - cross mark + check mark6 check mark6 check mark6 check mark6 From 5480ba46fe2edcc6eac8281bb918b6a8e805eeda Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 17 May 2019 14:52:36 -0700 Subject: [PATCH 037/118] Update SKU --- .../client-management/mdm/policy-csp-servicecontrolmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index ec32296079..a2558d44fc 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -44,7 +44,7 @@ ms.date: 05/10/2019 cross mark - check mark6 + cross mark check mark6 check mark6 check mark6 From 7e5a521e9daf4492560ad8268a507d2d0679214a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 17 May 2019 15:21:38 -0700 Subject: [PATCH 038/118] Added dev comment --- .../client-management/mdm/policy-csp-servicecontrolmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index a2558d44fc..b879cef048 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -68,7 +68,7 @@ This policy setting enables process mitigation options on svchost.exe processes. If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them. -This includes Microsoft to sign a policy requiring all binaries loaded on SVCHOST processes and a policy disallowing dynamically generated code. +This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code. If you disable or do not configure this policy setting, the stricter security settings will not be applied. From 53276bd754ae0d5f1f909ba551a85c4465ba20e6 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 20 May 2019 10:25:10 +0500 Subject: [PATCH 039/118] update windows-10-enterprise-subscription-activation.md --- .../deployment/windows-10-enterprise-subscription-activation.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index e57c8a14cc..50cda76821 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -154,6 +154,8 @@ changepk.exe /ProductKey %ProductKey% ) +If no firmware-embedded Windows 10 activation key presents, the license will escalate to Windows 10 Enterprise using Subscription Activation directly. + ### Obtaining an Azure AD licence Enterprise Agreement/Software Assurance (EA/SA): From 5735cae0863cd1e12057dca75e78c8d0e0b73922 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 20 May 2019 01:12:37 -0500 Subject: [PATCH 040/118] Update windows/whats-new/whats-new-windows-10-version-1803.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-1803.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 220d35e86c..a7a77b4172 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -233,4 +233,3 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu - [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. - [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. - From 5f0e08d058c5b5a3c57452fc4c93bbdf5185b69d Mon Sep 17 00:00:00 2001 From: illfated Date: Mon, 20 May 2019 18:57:44 +0200 Subject: [PATCH 041/118] Remove space between indent marker and text - (keeping the current code style unchanged) --- devices/surface-hub/create-a-device-account-using-office-365.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index d1fbebaa56..85be497437 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -218,7 +218,7 @@ In order to enable Skype for Business, your environment will need to meet the fo ## Create a device account using the Exchange Admin Center >[!NOTE] -> This method will only work if you are syncing from an on-premises Active Directory. +>This method will only work if you are syncing from an on-premises Active Directory. You can use the Exchange Admin Center to create a device account: From f2e71a516fce68a70d6cece5dfe667168e4c9ea5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 May 2019 17:43:49 -0700 Subject: [PATCH 042/118] add topic for sensitivity labels --- .../information-protection-investigation.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md new file mode 100644 index 0000000000..562c89d6e7 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -0,0 +1,35 @@ +--- +title: Use sensitivity labels to investigate incidents +description: Learn how to use sensitivity labels to prioritize and investigate incidents +keywords: information, protection, data, loss, prevention,labels, dlp, incident, investigate, investigation +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Use sensitivity labels to investigate incidents + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be involved so that corporate data and information are protected. + +Microsoft Defender ATP helps to make the prioritization of security incidents where sensitive information are involved easier with the use of sensitivity labels. + +1. In Microsoft Defender Security Center, select **Incidents**. + +2. Scroll to the right to see the **Data sensitivity** column. This column reflects sensitivity labels that have been observed on machines related to the incidents providing an indication of whether sensitive files may be impacted by the incident. + +3. Open the incident page to further investigate. + +4. Select the **Machines** tab to identify machines storing files with sensitivity labels. \ No newline at end of file From 2834d122b1ebb1b3688a5754f1f2e0bd9c5ec171 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Mon, 20 May 2019 21:22:41 -0500 Subject: [PATCH 043/118] Formating the whole Article tables and links. --- .../access-control/special-identities.md | 1028 ++++------------- 1 file changed, 193 insertions(+), 835 deletions(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index 16e282f16f..b29d15b901 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -34,364 +34,153 @@ Although the special identity groups can be assigned rights and permissions to r For information about security groups and group scope, see [Active Directory Security Groups](active-directory-security-groups.md). -The special identity groups are described in the following tables. +The special identity groups are described in the following tables. -- [Anonymous Logon](#bkmk-anonymouslogon) +- [Anonymous Logon](#Anonymous-Logon) -- [Authenticated User](#bkmk-authenticateduser) +- [Authenticated User](#Authenticated-Users) -- [Batch](#bkmk-batch) +- [Batch](#batch) -- [Creator Group](#bkmk-creatorgroup) +- [Creator Group](#Creator-Group) -- [Creator Owner](#bkmk-creatorowner) +- [Creator Owner](#Creator-Owner) -- [Dialup](#bkmk-dialup) +- [Dialup](#Dialup) -- [Digest Authentication](#bkmk-digestauth) +- [Digest Authentication](#Digest-Authentication) -- [Enterprise Domain Controllers](#bkmk-entdcs) +- [Enterprise Domain Controllers](#Enterprise-Domain-Controllers) -- [Everyone](#bkmk-everyone) +- [Everyone](#everyone) -- [Interactive](#bkmk-interactive) +- [Interactive](#interactive) -- [Local Service](#bkmk-localservice) +- [Local Service](#local-service) -- [LocalSystem](#bkmk-localsystem) +- [LocalSystem](#LocalSystem) -- [Network](#bkmk-network) +- [Network](#network) -- [Network Service](#bkmk-networkservice) +- [Network Service](#Network-Service) -- [NTLM Authentication](#bkmk-ntlmauth) +- [NTLM Authentication](#NTLM-Authentication) -- [Other Organization](#bkmk-otherorganization) +- [Other Organization](#Other-Organization) -- [Principal Self](#bkmk-principalself) +- [Principal Self](#Principal-Self) -- [Remote Interactive Logon](#bkmk-remoteinteractivelogon) +- [Remote Interactive Logon](#Remote-Interactive-Logon) -- [Restricted](#bkmk-restrictedcode) +- [Restricted](#Restricted) -- [SChannel Authentication](#bkmk-schannelauth) +- [SChannel Authentication](#SChannel-Authentication) -- [Service](#bkmk-service) +- [Service](#Service) -- [Terminal Server User](#bkmk-terminalserveruser) +- [Terminal Server User](#Terminal-Server-User) -- [This Organization](#bkmk-thisorg) +- [This Organization](#This-Organization) -- [Window Manager\\Window Manager Group](#bkmk-windowmanager) +- [Window Manager\\Window Manager Group](#Window-Manager\\Window-Manager-Group) -## Anonymous Logon +## Anonymous Logon Any user who accesses the system through an anonymous logon has the Anonymous Logon identity. This identity allows anonymous access to resources, such as a web page that is published on corporate servers. The Anonymous Logon group is not a member of the Everyone group by default. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-7

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-7 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights|None| -  - -## Authenticated Users +## Authenticated Users Any user who accesses the system through a sign-in process has the Authenticated Users identity. This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-11

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

-

[Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege

-

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-11 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
[Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege| -  - -## Batch +## Batch Any user or process that accesses the system as a batch job (or through the batch queue) has the Batch identity. This identity allows batch jobs to run scheduled tasks, such as a nightly cleanup job that deletes temporary files. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-3

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-3 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| none| -  - -## Creator Group +## Creator Group The person who created the file or the directory is a member of this special identity group. Windows Server operating systems use this identity to automatically grant access permissions to the creator of a file or directory. A placeholder security identifier (SID) is created in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object’s current owner. The primary group is used only by the Portable Operating System Interface for UNIX (POSIX) subsystem. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-3-1

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-3-1 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| none| -  - -## Creator Owner +## Creator Owner The person who created the file or the directory is a member of this special identity group. Windows Server operating systems use this identity to automatically grant access permissions to the creator of a file or directory. A placeholder SID is created in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the object’s current owner. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-3-0

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-3-0 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| none| -  - -## Dialup +## Dialup Any user who accesses the system through a dial-up connection has the Dial-Up identity. This identity distinguishes dial-up users from other types of authenticated users. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-1

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-1 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| none|  -  - -## Digest Authentication +## Digest Authentication - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-64-21

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-64-21 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| none|  -  - -## Enterprise Domain Controllers +## Enterprise Domain Controllers This group includes all domain controllers in an Active Directory forest. Domain controllers with enterprise-wide roles and responsibilities have the Enterprise Domain Controllers identity. This identity allows them to perform certain tasks in the enterprise by using transitive trusts. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-9

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights Assignment

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

-

[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-9 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight| -  - -## Everyone +## Everyone All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to system resources. Whenever a user logs on to the network, the user is automatically added to the Everyone group. @@ -400,615 +189,184 @@ On computers running Windows 2000 and earlier, the Everyone group included the Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-1-0

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

-

[Act as part of the operating system](/windows/device-security/security-policy-settings/act-as-part-of-the-operating-system): SeTcbPrivilege

-

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-1-0 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
[Act as part of the operating system](/windows/device-security/security-policy-settings/act-as-part-of-the-operating-system): SeTcbPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege| -  - -## Interactive +## Interactive Any user who is logged on to the local system has the Interactive identity. This identity allows only local users to access a resource. Whenever a user accesses a given resource on the computer to which they are currently logged on, the user is automatically added to the Interactive group. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-4

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-4 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None| -  - -## Local Service +## Local Service The Local Service account is similar to an Authenticated User account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with anonymous credentials. The name of the account is NT AUTHORITY\\LocalService. This account does not have a password. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-19

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default user rights

[Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege

-

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

-

[Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemtimePrivilege

-

[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege

-

[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege

-

[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege

-

[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege

-

[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-19 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
[Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemtimePrivilege
[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege
[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
| -  - -## LocalSystem +## LocalSystem This is a service account that is used by the operating system. The LocalSystem account is a powerful account that has full access to the system and acts as the computer on the network. If a service logs on to the LocalSystem account on a domain controller, that service has access to the entire domain. Some services are configured by default to log on to the LocalSystem account. Do not change the default service setting. The name of the account is LocalSystem. This account does not have a password. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-18

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

-  - -## Network +| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-18 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights|None| +## Network This group implicitly includes all users who are logged on through a network connection. Any user who accesses the system through a network has the Network identity. This identity allows only remote users to access a resource. Whenever a user accesses a given resource over the network, the user is automatically added to the Network group. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-2

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-2 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights|None| -  - -## Network Service +## Network Service The Network Service account is similar to an Authenticated User account. The Network Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Network Service account access network resources by using the credentials of the computer account. The name of the account is NT AUTHORITY\\NetworkService. This account does not have a password. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-20

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

[Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege

-

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

-

[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege

-

[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege

-

[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege

-

[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege

-

[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-20 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege
[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
| -  - -## NTLM Authentication +## NTLM Authentication - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-64-10

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-64-10 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None| -  - -## Other Organization +## Other Organization This group implicitly includes all users who are logged on to the system through a dial-up connection. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-1000

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-1000 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  - -## Principal Self +## Principal Self This identify is a placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal that is represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal that is represented by the object. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-10

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-10 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  - -## Remote Interactive Logon +## Remote Interactive Logon This identity represents all users who are currently logged on to a computer by using a Remote Desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-14

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-14| +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  - -## Restricted +## Restricted Users and computers with restricted capabilities have the Restricted identity. This identity group is used by a process that is running in a restricted security context, such as running an application with the RunAs service. When code runs at the Restricted security level, the Restricted SID is added to the user’s access token. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-12

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-12 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  - -## SChannel Authentication +## SChannel Authentication - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-64-14

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-64-14 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  - -## Service +## Service Any service that accesses the system has the Service identity. This identity group includes all security principals that are signed in as a service. This identity grants access to processes that are being run by Windows Server services. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-6

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege

-

[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege

-  +| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-6 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
| -## Terminal Server User +## Terminal Server User Any user accessing the system through Terminal Services has the Terminal Server User identity. This identity allows users to access Terminal Server applications and to perform other necessary tasks with Terminal Server services. Membership is controlled by the operating system. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-13

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-13 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  - -## This Organization +## This Organization - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-15

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

None

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | S-1-5-15 | +|Object Class| Foreign Security Principal| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| None | -  +## Window Manager\\Window Manager Group -## Window Manager\\Window Manager Group - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

Object Class

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

-

[Increase a process working set](/windows/device-security/security-policy-settings/increase-a-process-working-set): SeIncreaseWorkingSetPrivilege

+| **Attribute** | **Value** | +| :--: | :--: | +| Well-Known SID/RID | | +|Object Class| | +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default User Rights| [Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
[Increase a process working set](/windows/device-security/security-policy-settings/increase-a-process-working-set): SeIncreaseWorkingSetPrivilege
| ## See also From 10a330b68ef24d7b476f2cea4f006cb04818f680 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 May 2019 21:53:12 -0700 Subject: [PATCH 044/118] content for ip --- .../images/data-sensitivity-column.png | Bin 0 -> 9808 bytes .../images/incident-page.png | Bin 0 -> 15591 bytes .../images/investigate-machines-tab.png | Bin 0 -> 36121 bytes .../information-protection-investigation.md | 26 +++++++++++++++--- 4 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/data-sensitivity-column.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/incident-page.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/data-sensitivity-column.png b/windows/security/threat-protection/microsoft-defender-atp/images/data-sensitivity-column.png new file mode 100644 index 0000000000000000000000000000000000000000..d979d3e3675bbc97b56774d12c1927b53d51445c GIT binary patch literal 9808 zcmb7qWl&s8xAx$J4`CP_21p2m2?Pki8Ek+6L53XM-QC@TThIgv7D9r%y9Edm+$97E z?hbS3obUT_t8TsbeeaK6U0v1Hd-v|O*Lt33b)<@tEHMEM0RR9Xek~`BME6JN_8o|e zw)D{UOLT|ff|Qj6l#S5+K@YGkB;H5>0G08CcSbnqF}|ammJ0wt((`x2NZ}x%1puD> zel0EW)>D5!YfD2%qyFHK(W7lC{xZf1zQ{ZBv3~Q-xt^w}$m@1t-iX=!v(-zuVxw-H%+t?Nv<4Qr^B-d`RhfC^C)CvLN+QGY zlE8mP!IzM9sy9w>`SF)CMo|iaD($!mnbx9SG*om&ir%62Z4qh;u2r6)g2kF0*RIL) zFi6#c?Z(bQZbkWf?JTin-Z#HY@)y4o_8+4Fv2k(7>RM~RRUym{wA8uZzr$)@O};PZ zm+HPIOJz;Z<)#ZEkJ`%fQQTlLwW?D!w+$ZsG12ojcOvGrvX3YIL;9!4pFg(ZJ6$7e zOWmvLh1inik@XAmdJi#^cFx8zebJXh?#HJ`=T7$)yD!!DR(aKQFDsq?B$yitP=CHj zJKt~=_|n*za)T6{i@S)Uz@gu-c|SEX#Jp|+7gRF&)ei2%zI=E5z3X^Fz!{qMfAUZ$`?X#6{lU$IT00 z>EM}7P@f2un(jKPnOjD*(7QV~30WCJ74$ux_L^XLpB$07HQjF21xy*~4QrhnW{(#IyPEJ^(7d>wT=UtHNMX=mqKe$3sbLC#lKrz)k! z+l#j~^Cs%bc5;y{>38w*%PDx9lrrto%k(#i%}cM6+5o#(ZSvlfJexKUWck_oX_jcu(}A|K)^o>Z&a3;aOElUUc*AsrmxwKMSC zTes)Q3^c3(lnxHHDjufdBSH1a>;6WSf@~mKL!0b868*Xb-DEntf=|^cG#{UvT3Hr) z+9y1EP^uEp1+P7joi=}8BF}4*_4qQrR+POA_43o3TyvhFiWVR{OPpCjFes;IKIi&l zw9lb`P*5fgzZ?~D6A-paj~}`;`_p8iX>C$}_MYPh;i3jZ{b$R!bsydjVvA&cN`>IX zf;A+n`lT*Lpl{+fzVL%T^=S}q9R6XVMd6(vvB~9ATiaNF0yRtUPUKJiG|lZCH*(Ku zp1o&yEc-2`%Wuil;WFy4kH$89J@#r9&C&YP^<%4!$-RpbzZThb>mUT!J_GYRNvbdD zFRCb4pZd69otr*wWD(Fh3yb47P;~KY61JV3+$o^b8Bb_V5yd;eocINfK0`JaX4|ek zu5XR5FS4r1Sy-kvS9>AJX(8Nu6TBx;qspAdrC)jT9f7s62P4w9tsgL}MLvVef7j&V z;!h~$kg$S$U`bxRSDR$q&*${v<(pfL40=t_r2VCoMbX5Tu9?34%iIBzfe&wVQ%Km1 zV&@(k3e`ApfPZrF%GtHwDp**2U|KQzLE_|yH~tu9#WN;BFOq;KlnH*#TCj2^vt;TL z&OWkkZ&7Yx{uO|1U{Uz@ z@w+I@@4+b_4bz?t=I54nBihQ`Pu%go6hAzPj?~M|eJQBf&~^nSjS;kVsIJ(hHa*s2 z=jV~$Uu>-Y1Jkji#lg~>Tt6D*>*vLH*0uv5`D{;pQy(P0r~+idR;|b!J)k`ya?K4( z%!cLhOQq@zbKE=Lv$0vq7^7p@@$=A$1q7r>R!AKxB>5-e;~u@(j;#$8k5FK8Nhv!U z=hV7Dwr(wSCk4*amAQw;NL z+b-C149~QCvuCaSWqe+O+P$_}ch95Y}ci(cm{W_>ajlThvN9`w%ng5IH|Gq8HJR>4!(oeEWMQ46Ys;)^!v`e{Ctg#M=E{ah)t&> zjhpv6w=zvO@mh3;CbnnyzQso#J2kFs%(BJ4X=$TB?^pO%$z4_sbJ0HA|h8xLn15|N zgTx~yOnKN7`6S3d1&dy0949ZUX^-j%8y@flEb4Jzd z>`JBay~ul%NWus(R)vIxf2*lNqM~qok5(n-D^1?Hnl~>gkur!R?7w;Q#`SPnl!l55 zBvGbQA15RvWXc#g<^(GNuQQAKUa4G|fMy$<@__}~r5Zjy!lio6shLVeB`lM}@1H7v zsjN)2Uu=+AsCS?wyF5RSj9~Hz27Fo6?!qluZ%0xT@7{dQZGlcgr8LAk>}^cB*$*^ zIMhFW6|?o3Ek&g=P&rHJNfsEssNe1{D(ZbE2ira0o%wED8POZm8;0|0GrU5((@>=+ zc7%k3s!k8d}F6jkMgEm-~^vB9p;yISt(r~xlj!=t`i&alg3QaMO zgUn3A@&av9qF#}=uvKv=G{6Z1Dh~!=bY%^j6JA@cs?&10ff&H2z2V`wTK&97`JV>4LTX6Ex9!$zEa%1-uG2` zgkF793a2Dl?(PsZ#uIPGt%AYvWYA6Wc|aQs_nBd#bfeOj-=k^0;^;Y=dn5H=tv!n` znCkK{_br_$*ah#~zo)ym{js94wJx-^6E!n@`^GVT;_s!>cFyl{{SFR;kXTj!bCa9RanHF6??L zJItkR+-?t@EHoxh!yk5P&#&3OkIm*IZ9a_@+6`$WUaoLh z_Rw>Q6>1HNc88&Zs3Xsvm$qZxiHuLGYh( z;tkt(!1TDYCsQ>1)VZ!RC0c5O_&60Y4KoogerMa`NF9(2WM8}!8g8J>)ZxQNg8VIH zpoJ08)C8rn?dFLdzkRR(&sSu1(R#FSDnSsA`yOE3*2pIKgSPzYH)61Ewbn&S9PeNe zPN(OJfy6SY`hyt8iJN!Zx7=mMfX_!B@YK3%jgs848#`pbL8b{f{{bfFNh7-8p>}Cu zW4_y$V+r38Y5oDKD8EWJXTKz(Op3yZ*&_gP_e8^RwmU#D%ybsR=EOw9-RaU3e5n2+ zc|VO)5*ZbJ2DM{Wj{nVTWX;=e=Uvb+Tf#oWu=FvDk<8q!(HsS+j|eGtaX+`G81Q0w zVS!^eA|-a1LQXcMPJ96pE~-^IyPY$CHnKXo$tnKQPqQiePzv%a`upu+iU`oQXm~}ge&0H)`te4$9} z;CF`Ha!iNh&XN*6??~vAOuj`rXO(9Lj#sLAFv$P8f(PWbp^?#jGTuR{aN}Liv>Q3` zqL(z52jg+ueR7jqPPnbo@j@97A$?c+X#0FRR{}Xc z7KyXy{oUy(vm%lHkyyeQ5j9)F9?`y36vdq*J*KQR1(7<4vxTT(VQSMTdDqtrXIQ-$ zHTayy-A#4<4B^G`vFTo1NK|ZsGzXda9D<$ZH#dOkBQ97MdY|Tiyg7CudwoOV;A2KM z!{6U8-cd0UsYc1>wMNs3Ix*@@*}UD<=TkF9aqqM{X_R3Yt=TySmwJD`DBK&GZq2*O zP+*o{6#iixd*>S(UZO?jG3`YwSSm`WhoBlI&85CO(-8yhzoPYB0OrL%uI z((6<)dwNbudm738B1n;yW&fQ|jEJ%&`9){5_>D?_t6U@I8deLXc(YL$(}8uK?$+&J z7zWL6=EBXL;J4+=kTpq9kV;wcUpCQ|I$KM7%daAj98tjL_CI*ab4~3V z-uF=5%U)V=Weu?R&Th|u>m8;C5~IMpy_VuCi*c%skX+A#*_eUqCq z_DdR~XiFyb7R9ciJc+v01~F-Jv)!mur+uR4KcIl9=T7TqPj<{^Xj5zJ&2tvjN>~|b zMI9wK+bX87Ipc??nED0|LcpeJv=Bb0&8kI02FwyvMfa1-E{|m@M`vP)JiM4(fs|6n z|0H-g`mYZ8DP-AcieF^y9!K`j0cbaRzjNwi?|SEXPv&I1bLp^=3l|Myb~gOc)g7&u zLQMV7uwT=vZ4)e~$X~lpeT_$G;BKlV?g?A@{$iv<<5ESM0vx}WzmRVZi7vQ*7ol+L z{AlMz_yaR!fk;Dp`56~VesiuNyrp>gEF|-A3j>>L>CX0^$sb6)>v>Hf>>a+|Kl;7W zXn1$VF5~{$Yn+m|EdK<>Aq}o8`B&W-mNDSHs|#l4~5n!$6H27)yXEK7c|qFXNT{orrYJ zfnBHd@r1t_%MZ(UnA>~2b52Cc{ontcd(qe#o&MW0imfupjY*>UN85`!ZdkeWww&|# z{PPF=vy0X_a-DC#HLiv&Ni%Et%2y}*gcC**XtGz%W;w7|&5o-4FGyk2UF> zdVII_J}Hm_!Oi&05W&s;ugxkBrok-B!KrV+VG)}P8dm_BqCv%gHIt!UAsN@#(nWWz zcZnt|I6%_qPiGNj*Q^m$kw*=HjHh6;zflMtDMJCH|CNMf!Ti3v_t9#Qt*oaOjOFZE z@W+7DAN-GyQvgX>fJdkiqQx>a8L^4mleS!A^}Z*qOno;jp;E3i7+&e%ru5Q1qU?%eTfvN8HD**+|mawK0c)eKNNe)WLLG=T>vPuk}Nh`Mu+ zjDw~h>i!b9a(AX&LD5o#1>0MefCf<<`cL++cvh>yWIFydUbjC+Qzq&PGA#xzgt6dbX{qRX1n*h?1t~ zmlJ*`!7+2mv*3E#3~GR6r7>KZG{GIa3$Z18t#;<8UpQI#Y-!x;rt<|eZC4a^3vUa-mW zg-8&MVsYmtCSuOffsXY5A))!*k`3EmKpersH>)h z>qGZDQU!A?V7_)pcDIXw^F{=ArEFc8++$|Dmpjq>pqIFeruKnpL2r4{4~@eS%!L|1 z4*O`+N%4CWP5+!Y7tLHZ+;*p5%OaLpfYcD&EZQ>OINr@cz`>Ie5HiJ(QHcL%srXpM zhyY%hMeX?FBCIhHDzB+sLm5KJ^A@^`DMI#`Tk00-SO7&>Qxtsa><9z%9`PjjNpAJa z7oz{$;p;Icj2H53fMY@B(_dg^_ETw^c>v7voDQJCD55HN2P5}$%lQ#IM+-$@bwQ>ajU z-Eq~8@wcoIpe2X)&zx?n@jNqs!UsdNi?S8{M=pt8Rk0T{`}PT6p7MkCt1$RUbh7o2 zffs4@Q)G4sQ>Er5&YY+!74+tN#AJY)feFRHYJ#y&GBF4=7FhMDg<6J!`%~=fK%bba zCtY+5@f1PVAoHslGJS|4w42KTw6P3S%#kk~?DL;?tQz!Htqe@`TfIGOPg5k))6+|G z1I!Ut(02|m%+EiTIoX-|W=8!9i-q$g<|o;FRY6i}h6>^#+E=z;<{QQUmAPb-^j4+- z>1bcMFT9v@4hwZ}=7WAg&3j_Q)5$Jr)UWTZPn}D+JJ<(v3XL(OLecVyF&|k2y%sgp zI07<_$1Gz_f$h$}XsKyx$|m05|LU=v6f3-dRs!VeYQLfURc4jR(6K8pOycRsAA?fT z<^)6nN0MXyL`X_b-2{u^AbgBNvf=yLN|Te8i^CPJeT`)KzvGk~z=JY4?6(9irY8O4 zOP-5vOeVr^UBg5uHju$MyjD{Ck*Tn_c}Sy`=2v{v58`>Rh~$Lb_YyGhG9WRqXwEbR z*z?f1E$e~=37s|PZf6z~EExA^&_8}bl}ZVLK>tvd5FxF*QbNB)2y&N@=_+b60cOYq z!=UyX;NbIKH%C~>MX65x*Xb~sq*oE76WE$M1!@vy`Dl$uJ}Z$GcN7DQW*&nSYwMFA zU|&Z636bkfutITi6b?}$wS(!n*6|5$NAQRr8IFxfL$3e>#M3@bwSAEN*4Q!Ox$w~zaV?5=4TS14{l8Ak|0-=i!T9y=T)W0H zVJBfwcjT8 z1&j6;ogJuPaDjlvlqB!Iy%M-TG&46&!ZdJzj;_F258E{?CAhbDQ(?byM)f%55i)3%FK|LdCG10%u4R=?t@h;hiS^ZSQzix z=H%N*;YA0^>aDd`Vh{52jr&V3^<1c%^K&n@HZudrAnnZg^IMb4PCoxi;u-0zShNfg znIO9uHoJBBH%C{*0&d5R5HYb3V)%OnUyTju2FBoQk9|`wP4XNBv@3O10^=Cs`wJ&b zsE>1vYNyK$xMnhFqiR2N7>1s4$$X_UwGdylFf|niU6$%JcHjCU9f>Yjj)X^~Wbm*X zW&6Udi9X)4n&I62vDUiu>sY85&SFq!Z}29^nX&cPlU_W&&k2xvNZBP|?zkDOt=i{P z9cBk*UFPH@T^i&h9p-awF#L|=plD+}pkHnX3AU*pw%zTfv&6_~rXWiybxt-WLip+Dcxpfc)9VZemwEeA%modXv6%r-ea z)OlM;e_UqX!%+Re{Y*T;%b+*;+iEKZi0euH2T74ushC z2ANb8r>ysnAWbhN8c7bwuhwY?TWt-=0?=~9F%_L7oQNblz`tuNfOUVj^g5&bo&rId z1!np++x0+^>~#~Ir)xpiyn!7v@==ks@I5nv;N)Sk)h7+DgYL<`3;PSP#TSSpqmHF% zS-7GqgMs@*gs_Gz5qnRrU1LOJeDh3BpE`l_tAZUTqa$pCFvaq=l!rPz;`ir(v368wm z@X{hJyNyHEA52)X!OlCO8y0IO9j~+76QtNt!<)>Mb6C7NBdEOG}XIpYO;c@ z*7yOup&@(kx`UJm{vUboDxeLWo3E}F;ohvqBgcTm7FWFkvfn~xUgDjV-EkyQXx+j2 z{7rJpz-?n0TX&ff%_;`l{c0o~|EzUdr}6ATlEhQ@J35_Zp|V?1dAL94rDhWPb8siQ z8gWLu0Ti%3W@q1#*fqp}UOdX6=4wwU!?x$I%kBOpFuGx_HBO7!JjsYzTm@ia zmtL69NB=Hk!{bixuD|GsLpL;aC+hbI-L2{?7IsZNZXY#o;`MlUiN;qG5+**;JQLt| z`fz#L;)7NLZ>%pWQ%VZAJIS5PuOd&wT;g&HThO9qV>ra=JC;aQLW@=t7cz3op;^C;}zQOro7W` z%(S{w-`ccZ2wKW5-Bj}O$viw6q@&_Wjj`$e+2t1Yq_5Vf@fb-60iSoY8ZCv`w3B<# z9Tjd03huDDKsdWpehzb>Ab5?a|11-*b}y4pfk z57~_q>krv8HNayw{S~WFUrp6t-&n4_Ee^P+bQ>P7qO3w&-+9CmXnG0r^1ft7`T%QY3@hiSA)3%sHn_f@(r;Lv=v^E;eDuH8JpL|n(CYs`usg7F z_ARj1QmZ2vuBin^mjR8%{vDSi#Aa66JoQq;cF-6`7o=pcWuz0afwT5KA=!j^0y6pI z>+=q$vT=TtPy#a_pJrcG6l+9RzHQ+F^f$6?60P+G3}(jQn8HiNk`SN z1H+;fi98vo20%&>JIPxWkTt}}jEs<03ta(1%41HW?_N<4S>2!j0nE!adS2`3TVR0K M2qoz~Cxu3go#t9P&6>$je#Ba{>*kr4Iz0vuYv z?{60QE>k@F*)Fl_8|r#`ITgI>np3YETV1sT2lhB$2tOfy^1siXKCJODsHnL2?AhwN z@6zl^NKXD5YSgV=1k!DFd^|#k8V-?#`=8peGz^CgyP%3%bm+FWksCzf zzP+y9G{4=mDxEl>Ty3dKO9x|o!ootOr&Zc&NF?7m*)9GDyn zdzXTO0{igCV_8)V@XrNScAU}e*u*#1BuIkXmZpp~t95%*00F71fSZ)8f{3*#0SFc1UOa7hWnt`r#f!DA+(-atWy zB$?+dve5~d-rZjo30pNuvi>>ag@bI-qtrZU4^j$lpP$Uvv0t`2U%%`9`v)e3+WjZ=1F@ELVJ- zD04a3c_zplJP}fWQ?H4nSkfF|JzUhdguFa7g7ci??TK>d?dtU9l%yoOG_3y*AhHai ziPNFV7uUE4VLccQ2s!x-b2D1{7f_e}qsNbpp9f|1a@F4xrmToWeLz?+<|)%2B|Sv5 zqtMLIfeX6+@O@yHdfI7g`zl5z6AHL?97!~HE+jET)Mc_tl#KF~bk6f{x;>^JGt3Z8 z-cpCh(8ls`acTg;t?dal=zJwn@bN=|6#`+_zC)0Sx-jBiPF%4X`E~hCBzcTk39&9a zD`(1XwKxc87nK6~`Y;-i54+0GpBob1Msz^xjye{_Su zedG(x$ii&PkrRpS@{qRtGdmG!C$cf?OqLGn=~1=y^o)hyhT1{xJxZ-EP9Lmj(jMm@&?@5*TG=m2hx_cG({1)LR^_{x5O^=|3jfAfJQkl8Hc- z$2AN0ok^~(-<7p*Ur2p@h%5x3@f^C}c>Nyl&?%Sxk#PV}+ry{{1RJp_zqRlzkM@Tx zy@)5@Ou^{W0XO2Kq6v08P8j7ytx84Sn4-3V7t%ZMIKL(h$3bpr*~>M))Nu=|0}ZiMz{NY({I-eaB6 zHyyl0Z+%)O9Wyu?&YipzvHPqn4{L0zPeI@9Mt?A*oQe@Ka)WV$9Agx*Dim6eQ&ePD zkhFJtW+^h=nv1eEOs`L8?UEF)F?$`(xyt)={3{_vJ@PutFGBP1-(8f)ePOF+*mgS> z5$HYbVddBx%^*GIdwk8MO+KFoSH;Kw9hXs85BOG807uKEgm8L0t6r^cAI z2Nk%1z;uk8ODQC{O6F-jrM-C8i;^>ag!5#(d`EE=OLh5 zOchjZ(H@ICDY$(jCxf-Q=`m?1RA$LYZ}z){J1rj*_nbz0l}rdIk}15~++)?v_?acW zd-eYK_Pr>rY5bjQOx%~6^+@7Sh}3$g24b$g_9}I3AnK({>2)Kc!ac7MNp9UjI~aF& z!fomvWq01Vtel8NJ%1I}#x<`RaC5>>sm~Lc_xcap#|MB7F1E_C?k$e<*uE7gRZceu zu1chiTtj8FpJ!(6+ey&*5!?4gChPhaI=Y0im6SA}q|H29(ptBbfv%-&-0zrwnZnv9 z;;_YyTolF$2_$jHT;wdBfE3pnDOr?qEU|5^g1q=N6QBHZ?9!|)TV=g$T2XTT0qn!Eq7~km`uxnor4%s|j)kN^ zcWcnBWgeP9lo##ZbQzE%1_o&k0lbR9+IWpWL&Bybz!_R=wBQ$_bsG6#PC%2HD{ zY3L4aRm6vYwgWu85E+5U%syA%1dd*uhY{a14mriLf?PaFZ#_UFt89UXZPAs?Wd?^- zjAGExOZ?0W2VEQ)$zPUeasU}VHn!EnKh5*)U)TFi5B)6{J9(Y4QL~S(j+7L&x3m9w zhCFH`(u{qnOCg>ZKdeHSL4Rh|(u1!AegE%Ah@#ZdUn5C>`h3#Nw7@D2E34cUZM<9l z2Q4=_s-mL8TTN{tUsFJ_$$eqpw9svgGEFrSQ{GjWt1|hzhHy;!p6)D-V=d>CkXl+16!PbJ{lon_BCt#=5@rl;&a-MXj`qe^7MK3TpSeJK% zwA;6(0F%Wi8Da-tYp-T1UZ`FT2l1dUC~ZU8-Ay?lSTw09#NctGNWNTEO2&%XgHH&u z#bT4e1S@y!nl>rZQqanXo1ZSfA_Ycv7otgroXQ+c15<}F6q6%Ti71uc^mCG=uDW7L z-%s4KJ2QR`MG_6rB=_O@JXpxCFzUNwG{Kt6=YJhwn-gJGAtTTIu2kQ&9tVn&ic{P+Pl-mk|AJFsx5s4axs7_>_NXc7qKB?;i>VW! zcZD9y^!wzL;AEKvnwY}--i=MHf(cR5HHfH-3cEat^N;3oCzX`=K~d~pUq*lqc<+ze zVhK6X0}QGUkfm#+_bfuywTz>2;9QaUw`ebWv8$4oZ&pQNuAOPgMzzC}!9?f*Lo8NYnnw z^OSqKu!)Em7vz5Xrg`AfA>7M6GlW?`7j*{yI)Ll3F4X^ITPD{TJ|3ZdwF_~i>e~^& zZ}9;{ZFD025?eO*Yy`RSNY(a`US`KW(_PUwlW~4WjY74lN_eZpI)qT{%yPEzGzjXm zOuJH$3F3I}V&AM3ee3De9ZO$hzM5&?=xR6m-p(%U1oB!6RMM2U!qkeaUTomdr%YiAgo(GI*=Sp5kyk)k1MrcAQ2 zE~45KrWyYHqSS=_jh7L>I0d_mmQKP5h)DnDcB3+;Ggpq(_aw)QMJ+)=RSLI@y+~VI zB_iTQ1VKFdvLlOfqiH@HkSgQ0TL!)@viK+3^lgrwu3~i1@j#7ouD&muJqqA4_Z3zx~#~c~XO0ecj$IM(F z6Cr>>Wj$IeG_#89%9{@NTu!nCG@)rfTfVZnF4NI<<1=^J}w~))vL` zhH(`cQN|eea7l%_-rAFiBZfl|(`e}ENpKm-X#Y>!`vI3WT}N&rN8TKyetwg)2pWB@ zYK>)E&QPOV7M%f1%oBIMe&%UBoH!%VPf^3nWIqQ@($RiHSmfXgFY&0q)`5^Pzi9D? z!hfbG=@0(&Uk-!I0inR2D4?D&3Z0y}eHk;j)Rt>e^{v~*+oSqhi95X=2;yy*4>#8j z?dSeH+{aAh0_8X{zcnb$qlcd0$Q@K0W~6V}&3pN!Z>8Fto1@8*BR7!mUh;zaO|X;Y zon&*wAK8KZRsM;SpM7J|nI!fQ1;~#R?>P#(gTNaFJ2EoCYr=ZW5>l@81f1`^(_U^q zm0oPVl->xvcHOQGyi*!@JG@U*Lf)Z09-kd2T$6kPl9QoL^}poifWSG_!G%4shZ?Pw zci+)ZOX8yj$RGIu{$CY)=^WKbgDcNy*Qp%(lPDk8A z$OxeFm|~u0;=_tVv5t}+Gc%y@ltXM#9Vn;{bNL2ev)X@Q`ik7S{jQQAFNJ&Ap~B4) zr#l>)FGz+0PiQ$Fk;l;-VWoD?T=CbI7fNyc9TQC{;^$_W!|$Y54=gI_zFyOezExa~ zy4oo^Vzw_?>MPSsCw%?Exj7O0dSSnIsQIPep>rFBg3{i+O#BoNzrjBX{p}L5Yax8s zN(dp(t~`+Ermjda3vv7snI5~M-|9sUh~Y=ke6)Xh#?Ka*b(~O@k-nDt49Mg$@7S(* z)IwL15Yn#I>aj$OJO#cn+U?&<-JSPqzA?T~)%NrJDTV9u-NN7FF|>drpw(oGUFbiD z$>^L6IrMtG`YV~XUh`eV2j@oj{H#1}m}4Oa#~ox~p~t@QmaP4)dHD7X16UX1s^VVt zf(e53NMq#w++ePe`u-KmZZJd{P(gDpd7-p=81v>4u!R@%K+L&cf%V}V8?4U`mM{Xdb#! zIkq%gHZMNLde8)7?|cMkk4gp_kdjRrOmlyp(yX)4qYlnOqkb{?nr0p3n5aDQ3mU`z z*#}GkY=km-6L{hA54n9I?OVIzAp(0W9)`BOl1B}9qVWfSB+n)J$w-R5!Se%z&)$@T zOACS#AR{;QsA+)48C0 zFK~vAM003H%^f)Zy6P+Bh6u_0m@QLa@{ienA(pZl1yyltrjL(c-sI44(58ot3&V9t*Ia=jYGxX9)Wg7}<=EK3Yb+Pb7z|TMF=^5%>t~-lTWc zVpZzHwTt~1Wa;~@ZrU7>Jo>bze|lWd zttt_te0_7LuL_ywA9nVcG+7$ss8z&d>kiq@T)<@Yp;Y*iW5^I(s+hVh~a5_R)< z%jo1(tx;S*{Pxbfn{%MxhM(Pz(|SXEaT7{s$Cqdu1%hw@Mei+}*PC68;NBpbKW~JJ z+J%B#N>tm%eXsr4CS3Za1~6MT(l!4UsLgonkdAkZ0-pfTcv30@7_-b}uEA1lCIH~# z!q>Tp$>Wj($zycQBJR}23-#_=U6^KpMY(s1s(n8Lbh$SwOqL7 zsw|^iOn2(sa3%KIj*I;Zy?04R+)kNV1{nn2wMyMiqC2$9vRCTVloqTA@5koaJX2Rj zo9$X2;c^OK9aH0ZFvvgrwxQ*(u8NAf;=LYF2}3b@pJ$+2q@mw@t^GeMT^Iy<)dT`D zjRZmNzBzqvjP@#l_T(6c^5z_DB?9tmYJv>mMEIwSlD<*qv|`D*W{%tu6vr6ED|{?- zWIm_3miVg{QSjaEab`@VWgc<3eM7Ucp0O(#pf8d3QxP&$c13rYCgN5$qXnT;gky_z zy{n$i%rAtF>SrO9d_-pjSllr?4Zbv{?n(&9b^XmLcSTV~ zRv~Razr~3z|7Ynv`v*Be2D$b0@3|>pxPQT*39%U?X!J|tHz=QscjRNNS)V4@ZzPL` zg}duP@RT$6B#b$&5=pDhxtnk@Gyu`a#zyxZB2ly)y0dMh;vk9auYsp*{rs@}86e6i zlZptHVSkEq0!O#aMAk8OHJwsjUvd>?0C927O;79GprW$EVZe)Ot0e0#C`(80Yq$|q zf-wv>qcAV9Bhlcu6`r~mo7<%D+5K+*qu1rM6>k&AAcIWrUE0Unk}JobF}3m+;04u9 z*i(!Y9)+071=hd)%%j9unBDq~_mJ;mKax&as=e|3I}jaei&2ka>H1BfBwoa9O}O!q z^$jUEfE)jG0CUV|vNUB^N{gw90q9U^%LKD#5bCJ_V!ixI-X4PsFy45wd(6h>@spSz z#AYDx8*SD!OM}`qUYEZ!w8ypME2p#{WaLgOHBEN4vZ-ejFJX7- z`Wxn`vX;oFo{k$pgR6*C64e1eP;6{$Nw%$1N2n&VK#{#+bV22BahwB9?rio>#lO*F zMl)(6O#?G={jM-ZT_fdGW!KKBD&BENcZC9dre>u7HCLCPC6*eT)f}+u`mP}eSk=2` zk;m3_PeEL<#G6~M9Mi4? ztog-`FV=k`s#g^)4ox`}#j6EG6bu5{J@f>dRDDCceYuiQ_rKMTR51SOEynsp=gmY) zMH~UJf4AbNhTR879%i5Rd2K6VWmtL6?j;31tv8$KqvghezRdQwaZB5^2?a1+8T4zu zWJZe`rwdDnTc+Lp8gw1I_~XI)4seX_hCEDrstboi_H~6R z)Dy+i3j!~mrJz^h3Zi_sc%a)#0*_!REli@q)G$ACM%>~ZQUTfhC;hln*~fM*$?Z-% zzt1bwqmVU->E8AMsILPrT|ZLBTtde zbbiv9i?X;y)Iox7PLj%KROaBT%Y6|=x#{;Oy|&JchN|@mndjZZD3zgi@eT#uQl8Y> zqO|oI6Mf;_ZqOGeVw&QR?o>9)O;WTTCO%1`5*{iq_(yuWi<{w*OD;eX9?rMJmtu$C z)!$P^Bj{9#G?Fk5Ig4c9F+pAwROy6r}25c|>p$8)Wo#KJc4deyoB7qg3M8Y25(QE=H~CM_JGs;}{?Ez~EeN zx22gOzdYQ%T||$0oSdZDFp@_RGZVZ)3wm=mz_0rh+qzHgnPFhU($ooAIm>~y-`gr) zoI#5$|LJ}3TrJ?g!W%RY$s}BM{wt(iDWLUS5$T`9H!l;?&~!<9iqu^rbaOiTO_!Kf zZHsGZ;dK})aU5K1xbi<-pP$~`W3~K_pZ-HA%^kf%@K!-FzU#s#_d{>j>XK_l|2sBL zi}Qzx#cVz1Z1p<43^_<8CW=q>C|mq)>AtP@b`yH&MQvv2Xwt8eWXR3HFB5VJQE=Wz6Ls36iEkQ}Np&+*-!)7Tcs1hk~u|NW=~=~@lW-KVSSBj0urtJ^s? z3;6&G!a!mJCOSp+&P!B5^Yr1J*C0G^@9ESXn&r#ehO1kQ^Dd~H5ZH|7$6J_l*bI-- z5jSEVVPg3$eO%ks`QSSXxz6+ZTuAdEtFf;^nfLD}OM<9-`T6=M)`UHv&^G@MN5CK$!9_NEye4zV$Z>D z0n;rmw!6x%U@fNVI27)-96i{ARoUZJe=UXQK4;_2)8o`}hpc8|r@!_--977=KDmbR zL?-9HU>_VaPF5%(yv(xtHgGvU)xpJn`~(38*$86hYaZ@d-W>1U&S=wt9GpEH@l?Jx5dit@_z0; z>?=hvnf!srYrm<(H4}R!$!WVM>i>7?lFsdzyd-8&6Acq7Tme;Dz;kIMcOvk?Lr*jN zlrz$q4opKr{9hMI5|1wS(_ey%yy8%7c@GxyX838Q=9;Czs1f&ZhQ*4|F22-iuEOP( z?bfJ3fyiJL+Dyr&d)3Im#+Z#TmU(bsS2+R!%a&v#6Xb7+=fbl>yqctypxL{`mcS=p z5z?irIp((~Z@kBguhAPO%)xpEK{?<}5^d5h(#5x=F>l=S?dtw?dBV^xGUUvDEZ;kl z5>KI_tDgw6hnMUVbjW;fQPC!a3%!H4hoV^9)fX7m> zcv@UaG(iV=tVYTkCGBMF?aifD>d;@2HSjWt=o*-R>qiNG(tom5G&Fwqr2lus5ly*Z;FGo>5dj0zuuvf;!y=~1xhgyMHBsU2rZ1{V zUTGgEYwQmk2gGT)&eaDZ-_b4u*0s6Do6)2NEmwZ9-U_;OY6fMRt! z_m5Gv5nOC9$pH#+aD5l4>WwDtMtF#^HgrmmlDO>Tbp)#3Kn zo`Eqx6W^Q@2MJb(pj>HGxgnYGyuzsE>HqW;MYJ(Mq(5?^4>9O-wMEw*hpEEeGXW%Z zhpk5`5%<8UZo&D|R69-`)qCv|vU_v`qc&a;Xst9Uz)TP z%2)%!HARqcR635@Fg+yc3PMrgw@&`9Xu~HQk>(VdII#AkVwDf?+pM* zNWUNlf{8eeZBml!+*(}u#dmI)D`r2|Oa)u0biZpcxe&MB+0>9xsIYuKUuabimqW^# zxWlM&=6mD@&>E;2a(h1);Dy#-+lhQzn`CroHGH#=YglGi5Uv89r604BwO_zQ8p5;3 zSR6Xctg{-ZUZIn4us>l$A^IdM_g{}o5Wi`tOe8EGh#Q9E>CO$;I*YjU)_pFRx^ z>Ig+SNF^`xcl%svw}X`sE2=YxD67mX@#e?0cSUG+WP4=&bMH3^QcrgjIWe(Z2UNMa z0xo=N*r@Mte#zaY3RBJ@lWxDQGw#w@L)`*T?BKMb@r4Dcup;c8Gj{~;JiM$Y7O+82 ztL*$|!e&+gxS8b%g}Mgox0-VJ;+^}1-cz)A;q-PjYQAh`U{eP|1=rRvEpaDB?P;GW zh_i|!W`WZiSFA(9q}~n=5#EYktX*Zh|{t=}}oKY@$YWX*0x+V&( zb|0)Dq1B+3Z2PK#k~xbaGUcp#HMP*)2L7j)NXxA1nNv?hOfIXg(`2%2S+FH%xD_vt z!iH5)HBZ#)ZG;xUp-+V>=LUv1pD(Wu0=VToDxuQ-bHDYnwik_qx zsz%0@5z83z;I?dD!s45_%Ig~c+=WtAvNbS5w{Jx9?b3lHgt`(cHdn*)UMXw;+LSxy zm)2x^(Ci<@+1|x~5W2iXSD6YPRk;K{A!HLFf873ae*}{)yuF(B0o^@XdMcK5S(~t~ zLWFi%__`xxtv14#mEh0TVk%xT82GdtdU8EbCUFSkuqPIWpj& zz26*F$nw3q>989abm@wUA#VyqW}oM^3NRxD+XFWZNIojtGo$iQr`tiU|T3^kNh?{{7}v`g}X;D0A$_?Du9PCwc#S^9NF))Ggv%K@|N@F@fMi*^Ii_a+YC;-S$d2 zjn~Ot-jJ;ZbPhvhy{>W$kM%@U&H1IC1xubr?CzB|{r;}fcQ3f3!n8Uy{g@2dwDRhB zinJeq?*liFF0R6={kh=CP?d7COpCT}n3+MY`J`Jk99N)BAc=+^ne>_!9Rc4Q4EcjP^9Opr2bu@t-wo--p?p!ea z&j$F*N2)=QYjk*$Jh;hR)PlDY-aX^KU1?!bgP+A!SaLaWrRNU>)F=jhqWTo6SI39X zQh{FY3=_d-CRe8>H*F-v$-3+Uu`|yC;#Svh48w~5VUQ1K8fI1${oiqfp5%HR?c~Ah zho|u+Ug+c1|D{)+Mcg;~MP?YKOZNXC2$}z#i~j%0qW{y?eq%=LyS8m#KmNUc+`ev2 zv1%jx{9{6XWBtgDyYJ8|Sao zdJKK`=Eg(YAr(BZT$oq&#$1K$cl>>9+AJN+QRO@ojdoP6j$HV>+AV9n#4Hoz!&3t; zDwGZM1^jFX=(FOcU#wv`9KEs+zRM186d6ZXgvBS}g_JF;4Gf5b-GyP}+(@7!(52|@ zhOaV7LPpWy6vHJ|d@#OiQx~Y-e-nJ722-dg@l}PyP>@_FHc(t*4Wws7aaO9MpoZs4 z!M?gB(7V@@B+l<*+=BniA>&Tklu8{s1J=;5B6DRgd&W-#vYMI5%lqwv)NA5CYH0eo z!u)}A!jeCq=g)gK%hq&jJN+)M)(qGt#z&GOhM6Z~|HrpIDQe$wY`l9(AmFmY@EQ$8 zyNBq$&~sg1Xvvo(a|+C6pqMMg&jV-AM$UBtGxl_I0TMtZx@p#)sME5&h|hmr{2>Lf z4qDj_Nn#2#?+)cp05L}D(yf}GJXM}U3|-NQ^uLNb|K2GqYgTv|EM6dS-3L+t3Srq1 zHKN(lGjxJoD6VGRi5XE}{Fwd;cs5pTF{R#K`+82uj()`9_47<3c4&H)YqpRdL3I+& zBOF}MpNNDbq-$KH@d>vs{U_(8XR|-HV8LUSHCKubis+Pn=z_;o`(7q!( zk(T7+saR`DjnqM*t4dKO1KyJDd%w`E7KiPn;^~VsKFJyO zp1{m-%+}O(Myep&ofTzLfB5ao9A_1se`Z9TKO`c(lt`SQJ?=guY zX#+NP0#|H92WTs&X2va0&J_44w)f3#D|-sXsL`?O$;7jkg>{KcCa zw@xt7gmQd^(?*8@}tz zXl2GlqNH?I(=PilPehG<+@xJVOZgsL)(J&N5@+k*#;;E==MHY|M%IsXo)=JW^@{=j z5XE7awQo(MNx;Dl4IDzZ4C7T^;gnFGgo?8x!3IL(&1L<)4BvO>b(Nb#?{p5s*W3rUxLR8z4N(2fN&2)uk)e~v=jXZRK3uKLaspbj9l zM2;S<|4eIjR=Qiumn!)ufH<|S8A~{(qZ_ z;HSi@rN^91+UQdu#5>wkKHO=@Uk^e_9Ilu%mOFN%6UZO*|{q(fN#h0Y;bB*4hfy@4N4n)xt6y3)g0hi8`kRfuEt@HBJYhe zvxfeikn2KbubelZ$AuOx$C>&5Mhsj(bm3Ku_cqaaBDqM{{7qEo$O3$ zc?S9v1%u~J=akjv>81TsgD#-IEyoFY38*RNp8zZoc>1pWHd&GY;+uNqSt&rpaH10o z5MMbwN>bdfS9thSZSd%`bh+HPdm!-?TFa4NPN3*H|szx z>+g@bLP`dBmI$Ztn9<&YNGKabU#Tb*F;N+e8a?iykp=TA&m};Gry+|R`R*!!h~Ew0 z?Ufg=lo#FQ9tHzqjOI>nNlGI6Sg#1Kn%sln~FC-BoB{m^J%X|*l- zaFzXqw;K7po1&@iY74g6(=hn^=@b3;%IA@K9q~$=HK%VRAb=7j9WGLiz7zn*=}`Z z__D&o6OPysNazIAa)Odog&I+a74gx>-m7B7V}BiqhyglF)0tbq#A9WIywy{S>nnyz zyp8=K7)!DTcW#82xATkRw2acIqb{0}Rf9h>0F_%^1qh&_L!5Os^q@xK!hsoH%Jk8r zB}n24AH{zxR!;yjF`c}msi#m~clg8_dfA`aQBUN;rf`{&{=`K^E35eXA!dWmd>D%E z6%#jq?_&7y*kN)9_tQm;AMBDBJPOL2uq$$@*O3*4?WWO=_*R)W^`bhs=9u%rjptq% zp_+|Sh#kQTfjH53i#uZ(JG9680nMz$e;SU+NMM$Aa(^DYNZ>tZNvG=G$SDX56ogHh z02P5m_LAl%AXhx;w74DPXiJmtJsSURLCinWV#by6XYkWz^>U+iE;I1(34}#-=^Ivu zw=bSrlS1I}|C13q_ZJaM_{s_axw(i>P(ZpGayN~Ig&tVQ*eg==ja}^qR#}J6a#jT-{mW3kFYpG5q97tQ zsgny(5NCMq;u&ZK{b>oF8vAg#@8>tyLwEVA)^P(%Bj%v2f8pZTF0 z-k9u~%!T}0yqxwO4gpifopN*Ne5Lw%@WWLoYLkWvzJ2g%fK`6e{eqn*iGan8x#3I*Ib48P^b9<8b;p#h*Yuxa1??)> z%3<^r?qiOxAD0)sQosY73{Yrnb3bH2(dnrHZ(|}>Dx$+Gppgj4Ra8ZRHnWo=#dQ;z zI0OJX1F~F}xziY!_4(Mrm4lG3-98kL|CbN)BUN!aj%_70+-bsV-SkzB9mqMMyzf$12pTz~j} z_T~ODg|By4oeCvVU;n{J@WXS#Iw?K={I}G~{_@v&qaRD$)_Kw&U2XX&rMTGMx{~mH z=cwJT3#FV^WsQ@#&WzNHIo<*2IcHKkN?ag&y{{8TOt>xNHKI%|3+e^ObrH*0xB~{& z&SU)9B;8^HGvbeiYGldmiZ{gS*=A;;ICa*+Pa`hF3K_<$BR`Xq)+%Qs@G!#2)qReA zqw_`2HEka0bmSAS_fvtM78MzB`eO79zkt%bGiMg`^)({%k5je%ftLkZ-VRvif}Frj z!{h`H``G5w4cDwfG+^WRbqTrk6uGuo=5M#NFW zKDYdCmzflDUjpJMcX{i_>+BcI6Ncjt_?pq?jsXtn;M6bQwAeJ zLsu5kL?KlBY3G*)w>+DrU6t5-9Re{!lO;j=&++bP^VR+KR0X8FW^yJzOtEFcR&oSAI6neQ_<<+@&&?O`0(lCT1@o&u*|~!!K!dA7JQAH{8EuhegM=M`&xyP)y7U zzFjir${k$)#)*ZC3wG!e{<6lxw;Iy$!rF+e*x$|@)6ifohks+qSl-v#i;(9}Jl_5} zxyg0BgM#1~VHSvCvJuvM$GUJ=S#Vk*qVWT2h-Qd|mp3*e#7yq4CBMoJk8yVBrmCQ& z21{&x$VBw_hfi#s1os9iW`xN)xc4Y{gI~5G#rP*Ud$=up6+(2Qm{A1UX!5iq$sPhp z@_Yx7KfRc<7BilYWOp>taMPbOkP@9L%Nu^KP#4Mo+mMl1y6@NWkByMEjJF2kMJAwx2``fTocr7wp!Nx0=pC$Gqwzwb<4RWO4iX}&C z7_a^d9^?*vX%t_TRN%;{%_WYa0q6GH_eyCJ1B)=Q(v%}5PiZg3nbYjh^(NhvCTn^X z(QO+$0>CT$^s=gDbTljk*2)IJ^1NJ?$pX$~T-?G2Ff^tFW;EvOLM$E7Q=KEUNrGEr ze`aCfi@>O{L5`%29?RHK=B$=MY@&IB_3G@rav0eL#)}}T8q}mEVFvj96z{k~63~P? zPG`eh#L_4G%*wGG+YpGcz{OQiUqFI+jkA(Pa3jDv!S-R$LO0HqM@nC-!g;h5ygV6; zVPTp51v>Z7R78Rvu}UV`%+vIQt68)TSv-qB#u#57u*tfjm%G$H$x2t`Z*`w+jBHAw zy5Z0OcgKn2b`^^>Qz;-ZUgi$8TYBG@*qzkMzxcnm$In literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png new file mode 100644 index 0000000000000000000000000000000000000000..5c0d13944ec5d7aa01d60e245ad9e54f2fcf9948 GIT binary patch literal 36121 zcmeFYcTiJXA2zDTf}(tbC`D>QCzO<<2q-Avp^22(0Ffpw zAq0qs2ofMDO-Moyp(fOX^cy{%^Pcy+W#-QJ$Nj#UyJwg^dxyRDTEG5#p0yucv%a)P z^swlrO`G;yxqSY{rcK+kH*MM+yJNfXPET*-d*Nww=#5Keo65V7%nC2IdYf9AZrW6t zvWt6XoA7#P&}GNaO`9Z7{`lK`<;IDnO`9HQbRUtWMQz_P^G>f?7)BiyGT>` zL!T(`VegIk*AM?W3}8F6-@me-xs;pfB!A(bfj-Szv_Ckgyfj%;Ab#whg8?*CEWLbB zzDOPRpNUio_G{m{Aj&lW&Bp#S>_c8w>Q2=gV{N_`^8XBaegXHu^48Pe0M^dzqyG%* zE;#A=G4a4g@bEX0|4f(jW4doXr1WN*Jbd`whN3eGLX)QlDuAOF1t4houbJlN{%b&Y zK{_GH>3#1dRzT8U6EQd>T->p3@LbfI>G@CmA*$gs_kyxvlV2~Nh&<`}{LjFAXsBA# z#A9x4CUio{uJlkC%>{68YuZ0`9 z?aVHGBPs3Jcfa5oh-me<02Yu=sgt}SbZ%%MFYO%2$&d5LuO}umQhl%b-FtdL{g!Ay zihSaq$rf)rI}#jkIq8)3|1dfdgxqLrYnuS@xU%8A$KOKU;JNvK=`F#!?V|3dV%?GwHqf+LMAFfVEDW>WTQrpH+Oy4 zW3~O->Saap#4&p{;3N$}`|}*^Pq%0q9DSE1iXN}*oeNvQ<#BAIo;0lA>1Hk5f=ASQ zr5Ki32iornX?S4yYn_9Iyj|JwXq>ZhtDx49d<7Iuvy;qGauDqZDmNA z^dmt^-O6}N(#|-`(U?}(Zhmhl>l1B`n}Be%R^OnEudMqF<>D*q$gB{-RD70brp4RE zEx#;1c`!fDGK(~hdlnjssB0$I2jmf1@p>tBeG0uNnIA{g!7cANS+{vvq)HC>#+IL^ zrm}4y!&zKh>XyvHjWL_Uah7=d5xQGlX(x4k+})RMR)|+3HvwG6Gu45UDA_#tS6r>h zR;ROcv8>h*_0v@|bkF)V63Xb)+%REo;hRVWEp@iWFlbZ}P3wkDzoKurbj**088tHP z_0iBI!@XNC*qHDm%aZU?oBIto;W7AB-$h0AViV{fM9#QKP3P{;Y^RvnB5}-m)a|oW zla(PW@CdS`ONR73rORsCxGY0rN45sAn@=@=*{OX-G`5hewBkTg9hJ#f+Wol3FxwOJ z@|v>vyZh^>{^bC*K!x6d7BGJ0tUhAxJlp}_A>!6UbzVvJ-8m?jvqpo5uIiqydb`cy zWh(<5!oNO%4Z|P91X%u7&7t=GQ zC4DRE|Ij`$L7=#Xi0I*2^8eA@gN~M1+jlpKBEJIQk%~sq>~3RJv%0ehJ=wKs!W!=F+C|oM@Nd5v zuj~(b_g55X458!_nF&Kp+;J0#HORJKV;lcX>|UxpdbT@bNT4aSo~L!kkBUoGM`Z{!PI)QYuX!XItDbc`BTFozHgvJwq(}9U%MC z-!a9&HRgc!!PbVez?(7V{B5jU;z|vp*HgE(2TvvKO6kJxDY2j0{IQB6A3U!|57yjm zEUs{>#>He&ED(qUn49L;hO)<Nq^Rcwk+X#Dk?4R0etsrFGe|a7jT)9kfUlFnbYI$dN2wDMv1Z$ z&7oS?Z5bV!&@1IX%)t-Z8C~+?S4u<&WdP)l&x^#eUauaAv!uF_CQ(pSE|Z-@ieF5q zZrWE~t;W6^4{~16bOfe1F_$FK<=m(@+_Rd56QVUm;@AYf4{t2{bf~;DRS$N2hRW+^Z*pRq#99E_ESMcSw$w`Gdf;NjX~yPaJ(0mzW(~ed(^cqI#=y%$<-gEx^do(BYs6VP@4@QSEMz)y zg3*w>G4vHmP8$5o%^i)2G??-?-kvpJ)SixH!0eFu5gXqZSk<~L-HCxliq;xOstHlt zrgqDQ?|66PtVcidlGkoj6i&47{*gd!>30t-mFLV0xw_f@OKDN0FTb+bcM*<+cE-zZ z?wd$ z(3W~RB&g$Q#3|>tJIj<~x$Vg1r?sJ7c|=lvQPrS)+6Uh_w}(l_=aA~yk;Su77xp|> z^J~80(?kxnsk0j5tMfgb8eK)XS6WhMZ#wSo;wK~O{jQzrLN-$f{^<*!haO&Cwd?k(a;R_1`gTav5VEhu$K zDsExAfPO`5$)o9+rai)M{+kUQGQYibC;(W+TW%eGiP%R+7M+-X`mu2V;uzLJru0AsT zT5piRCY%*ZY>&NGv8Y=Z$#}ljxSj*4hYdkR<$PP8k4=t+~1kSZxva05z zh4XGI!kjZ_4Jj#A6<3^+7HK;^&sjAmXs!;D6G-_nRZT8#<^{%Z{>!FlWtp~bf(j;; z{s%Esn3FEjB4kT-?woC+A`ih`lZ%DEZ%Sp1JjL-Dh z1a`1{4^wi1PnVPpsj36u5b-O57{3%^W=aVrU?i=%fnpLso@9{tPn!+CGxwZL7@EiH zW0YQv(WWMW8WpYRdRBsXI?s0mGz=?Dq4|nkm4F*~9bOtH7Inv`lhdVlGUKpAZ7!ryH?-Bi2 zK*6=UK|kAKxLxRaXNSOGk&aiiS8TS(g@PRBP5wz9CUiaS(DD>>z?)O24lMes+U#*B zDv|SZvM3P0R?xQ})xx<0+Ug^A#{mZo!WP`f*;3j`AIkx>{*Tj@0-hI|+B$xW{z%}u z{ed~JF!C0H&t8`ybtAXqbI*-2jO@zwcVw@)Z|G2JGFA;@bKAsA66G)BCy89o}hRrEJUKQ@h)Ygp8 zYV{PBfIsUdRKfdvkYQcS>+T=5#P#+wk+g5un&%T^?!*K$ErOG!cHItce-j;&;w%p~ zcZ;cn>Rp36oDbNmZO3*!l)1Z1Uv0Wrp?3-Xh~J%mI{nB4&{YLZaRo1@sQm4CXSTEB zCRavr9_{=YD`B@_Z>A_OjavAnVq325J$K!PQ%J0YK-d~UydrtCK~I(ydR^DI5nJ6u zg~+H9xr3ZD`beW3bWkq%eroY~5CjJhR@Lg;5vbh2h|f-Z~|ln*cUI z_`9(9mwD_1uKP)(Fo3wfWqP6p% zmZ!H?UcuI_^V@I8s-riQ?<==n1KzCYCjf0NLC@eTcUTxBR`I(iGl5kLN1ikRNVz4Hr$y}n*Mm&XD{0) zuB+$84ui0w_MRFI1>4#RpI)&*^?~ap02_*{>Wb6y>h(6#6?K=MHO`CNP@zTK+L`T# z8tND33k}bAq-_$GGAjAhd!LtdPvO$kc88sF_2A}RXeFe|M(T=nG)t}fCmu1~FCT7GQP!Fb=my&l3j5)Cx`~R}2^+2iB(7z3$Fl6T3vbgWTMB2Q ztZ_!21d766EgGX)?tx{}xcRW|*Vx(&_lKGr0qXg?Ud6oPX3bDmzWinbtGpmrkC-1b zU7OEH@Sk@hD%jp-X-@KR^$duL8vlGIfYuV%)k=*&&^v8{`dr51D(VZQ(3uc*b@1yQ zN3?So;XO@P;w_UnMN%mixX^&0wokL(G)-j2brpgF>!MzxGD)bWBO*dIMcO^ET*mAv z+_PS(z2wqRQg$j@oY!{;gIFxr%3fLGC!p)XDXbjl#xKS z&}$iIxl%98xqgfDA;OevMLqZ4>ZeYs0OC(#uX#lWcgK21D6_p2`|0Lqg-UUz1rBP} zy~zYz8D3fq>4)ucvt=^>j2XWd&H~(h>bI$$69Rt4T`tsznk!t~GVPPpbOz}bRvP=B? zYsJFKM~E2Ie2-v-+E@v$Hq;1vf@1L_@%NvvP_tK%-~SxD%s1ppZSd>FrSwDqT4=u! zSuy(EYp9pJ^LcZ(hlC2CM5PY)A;`$3m6MPg?BPXuWzm#ubAt9)wYHX*4gLt`I6dXC5~;Vl5N!Bmx(;N@Ii9CKMf;6`=GCf(Y?_J%m-DEmlsZa zw;Md!jQUaS5CYNj)X36&e2qFAd{@Qu2L02{LI* z^Y9;#OZw~WeW;3Bl2=|}uDb_(Iv z7yn{!pEHpQP1@%z7_NbiHC-r}!Emy$aw&aaNvSUVe0>w`n@F3mDykr448AfdEp@S| zckwu&c_d=BihJ$W^?W4?)ZT0}!u9I9ETZW4Y3n|Z<81G&Jx_{-Vh-u-Hf~amDVxo< z9AB%SFORUQh*qBWh}sMf45PWPHobkIF!X&unB(X8VOV%_Tl~^dR3+VySG*8|sI%D< z0j&cXQ^!M5bEU)tgVV~$qV(vI?;rNHjn%0mzO5Ao$oE2YS~-Us3XkMW812CYPP37s zeFJF*a$l&go}AuJS$!orv-Y)^zeVM*Wc|s%T{*$>Q9|Y=$ySYmTZaysyG6c;+}=?p z?m%BLV0M~7ZeI&3RjoN7**dhbc|D7S>A($Z3UsR%T6*Ray~b@5F9}wXfR9@pfHAKJ zpje9eKmz^6Wn#ex5{UD0No!eUJ;h znM?-)GxBiFHu|o?S=MqvG5IQkh6Sl#0K!rMH(L&)d48vB=7lAo30N3K&&H^-t?_i< zs0OCR8J}7_3*>TMfha|aSsI=zo1KV1`&R>0>J@hP)u@YI-CRK}w$%yfp^;|`|MnhA z>+Hd(a-b#GZZA9C8ftn#M&n%-hwATt3=a-?WvIS?Rij%T$keX&h)|Z1xUmGxkmc-Z zZkUK$xYgmBRPxb3h8&KLw!(#3&t9UCL!Q7ErsU8jhSvS72w=q>;nOQO(V`3_%G;L^QzE9Q}M-q{`o zeKqZLBx87B3$12=h98QttEmWYD>SfK1~e=auaqhg`Gsw-=Cc6_s@0*o(ggD7+gDkg z->HVr-+;FMja{aN)+^XL1|j`b-mq@FFX>!=?A0YL}5SEcy%n zyoqu?K!5eV=<^Q;D^9&~|IcQfx(Vc=6>50h``M%vmiFN2)Bto&5p9;tGF}BYqMoD; zp;obxSF;eGU~ixr-M1TiMYFYS?pBC1l;&;pVSZ1XtA_;#Mke%Nn~(EmhD(6VD&I#Q5wkO>38jT{pb%7f9ckVDvx|2` z8yU)(LnIHaxo~CG#b|hfpf{qeVAD3<{&AT7`bGH+mZZ zw5qr6S_|0o@y$UnY{-GaEyKaPLD6G;?m21XYFdo`0YZB{92Nx@t21VTRPv4W`jEns zaC8*!YYrR#(=cN6Irm(h8G|#v#S8HqlA|XA5!Aww$kZ$Xro{_OX}s&o-(9d`1R5Cw zuMj*rE#rpLX>HSeO%pteeCDaP-^*no<-w|4GEUfp3_>I1qzL2p5~z6U#m|E|V2{7~ zlFBExd$NB3e{QF4>}ob=W3{2nrG?TVtQx}xSc|(UoOOxxe9tO)G-(`XR-syxK0S}= zhn)~twXX|jg{pRAJVw7y4OFP)x1@_~MUGC%Mb|r(4ybR*1dx8&(izfSUY=&sk22CK z-ZGo--KavyT&CJ72bfTj?&4QIu5vw;NCowv+?eJ?tkR4KYfGQJQ$w|HqC#3EtrZ4_ z$3F0CJ-51~HeVEzynWuJt_#HGE*VvcClDpC!wh7|%5Q&w4`zyp1p9=)f*R`*)x& z69-QWl;q%WZ)krS!@iRN(ukpOm+mgSQxNe7s3}#U|87_-U2JdEfjG}g6&c9vVI+Lu9cnt~1L(~1-?FZZVN40vni;9hSjBp|DTW2m_s z=TH-kM3z$BjK?CtV#DcZXabA43ZQi%P2>ax3 zKJJsAHPgD#|10;9n5qzi{()s)9S?RzHFgjb`o9-^NZ}0#YHn`qJ}9jA>ZG;5*j&7N zr`8!zl4j!bzQHzxvZWsjDZhe8Mx+^D>YoLjaRKa8@`l}t`VOsaiII&r z>oEEWGTgi&{>0x+?!P%lMJVSP5fc^bTJ{{H44Kk@%p;xzxB?Ee~5eJ!~mXc2_|c70I>BwPD0%6H=1520OBU-G}V z#Vy7U_PXpf<8K2O3f3iBDCmi|+u-U!AN*~~0&BwigdF5QhsD2H+`sSsud(7g_vC|z z|7RKUznApmoOkkXL;h)SpSt&J|LQA$dYHTS&g{RFzz;X6to{cm_&LgVM>EC0E%nEF zLG2&c{P}#ue@ylHUI>{Qpl)Pt2?kG76LWl?{HLDl`6fHg~OY z|B6OEt=h$;;RcHW6fgb17qheW=-uKzl&0URM#eD1_P-rpvF3rMD`@zl{P2q_e^aPG zUG~{~@y#~>b9aM|Y$g-{j|2;rzAG@<+hEbXdVWQ~NV077f;{Od(B)eZx~6!~^Z#MC z>f;tZa;IT*B8@m|A!2Gpe48_Jmj?>)i&gxunB#6{u`vOX*`y14?aMZ}Uswq8`9Cks zJ!`DUR|YhE+OMbYu1w`Wulg>57-txVb&_@LQ?L$wpdSW_>fPTIwg>tg^%b?}^;Rno zdf(N5Bx1a*i>5H->+BH4aTm4=RuX8CK)@XQEqIrVtHA^c;oe=g5!*;h*W;Wkk8 zdft5e5;o3KicmLcV=|)$2iIcnu&Rt6p2`i?hfbJ6&O6`D6mCk|88tm53tp9Sz}gLF zdC=H)wCRe45CZZm6~QELgK)o=(UN5xc2DCb{S!#VLesDlhIplgFFde61FoGp4`#UW zxZQ@NL_wu0ZzOCv-Ei&0MKt4eC`;F!_S&C3O(tM<)GPKqhwX^0uQ7E=d|~mQ8Y*Vu zfO(+?ru9@Mb|`Ocph-&4L=84&wVxfbKTPn*|f z1qhQDq-oX7iY%HH>PKLlSMD=h!Gku0nN>B+CDK6st3%0M{u-X=YDdZ8lkWl$Qfsra zE|C!>&KXbActvZolVRhtWniy}`~eyi7C9VBtRAG2)UgRbgt1{o=nxlT`5!}P0W#vaeE>w)J_N0)!o7T3Vxtj0;jrl{<*_KjB2$2FbDuGy9 z-Y_e?5~V)!WsMCv`Ntu3pN=hxJ0VRnaV8db&nix*Y^})HHkA?xA+$l%zTDz(obq^> zy7SU%pLo+;(-I4yv&~AtZAW6(A<%wf-FurL+W8?dxS9dbNYn|zA^g({ECCEDX{sYH zA{@=8o-^@rJaDKU2s~3iZcK}SYUiLRsk7k1!X>Z1KduA}U+i5wM??{-_WV2TL^Mjv$NDJ{q(p7OT+TT5vh^1m z8CW5AZ~<>Wb>X9VM{tQPnLeW-i38|!yw}=MCg`C>11H#Yvi*Wu_dPicpI%`b%uaJA zt5ZS&QwB6x?KAK3)>1M$gQL;r7IpVpUB0c2ciUXA6+zmm9fc;7mmiHigM%k;=Y%Kk zKVxNbdw*@}>_e;ryP2GDe^Amm41FZ6jCPGuci}GQc-v4)r6(?VSHF@tMx=Uqit~zF zGtG#-F0VSM&YQQ?qw&t>ac0zM&95mN26m-Ib#kRa{>iQSU9|<|$<9Wh)7N+A+V4)h?d_IM?J=66 zrM?z*;Kh);DA4iM zphTpm^Y{Qb`t)cK4@+0iFL=p){FHV-hClEBnm0m^Fn&KoURi&!fncW+a{-9S?GQXy z0}UW$ZaseeXu(0lGKJm&5V}sr#NkL=qj)-DpHtJ&qM(?&by5X#iDi^3f;&an>ojc- zDrIcrQ+F5IkhZy zYj7omI$b4OLTbG9+N38!u>Iaw{sP}>QO2vihNR`Adz~V$=G*O)O7tH-^M1F<#Mr68P!un=1)|p& z!$>6#uRP=E^#k7W9>;Jk9*xaSD5D{12bu@#Wt;O%oGN=IwGXx_?jC^VoFpBtH|&<@ zoa#AJs-zJhK0Uf1rk-Ar0oY=PNuo|1f)tuxZ?Nb&lkvwDIhtTW3^Mp+2qTzmOW?Q- zR7{<ntO>OM$Tk%o5fmD=Oi%maOhOCq8l|)KJm+_F;I!;g`76@T zUAJr>e51k9uhSq+fH9zi82G7Y*0U8?hO|N~h1Dx&bICr`{PXFuLp5U%W`&wJzOxHOpG zD8cr-9_A(^RsMRmB=%L4{X$K=<(J84MvNAoA|}7{YWvtAuZ@#q9>1Nq)hcbzGw6p& zR|+lqJZopIw$YV??`lI!oXU$p?KMHyKAOWiIb;6wy_8W(eT#|1Ew^3qpZ#7wNDIa$ zt>T7_Hzt-E%G8MOSNx-I?Pr!*bEp-&@U);9=WUkm7)w7RTtiD)ci|}M`(VfV*1_Ue zi(h2}w+Oc}M$3)OLFzC2Wn>fD~f9rE6*?F5*^ja?H;WK zhcX1k{;;%gp$`aa=|75mqtigczC+vpsks^FE!uBR+Q27F_)36az_&t5X570^tFAXB zTdPnCX@a3TFK`^Ubhx?#yG{4Zm4jW+>8L-ElQK;)#~XncIO*8q=@TFi1$uxU@3R+} zh8o94Z3ks~r74OIy9t&Up!Ll!NKdaJs8?CLkz*Uat=7)%H$#u4wZS8Cz4Kp(9r>RI zwOO;RB6yK8an0V=`WL<{kkjgQgDG+<@K>}iuC(R~(w_h+ADVe)Lj!HMWW zU%~V8UGFH`z$@F{P}U4K&caBtQDF&K2=OkYP02w#fARpBn1GIvxMStT%>)!l(nsH; z_L@~6KI0m*Iqgm=5Sx{CbB@Hz|Z^6{AgIB^FT!J{}Qf$ z`&dw7AlcFM=!wTnzU!?Y#*dXeD~l{m z;#Hj|c&bCHuATr*`%P6`87JS<;J1v34AcEV?=eVr%t1;wdJ;0M^0p`AE z8hiQuYs)oO_)oo3$Trl%j~2zsncPU68WQrV^Y=Y&=|}X>ddWM%&_>uRql4xmDG>I~ zenqL+!s$x>*b?qm)`l< zH%cg>>T;ACVvf7^SfOp46HgyVcAy2NZ1KOmj9kTOn<8ih}1#zR^TP7oGs~!Y90R?ucJMIQaN1 zg#LAcZq0G%ZR^!jvmJ3gV<4oV2_x^gyYH?)zxkLjXR|k2brRixIzv8r7QFhxm&f+k zzP;bS!aL6jr{5o~<*X4CSY;Ag0@~2N+S6C_1O?i$I4t*HWm3c*VccYZVunFcGmcDz z7aj&B3R#|eNQ^pyzlDj-fltwhQQvt?vS5E_#VvjbW6q|j;K{CR*O$IlmfYwxkLkqX1c9e-ptG9;|&2L>>nOLizs;Sw?6kQglb60iDt z2etK#ahh^&`9Z^^_t#ac=9|sYlegZgr@5t!bSHX?W6DBuFYa8^PI_^LQ4J8f*3N7$ ztA}RNaBD3aqn_{_>6o!2n=xW`zFgu-_5l_LmTX=W7tU zFe4Dga-#g}1m2MPz!P_Z2Sah1}M=Adw^3wqARbQN`-}CfeZ6h;v_7Vp^We-~x0ke1&>U^V- z0z|Ml)bV~{3$00>?>|YH-jkobCSpih^-hn{$PeMr;X##`9ZlZADdg)~&iOBo#Z|nV zn7MCg>qxy%6l4ULMD5^@)rKv*&@`SN_3Gz7y}Aq?$1FxYd^K{g_Jl&(*2@>(*5anU zv5D^aBhwHdnZnRJ_(caeiqZ4;x1G5zho%gfv=VeXx``uJ-v*x0mV1*b{9COtIu>q8 z=-Q>Q;Dwld+UmK%-YTXu!RX1fA%-6<%zu708>k~tF(F^4arj89=7A_{8+}g1oa01WoJL%am0+~AG9r}fOUzeEhN0Eh0 zrpnB>|FAXrJ}gWFus)E-5+^<9Mp-6R2$t^2*NwtnfS!6b8w-AC+1|w4*VzF{3p8>> zAkAJdwj?9J`=dN&(v-IKS!fAv?FBJrDV4|(f+B3TGid-jX{h-|8uhV^99BVGe`DnB zUO`;;iW<0F`+>zBoB}^Ti;f_=L1w+z5;FcTRwEYBx{KW)*A>YbYj-Yw9vY|f3AtUPO{`|?(z|qFa zNLu<~xh7f!Wm5B;!%*c7bE_`x2an7Pby7y2;+p1CAfEH&c^VlLDF;MMB~Kg<=5>Kr zt)ud7P-KvoVasaS){AjuGsT?^o(-ee7=#ImL2JO5*|lNaF-_QMbiLi37;2J#yrg37 z2=2K_KFVb}rFuEcBVwe(qyfPkSaA%$E^mU-7vH)<9sI(#01CeOp(iY4R0*E@Vb9V5 zuRDSMo_rgl85G{;)MrRhUf1UsmTg)I?xtIgJb7G?O2B<#N+64M)dac)PYsn2-_A0I{>9 zyjB89HLGJiH>QicUJ%fvDNMUVtc#O*mRp1 z*;VWHZT|W&CWvG#w>UYc2@a1z_#xzMHP@&c5;w-OJk(*FyXfV6JX&3Z_noFrWyp*_ zq|R>tA5*LNTLvS1vAFZ?H%rmG-K$LA>#;Ey9RQi4C;r6Lm-=#izU7%&p$_5mr0bA< z$8A_q{z#Jnyc|fOJsX`*RuWw-V^kET6z$0@eq3ED?mgHYnH?upje-^~NPMGJTrqs* ze`BmTmJRot)JHFv>*(i4`>oXbYm>!8fMjP_Mc+u9q2Es6CyjeHKk%(P=|W(r`pK<- zAwswig1pIizR!3HpJk>e*v4#eZ6h_c5U_%#aSTJz--Y~Ivz)Ns%y;$JvF^GDmT|ihNOv)+pa;~YqtQR0?VL?-ePzOX+xDG) zWCiN^Prxc6RnsnE^TVC<*>;T4tPTPH0tflU{Cw`oox*K{cZ|+x64actWfMv^vc0~` z2uBK#+iD!q-Uv5Ej?_FEo|STgB*@9A-`=0|-$=fJs++As?>@9^zHB&C2!p;(Aia!D zAdTcXlRw+ES7%O>=0KO~l6JPeItiWi>(yiTY`6MHkmt{Ta$J5c{4T8SxS>AQ&;-*_ zmI`_(G}IED5bTL&q-z6Sb(w56g8BT9;QYt`7kAC%n=H*hoL74E8^s`i@Dt%*r2mhT zyP5h!N0t9OYU6)5TGDWb@T2d49m8hrTmN;rDNn)kw|`y#(Y;rD^S`ct_x|taU+6rr z{MXN$dJdT>{`-1nw}QmKufyU~cmDhOocaHfulKT<+8%v4UrD0_>D?ea3 zxtI1afinMV{W@X_5^K-1^0_DuBTX{{Asp@Zim3VbF;m2px|YBU1o|Y9Mx=e2q>M^T zcj~0n1tK_C95|0Ad1%tKAe;o^`;y65v&eV^;vS1;6S-lWZ4pc4`HNTX>CPBdQW+`xg+d$QSUaq^osy%^06PLTgHqECUr zFP}Uz=LF3kN}a8WnR}Trv}P*?#RA4txxM4U$E$7HqqVK;jC|J*We0>^U7v>_I2ua{j|B^R|%H0gNCPH zEA%>xSl8LvD9f+GtHdF$&*Sw|lK|eo;Z3?Gg8zW8a2=|(BC$kH1dI82wHnt^eipsh zReo`?Qfl9NtRlACB5FRldy`| zbM=Qq1nH)VrCo%N=6y|_%@!J7*YGDGk5u-J7Ss{BN>7=`fAG8#cja@_)%HFimmGXe zvYS8WO&JyS*zM459L;%#h4d+iX3N$1q+1hYBf5U<~mK0f2{z~@i z$|KE%RF12jEX`w!;!FZSWkb|W0) zj{4^#$CG9~#Ip0DajC`P!cQ8x>vLxV*_O8!A$yRkP=S0%B(}^X;UaRMmyD+FnzIc_ zpxSm^i(dm0dy)&SFZExRHd^VkZNX1%Czc#ZnPvd7H9N9DUk)@Y)G}?~YVlE5Qv1m+ z(a!f_XBr%)Jq8$Vp;qh8<(p4$-;r(E8TsMFR$#krT$XA3pH{{3mP7turM^z=s$mpF zZzRzyY&5!cHolcX9mR1wsH<_STY-sER8`z2@mh;0D@WW#BI=8OhR1RIw${exEWvG8 z{`Yp9eH!Hz^`+N3WsVR-1e3=OZ`$->tg&LY@%-BZ$P6ZT0R}z|yB4M)&={4H8BI|k z`Yw-TR>W-RJlKl>`>x6j9nfxE?^C5^w$L*X+fJA(3isjb`|!@sZUF%#rg_TGy(5iv zk^Qd*hrzZnAT5KdOyYe>2v9XuMtV%g#f1cZiU`cd$pVY{Jq`t z{%<;JvR3pA22;qgEjR0q4gZl^tTXughZDPDJ8z0!H3weIm_1C9`r0gIA>1HoNwEmB zt~Ib{eXNia*PZ|=4qtObnh{aHpMVWXW~P0~A@UR9cA|I8sqRlZpu*sDmJ*ZE(6;q6 z{rK7C7)!33oP;%D)WaESvbS&XOe5MC2}p#=Gz|C|tB>d)qQ3F6grV$547j1t%PAtu zb6GhwCHYK5%i1Z>)DMD_(j5@c$WtU7sOIZ98< zx)$Zz_Iu2pIiKs&_$0Fy)2MAM|G1MU#}O z0NYVDcAx>`6)Ynh5AC17KZ9@!@X0;Ngl#z4x!w(Kj2q&g7(A#h-g9|1#%uj>#Tw^5 zLHCKdS3P6o#>*-fBh=*leG^xdt`V)aGQIBe4s&{$%a+^Fz1rauhj%`EFk=zOjf>u} zaJOoI1Fd8NEs4-84!BhBPk8%*gNP``d0?{be4v`1R}Cmf2?3kAb-uN%Lz^A^gqX?w zn19MeXkfM0F26HgrmZwND4R&pt-dfX3-~ccu2B0&s9r{6*$P~?QIIoeJ1)x<2LfpP znW8K_&f-^8Yy|QhgMP+(&eT0%7NX_mBY=1Y(rU74h@tb65}N;_4EIy`-$;R5I(TAF zT3(IgYC#u;|3Ue!uaZi9v7qB~Myk7JZ{ewK5)CZxWbNpHT5yP^-mJl`UK-GK*-%Mz zy=3g z5Q7~-LB$_mFP8;yN^To_jfxZPWbs~x&fWSoDdV~qWxR!w-@R9RC+;jI`N&44p=*we ztNG@%y$A()_I^ibvkTX(_<;h2YYv1a3_RVC`g32g=IF8%cY{8aH(r{4)Bwu&65cs$q_48zqho#*gS5x6qO1z1!)6>#Ab=M_vP5%QHk)mrZttl^SX54if& z2DayDTruuE%$Q!WKL1wI({OJE@R0n${h-98R;OhHIsaj!VZM)tvn+j6t+biqwngLD zJcA=VV|y8Wcw>^OaJbSXfoM(m~U3IWK-!B@Wy*98^;m^}hP@vgS?J2Nl;aKb1f1PN8MD-;OnVX8++`kMP@& z)i}X0=0@oaR1w`KDSUI^S3S>nGV)%4Qq?yRw5%v>Jet~OUh)bwGBW*JXn5(t!OV_l ze%Ehr2(T~Ykma{r@pcyPG~Nk zc%U4tmmI>hpp9|~S)_GDFp1~P5^&rg;y8x&S&6myoAT{II{&9}_L%6S zh=u&9)3teb)+*fs^nD;+fE&ce(ue6SQ$(L5oYsi=6nV98uYw8>B+ezevuYZaZmLhz z2)}(>R#CfnVOzO<+{XDzwOX4dP)FEeZ6ANP6mCCg)8((<(aw)kazmihReR2DvVq*I z1&(>^l#kJFCTlB8TV1rXi7b3%x#x!lYRb>cY?||hS3DjSPaF%6Jf!}(p93Olm7kWb za1ZZf&zrWI%G{tk%2sH7)jgKrzv=O2v%=J?Jz-C_Ti$2Kkr3HWfEDn4UAW5$z-YW? zg*nhC4fs(?Fwm5`>u&)|0AHyB?^p8z*&m7JAPPH{#g*a&;e=9VOL6^7k6rg{XRLoI zoDil(m)My&YVO-5x2Vz52K0Hl-7+T-16?=PI5uKk#6+z$>IJm@5iwufg#Or>Dw+)) zeF&)5g(}uSyCv342EaM+ykUPUo?c*}L5h6ZI9p}XX7n!Oogvq=N0{puzu!I8#_QCv z5hLUn>0j${G3XV&5UrqO#**p>nJbn>rZ=8*8S}F{b@c$gX2RjxryIm#wKNj)J%|-8 zA^0ZqySeh)_?pA=` zcvjT)q!b}Zwous(A?sMGv1BWeWEn-)5JL8)F=QKr z5eiwRWlzUO%vnAx|G z3Y`rU3P-CiEAtP!6enk;Zv`Zp7c=G4>ho#X=f(=}euV4ADTm=se9R(I!6+*$p4&D1 zCC!{%FegW{JpvXU0P*d250tpiRmgdJ=4T&N~F-kwl8=~aEK zIaNt9O?B>DTV}I)MgNTyFFwbjT~Q@L{00}z+8s>4bUjvAdvaXVtxUM$*kfDAEu9>@ z0_4m@=a09&T*|frBAAg%R_pSs{ZNd@h!Nr<8^c%2vof&L*{b)w-G5G48<`5$C@lc- zDvMYnJ>_HNb#;yxNP11eXHHn977d1|>5shhs#%b|sIZ-C?GDQ?#!dFbQ;SH;$FSpP zgoBUNM9rOC>PE@C!~QJ;AP2_-+o2&lig82k`p)IGxxM` zouR}KcC@y;V%(-O}(8)Xp3g9y+b()pcfk z&Rgqtzm>JTd6H|*?am;`m&d++`esLRr3fVdoRv2oXDj?D;|r439){)l*l-~A}z`l_kg^@H`u z{mWv#j6;tqWE`y}J@#(~(dt@)7~JSMmHfD^H!rfJw4dm`t?m2&|G(F@1o-nG$i#B^ z0gIyBRLxRKmDfzVsgaSJT}KLptTeYq5gn;Ysk+hLHWnLG#e-Lk=yt>(Ta|C#neYNQ zGl5iFbpD?l9k%*l$UP`-?$*1p;GkmdrtM+K15#W5NI|s+?jA*ts&KY?W{#~>7GC`s={;ZqNsbB_Svv{ z3D!e=x=NrVC#b7>(rx;TeJQu~RbrVM4l6{Zg5p1>gR&k#=B#zyky#j8+I%sxFX_Z{X#f;CKA;4j`Kf^w_ktROu2#@3* zoL((VE|2%(HbUmNAH_ada9E~OGle?q#-h*%m#hZ|+!r#JQq^PKR$ghcKb+Sf(Bb%nI*lQ`YXHr*7+hqT34)uQ|f!Z9q+LJNItjH(ne1N zW2MdyIN&gvW~(RHaPh{JgFAs=R&6(; zePoKOKH0&Ff}B+KK@@gpXym5N;?VD4R84ZOZNI1q-LyF^)MUW4-<=kBPDO=x7pj9D3^cy({qLnUk=ki8JTWurp#UkaA6{ErsVAhK+Nh`hp}T zWe-F(1YR?rVSFK$F%KGlkV9W`{ZZr$p|-H@M9%^Q{4)rnQ>IGnd;Brh-S*r=&3+x@ zi$0{s<)dSm8XwPD!UsOPoUs;SFp^79b;6esE#Db6o+BlKje}fLy7d02J-^m+qTIRO zMe&hL=C+Ch!=w7RnWFOXrJ*y!CG5k{T_Y}c{%mUXd&fFb4VlhIUrFh(Q3f=De8g%& zrz811Q%5ZPIA29`8cj@GVvhB#GQEMj$tp!Tij{n95+Et-o0Q?eF9D;XeH1gB{czSK z>Z;wtMGNz6^`z_B3~wg0YS%(qe1{Oj5phofHO=Urj7x*eWI7pT+#r@>@fx5@2h#P8 z!W`*@D;ELzNFzi!y0ZdS=^eWl3MUgk$$02@8>o%w6(Mr0e}JYc`7&T97l;R3+d70u zMPN<)lPscQIdj5|V=}?dPn`~!iQj_zeow zYWvErnd+e9(4Js~%!Lnra9IQ#o_?wM!FR$#Dr;rKt$Q zf|}>5Q$U_h5$i-kBPW)TpLKWCDUE_h?bUD|=2Hmh(j=1VGZJe657u4Pf5f%%6L@oby7bC~Tx`t{e6nDH_HbNE1x_h)*?TP$*t-u&uo+0ZT#5dGS{&8sI0O2r&>3~ zLE?1HWsA6R=~OwMSl-hEIdcQ>j?CtKQI1-1%*XF@_1fKU;&3mUAr&m8iYvPX2m|O; zH2mFB@bt(fCu?6(6&qsKk{Qk{Xhi4&@#dF^5Q?Wy4~t77xWCD=`UU|L-4E`N*w3lq zCa^{Stm{vhN>*@yZz~~nkO-eE;kPk4v#!CX`FyAEn=J2I;O{=S^d;k=45U>WtRkp~ z{>T9Kp(yfo`!b3JLrh~>^hd7H>^}lHILJ29QTd@7xSui(ScaH;_S}xhcA9#lW$S1k zO)9=6d&3UreAtaUSE&P)E6`!O)vtZPW7|qY>WMRrZI|yi0C<|^;i0GPtn304eLD#1 zB9gL0_M!Bsl`A!@$#gcM;@JslV_nd>r9#0rmqoN5b@gjS5wz1h*Rh!3p%h zg(T}&C2Y8Pr1(_@S833i#etNhX_Jw1?Ghj9#VkiTybxIiHmf*)FC>8y=Jrg@5Zoc{e<$WAH&;Gq#g`0I?h++ z3!?G}CZ~#5cHa_V*;RMKD0tc1_Ypf+(W!x0CBxafzGiEK;R?xAy?xgW!eh?PM@_3H z)%JMoijm1aAZ>hXlag{sSX^aNN{ePpcqwMy`J3D&=Re6^pzH#@328OzsPV3>UI*pE zDwF#9qo8F2hDfi^#rF;eGlE2;5Vkzhg88H)9IMKxz=Y>c*waN=A3Am*H?9^8{+KoF zZjOktwdDaLLxie5?xG`;dwg?-=U=J0VrMnGbP}#F5l2JEqQURv2>2Lhb-2(nZgok* z=+HN_meUTE&DpCFhsVlX+E>RRtF~41PR4>|?>UV@pAeN_@#Dw+y7=r6pqarGIf7zY z{@3i_wl?3{L?zE~1qDi`e<50v=c9~9OOFLD(TloGT=OoQW<8S=!+BxfOjl0YryG!Xirz7g*H5LYomyOlUNpV=S zTslmUM>1H!V{Jj!?E0gy3SO|O`H#DMrbX2hFq2_&sR7z(Hg-6HNY49Sx|YAG&2Co4 zNadw1oc1oj;k9$Mr7~c8mm(6x8~v1ev*fIWWv`zr{V>fbJ=u&DVEk$#sW&!0E1p%j z1=`M+9(;Cx)+3_b=-DCo@WRenlM`N#QOCdmr1zl+Ck`7`qt*tpiub@ zVZC+-H#Q6W9d^4MD`aDGh~_$hD)HLiYGvNvYb7~1`0I@NU$jy?m_eAkaqbfTc~c#W zxZ(R}f1)`K`Rb_#3Nh|9JXO0_fRGg`KIeD|fcGz*^;? z+|)Hq^<0*wp7(JRy5OkWBG_jOOtliQb7LP3%lvBr3DloqND%rG*_qkzuAu6hMBsel zZR0cK^#t6AVpopL{?arG%@Y;DP9>?x*wWEc0g;}yG<3)D6NziOLQ=uE2& z)OUs@JCl(wC;cHv(M-t9Z&~F^(%kX6m#Z3FFFTg$57o(ES^x#~GZwk05%0#H5NDc^ zm6j2G)jB&fUvbX7IWqs$HP|9Uznkey*&CNs8GU3YBEK!|7RDAbDc^~u~vD(kzCKmtdB=hCOn3du4>SxU#>h6EBj2eC+B%8|O z4zolezQ-|*%`{^)aM7Y%AF>(F-{7WSfy)GIC8A4bR;xCkhg-08T~U4mg))^qHFD+( z0YsN!x$U(IN(J^z zBa#Opwz9UTQ%LYMv%vHtRcNLP{4M^-9b4-2ymo34*rLI?H@KN!$8kX3W=2_y^KcW; zm^nHnzjuGx^d%;D8@{(!gk?e1ii5Gh?w^2jjZ-0X)a9kQjaH;^slZPoVJ$H0w$zPQ|-MdxRw zKXSfL0`mkXCVQ(q(o7Ym@S1KS{=ybBCc%jw`jnXck1xqfM??uTKT;{fWf`?bz3bp` zIXb{1H9!*Is7s#*2Q$b{?|Mc*m3uAk%M`Hb^35QLFgW!RfSp>;z#t(hN&&UM_x1c9 zzxVYwIN2g-Ioe+u02NxYq!xyuf>lAh(nYVdyBm1H171ERdsz{JX%TDvf;LYPn4h|i zwO)R;V%q!$)u42^E7}*lQ7oM%NAazEMQct89lqaBPCn#vaT_E|diD>Q#@{}b+^KPJ zhor?WEdlvms>fEQrl+PCByG9^J>U0b{w`^8tbg1jdHfJX zwSHS2{-sm8!7Un0M3GiOyVmabs^s-Us>?(#Loozm|mI5u0whaG&rFSaWV zpF*s>UlSMDbpMTUbDoyb&Y$ z#X)p*_qq}&c7dLF8xt>|zwg-bU0o`y2|~;_*RVrtis8E+aN=b3h|EtAO>*Gyu_vQ2 z4=3y#|MRa)!psScZb_w)bAyAR&rmPYFL$-Q8I|4J3& zrfVD+@E+rl-DYyxHiZ&!F;EakGjS50y33oS8O;6}tQx6T06T!sjplWbEWS zIUCcBac+>4f4S?mt~C|575*ZNrToR-y*%BW45)SZ=1%I1Sx^SId&cSiv;O@r zl-M4oujo4$xZf9AJO6)9jHZ_V0n0_Z#Gk0LP9Jel?OFDKg*;G1Q~AJMC(#rIPZv>Q z8)B`^2sm(}-KZxrfn28e;>u9X!x&e@IdLOatd zpse6wWBSFt4d{{Gs+IC>HZmn~y_gC}t>3tkDh;=9RM&y1+<^`GvNaQp_ot<#BmZ>T1HhZ--Z5pGxEF`r z3W?6oVF8);j0A zy}&?2tXv``ZgPo|@x%g4Ct9XQu8sliqh;T~bmVy=Yt+Q{l67q33+ls{IfbefNYH4h z^$_e#2J8+@?ki$fx23XRFOCdB*)Epd_$vPlEW@BpmNlmKzaZ>(x+1DQz|R1nQXI2S-&&m*>;AOz zVOu2@ZEf`&DVgQ+B?Nz@6^`C3F&42@-+{Ub6pIBYmEvUG1f(?cSqMSo0$R}8xcN@_ z^SP_0wk8$2r73z(;H`?;=#kJOr2((gr?=0@UUJ3{h%U?Znj5T@*uSLzF`7}Eucq2WFOyx6|5 zbql1(+K{3?RL4MD!8FpPeU@gy>ha(P`q<3ki8$BS`4aLF;k!U5WKTe*JvV!#-+fpi znN_7P{8v`>#%5NvO`rR1RHeH_cLR!08-mf~Z(E)F)`k9Fo_Z#Q7lG?>zjsq~tosb} zS>l>pO;L+Xg3wPcUWe3tRj2HBK6rh(p{Xv1FDL@6g**t+K7vgZAc=Q>Q|XqdOq8P$dTNN zlB@mtJxooTA%m?{%ixKq=;cuDrt|j%(TgCQtgrxTK{;VE?ES~0(c1=(BvRxK=p?~e zp~=O^MI2GnJ@6!WW=Rb4O4Mir#A&Y04!11(xjf71aa5v&OH#WKvb4}m9FUIs_uj>W zi6zf<+vNA6=Zp68y$HfSg$HA&M+QbP`-pQm%5{fDy2dxmiwcpC#pt z2;-(lgcU9LhkQ#FU;T@)>h}UpPmjzh!VA*Km^c{VQg?@$)c4T}2(qvHMc)A3zP;pf z=^rYT-F^yaqhLtIC#OM^>cVn$&aCW(X!epDzG?Y6_t@C;CmtKpfe&VqF7w5#*uIIE z3pN>?!ZPNon1fKwIu*F93g2ACwv~kEWuAGMQmk!`76RMP5uZ6e5ap|#9E(oW$$jrn z@|+qd-~|;Mcq$f*od1DF*i<)L%lT?2r8rhiN%Z+2Y18n@L}aeM%%0>7YB`hCcTK%Q z7lN5bHbM`8c>^p6@k|{OqQ4OjjdW!!IYcp=tp9?G`pa(EHT2YWKBSN{?hiux5qK6jSC^jl z%$hgXTkoYU?;r%lMyCiOL6$;J8mmG&0~ zfkW}d2zU_w<05CvY6Apv%&d0u&=@o{6{N5o_^FCuqae+FOP(KaE*tI;=v9;lUWBAZ zW~u(|q~I^3vwXC@vVQVG^qX929|I{6WEc}Qtb7*AM&F>42IuwG{=O^huvOQ#LdE;SQ2nD3T-SI%(!AEu(B}%y*Tu zE^5~=H5C{5I|n-=wfYWppfdeth)D3sWxLc*3S|6Ca9VdCygg@H0DoE?v&V<8bKr`AEfL2hnsT@o3 z`I1*ui`FpC(ryvBY^p+rw&7x7WKdG%6D6l5y9RP@_N%{woElL&E?o7}U-Om665nP^e_xdxS$HS492U;Lu<_AMO5tM`vs$ca{8sz2Xw4CpYp)KkE+3cYUW z*s!$47|t|*fb$f1wJ0@vvXavRD`P{@hk?5T2-WCSbU2Sg#&xqeTiCm+_4 zGY^Fmn`;IoPTz!pcRqo%uBD;fpRKH6(KFGc#eg>d75dYk9BwPBAKW1YA>`rCH2Cj5 zT7*{=B&gONZC$jf0(Y%m|8%PAMS-SjR{6mq69rhwkw$FH_)rN;M{vGwA7)hET$7sQ zB~`NnZ_M(y$428sZCeD8+L54&2yv@+dFX>IS54pDq8MB$C^18t+GW?`4FD%S4Z5#b z5{N(vW0GuV{I36$nL>VViDnG;J3m)u*zotH6 z)Yv!|j69+E!C%P$xh0V-Sst=v+o;5B;2;uCXqB!#sxI%`Lr%`>kEl^8z zqCE>BZ*9g*?WU1Rf3nj;N3!U8;pSmH3OOq;#Y_~cB8TGLx!<1AN22(Sw#h2@34>$d zsC^w{OV=!*&}>)eg1iM5b}luC$kXjndzCaHE&fshh8roZmGkQuL0(BVZ#MiCf}I}A za3Nv8&vZB7TF6|i(5?2-Pnvja^P#I`;7#Pqsnb~gZv7A$?fueao>ys%Atk0$dF;bn z>6EMoc)j)CWIc}eA5q&_e8R}pEryaiQ}k}#u2K8LOh7cYYFI0s!phQ;ME8A%vs~_) z-I-(9wsKZf>DgG^6H?r8$7FvM7t`fV*GjhGAn~S(_^VQT>n`V#9yWEHnOH@bjp;Ld z5`n2Cm0$l}nRins-nq8&Nb`!e1O6}_8@=)fHx<3gu)=pmK0 zasx6gQ1%!>IEvh6K& z@#TM|ZB^D*edwbhnw>z0j+%(R#p7h~B6d_?txt|{EjAkKAP;pmD9juxD{1?rQPy8{ zRMZWR8dh<01h_&l_SWuEm++oi2V_axOlK4X{#hNYh`=pF0tWKIm9Y*!ikJ^VFkFBM z=_x4|)gWaQ5}xB`=Dqmy^T{4{8{UFJn1h|xms5U8Z~ZAM-iFOW^e>X7-`sS z(@(_TPQ#U}_p$nmhm+WSt42_SRZPkQCo+Ig)&QKmw?)UXa@#(uVu0cg2q{{rQ|=6m zaI@gE2)eJvdFy2Z6Hq3!K@xbeV@t|mKg#<(1_5r^$%G3=(BRq1Z(&!>gNUdQQ|WeJ z1n&Z|+L{l^+3=KpDCUudIvc_z0`QPv+>edglgu{$e5oQRbzz_yndW<#Gek(|`HyE5 zhT(D3seu;pV(Tju!meZ)05igyKx@Ms)_P3L0G^Q6G=hXe)d0>26hK%gS#DsG2v-CD z1cIk56+5Y7C#|HCyhR;R{$VFWsjVPN)K-vs4i1^O4UuG?w<(wvS`E51b6A{hdGsx$ zp*Q6D?bA!(4;k&z6GGr9MOKcjTQ2hV1`r@3)y=`HSmWFZ(MD8DXYq>@ZOHDC#XAQT zN(ZiXp*iln1vjC-SNeUVWP`Jw)z#`;Oa4hSXKJ)@aS-_Fl$;eC!i@VIJ_*fose92k z(uq6B9*B!TlXUzO6pXO53qJU;!gaNTr%?0zu5t-S!bul9FTcxOGA;~2HR0b@jjqg0 zo++7WYn55Ax?Df*V1WcF2OhUl<+f;4eiYBBH0*7Au2eDMJ19&wa(Sx9Db1wLAlq5V z`N1g*pvf4{)sY9*^?5Hb1q~Y{P0M?aj66eUFB>(sg`$B4b1+H0S)ETZ#X#jETd5u9 zht)+^8}~~ea10)F$R)E`08B$}(*ZajAePeb8!9<8pZ4~ZBbgxviax;i%K>#VFosgs zQJa#h7ENhs3E>T;+`U)(mC2GV-12%ZS=zU*UVI-7hwy{bG^wA zmgO&T=?7t>R(yR_N6V(=vlovI6sAgixme9NGic63gXtpAp1i>1t8(nTQJLd2e9a*K z+!7u^!Y9Yr+87&$z$ZHaUM8;K#7?GwjN^RG&1u({le2(jf2iDboV=`Lt`=Binm(+P zxLblYf6-jH;bqt51(@PGOl(apX>82vo+R>aKj2Qsnj6dvehZcVwl`CZD4W3hAywMK z_3~h!yz{;hKP~bqa-TZwKU6*AD-B&MAV21v&r@>9(`6Df9%Un(Q|fD;hQA`h%&?m5 z^vvZF;>pyN@T#GQTwgp9c=ILCfF;lMC(PHxJTwHt#Q{38hxKod{}To8q2IY#^CQeR z@X~cj6cX5}OjlhqwNlX7#c^?0!nY~;sOi>H70xrTJxVah>fVuA&7yB4z8yys6~8$! zDgu3ueg$BE9)F)&o|(n6sACq_lXOjW=D|-Lq@mS<*c=7W0G#rqGtf9z+l1-0tVQ4* zGk-{T>(pZcadt|0@zB-do~?*>;jmO0rBxgo3*m%wh6(8-Lsv+_8(>kCR)T&EPM&e;Q3PUA_a1wnUD2(vrq$;bQAEoThUI4x>u5x}wzKZPjTuB3ln z(QEp}YW}gXQgP#KxR`@#_;otK*#oYxVM?a=*JPV+jqDJMZ%FNad{K|-u;?bW`)zDk z-(yK>Aq&Pkc2H8L4Qwa=U0XKb7 zLZw8=#U?efqRR%4P+jCFa<_oU7hM(7YcHu0#s|I?G9Mr}NE=a#K{&{Xzf=DNMl0>_ z=BG4rkV7)9gX7=yVZ1Yr?zB4RguYF8!;8$QKwj!C0*8zAc2GRsA4c){FArTv=@7s~ zfj5Z%y59HyGEhTc&A3$|(WZafuk*uR*Z<3~h?d(nuqb;r+hp3Tbdn02+XF;^eLce; zQk9CfUo?+NMFKf2ZD5^q*QULC$zCMFlD1NsP+LnWZ3LZU(xyw@4`oqYt^){5pUL5- zuoWI1GGn>z^6cO(Dc literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md index 562c89d6e7..619fc4cdb8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -22,14 +22,32 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be involved so that corporate data and information are protected. +A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be jeopardy so that corporate data and information are protected. -Microsoft Defender ATP helps to make the prioritization of security incidents where sensitive information are involved easier with the use of sensitivity labels. +Microsoft Defender ATP helps to make the prioritization of security incidents much simplier with the use of sensitivity labels. Sensitivity labels quickly identify incidents that may involve machines with sensitive information such as confidential information. + +## Investigate incidents that involve sensitive data +Learn how to use data sensitivity labels to prioritize incident investigation. 1. In Microsoft Defender Security Center, select **Incidents**. 2. Scroll to the right to see the **Data sensitivity** column. This column reflects sensitivity labels that have been observed on machines related to the incidents providing an indication of whether sensitive files may be impacted by the incident. -3. Open the incident page to further investigate. + ![Image of data sensitivity column](images/data-sensitivity-column.png) -4. Select the **Machines** tab to identify machines storing files with sensitivity labels. \ No newline at end of file +3. Open the incident page to further investigate. + + ![Image of incident page details](images/incident-page.png) + +4. Select the **Machines** tab to identify machines storing files with sensitivity labels. + + ![Image of machine tab](images/investigate-machines-tab.png) + +5. Select the machines that store sensitive data and search through the timeline to identify which files may be impacted then take appropriate action to ensure that data is protected. + +>[!NOTE] +> The event side pane now provides additional insight to the WIP and AIP protection status. + + +>[!TIP] +>These data points are also exposed through the â€FileCreationEvents’ in advanced hunting, allowing advanced queries and schedule detection to take into account sensitivity labels and file protection status. \ No newline at end of file From d4c823d919f3d440336e1373ca53fdd87bbb1c3f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 May 2019 22:05:33 -0700 Subject: [PATCH 045/118] update toc with new topic --- windows/security/threat-protection/TOC.md | 1 + .../security/threat-protection/microsoft-defender-atp/TOC.md | 1 + .../information-protection-in-windows-config.md | 2 +- .../information-protection-investigation.md | 4 ++-- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index eb9c04d03f..d9d8a66658 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -95,6 +95,7 @@ ##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) ##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md) ##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md) +###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md index cb802c617a..1a5081adff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md @@ -101,6 +101,7 @@ #### [Protect users, data, and devices with conditional access](conditional-access.md) #### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) #### [Information protection in Windows overview](information-protection-in-windows-overview.md) +##### [Use sensitivity labels to prioritize incident response ](information-protection-investigation.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md index 5c66aab91c..37ee1e2437 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md @@ -63,7 +63,7 @@ After completing these steps Microsoft Defender ATP will automatically identify 1. Go through the label creation wizard. 2. When you reach the Auto labeling page, turn on auto labeling toggle on. 3. Add a new auto-labeling rule with the conditions that you require. - 4. Validate that ‘When content matches these conditions’ setting is set to ‘Automatically apply the label’. + 4. Validate that "When content matches these conditions" setting is set to "Automatically apply the label". diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md index 619fc4cdb8..34989779d2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -1,5 +1,5 @@ --- -title: Use sensitivity labels to investigate incidents +title: Use sensitivity labels to prioriize incident response description: Learn how to use sensitivity labels to prioritize and investigate incidents keywords: information, protection, data, loss, prevention,labels, dlp, incident, investigate, investigation search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Use sensitivity labels to investigate incidents +# Use sensitivity labels to prioritize incident response **Applies to:** From be0035723c331177d8da1b6c830b7620ed83208d Mon Sep 17 00:00:00 2001 From: zhouyuZY <50821229+zhouyuZY@users.noreply.github.com> Date: Tue, 21 May 2019 13:13:48 +0800 Subject: [PATCH 046/118] Update set-up-enterprise-mode-portal.md In step 1, after the 6th point, the note is not in correct format. --- .../ie11-deploy-guide/set-up-enterprise-mode-portal.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md index c6c5cf099e..83ca5233e3 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md @@ -45,8 +45,8 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all 6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution. - >[!Note] - >Step 3 of this topic provides the steps to create your database. + >[!Note] + >Step 3 of this topic provides the steps to create your database. 7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager. From f5bbb87a938ba6457203617e5b806e8a5addf8ae Mon Sep 17 00:00:00 2001 From: Wolfgang Sauer <43094787+WolfgangSauer@users.noreply.github.com> Date: Tue, 21 May 2019 10:53:28 +0200 Subject: [PATCH 047/118] Update live-response.md corrected typo --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index aaab0a442a..5500639c55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -107,7 +107,7 @@ help | Provides help information for live response commands. persistence | Shows all known persistence methods on the machine. processes | Shows all processes running on the machine. registry | Shows registry values. -sheduledtasks| Shows all scheduled tasks on the machine. +scheduledtasks| Shows all scheduled tasks on the machine. services | Shows all services on the machine. trace | Sets the terminal's logging mode to debug. From b3fcab0d4c650ad9a6d6b470978781e8c6255204 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 21 May 2019 14:46:06 +0500 Subject: [PATCH 048/118] update windows-10-enterprise-subscription-activation.md --- .../deployment/windows-10-enterprise-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index 50cda76821..0e718cbc92 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -154,7 +154,7 @@ changepk.exe /ProductKey %ProductKey% ) -If no firmware-embedded Windows 10 activation key presents, the license will escalate to Windows 10 Enterprise using Subscription Activation directly. +If a firmware-embedded Windows 10 activation key is not present, the license will escalate to Windows 10 Enterprise using Subscription Activation directly. ### Obtaining an Azure AD licence From 7dfcc6a36bd5bb7fc75dbb5b325e06c27ff543a2 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Tue, 21 May 2019 10:41:17 -0500 Subject: [PATCH 049/118] : by . Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/access-control/special-identities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index b29d15b901..670f831be0 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -34,7 +34,7 @@ Although the special identity groups can be assigned rights and permissions to r For information about security groups and group scope, see [Active Directory Security Groups](active-directory-security-groups.md). -The special identity groups are described in the following tables. +The special identity groups are described in the following tables: - [Anonymous Logon](#Anonymous-Logon) @@ -374,4 +374,4 @@ Any user accessing the system through Terminal Services has the Terminal Server - [Security Principals](security-principals.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) From 795220705d4d0e27b6c6b997641677f60e295c33 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 21 May 2019 12:23:12 -0500 Subject: [PATCH 050/118] Removing caps from links --- .../access-control/special-identities.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index b29d15b901..f30d62a674 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -36,21 +36,21 @@ For information about security groups and group scope, see [Active Directory Sec The special identity groups are described in the following tables. -- [Anonymous Logon](#Anonymous-Logon) +- [Anonymous Logon](#anonymous-logon) -- [Authenticated User](#Authenticated-Users) +- [Authenticated User](#authenticated-users) - [Batch](#batch) -- [Creator Group](#Creator-Group) +- [Creator Group](#creator-group) -- [Creator Owner](#Creator-Owner) +- [Creator Owner](#creator-owner) -- [Dialup](#Dialup) +- [Dialup](#dialup) -- [Digest Authentication](#Digest-Authentication) +- [Digest Authentication](#digest-authentication) -- [Enterprise Domain Controllers](#Enterprise-Domain-Controllers) +- [Enterprise Domain Controllers](#enterprise-domain-controllers) - [Everyone](#everyone) @@ -58,31 +58,31 @@ The special identity groups are described in the following tables. - [Local Service](#local-service) -- [LocalSystem](#LocalSystem) +- [LocalSystem](#localsystem) - [Network](#network) -- [Network Service](#Network-Service) +- [Network Service](#network-service) -- [NTLM Authentication](#NTLM-Authentication) +- [NTLM Authentication](#ntlm-authentication) -- [Other Organization](#Other-Organization) +- [Other Organization](#other-organization) -- [Principal Self](#Principal-Self) +- [Principal Self](#principal-self) -- [Remote Interactive Logon](#Remote-Interactive-Logon) +- [Remote Interactive Logon](#remote-interactive-logon) -- [Restricted](#Restricted) +- [Restricted](#restricted) -- [SChannel Authentication](#SChannel-Authentication) +- [SChannel Authentication](#schannel-authentication) -- [Service](#Service) +- [Service](#service) -- [Terminal Server User](#Terminal-Server-User) +- [Terminal Server User](#terminal-server-user) -- [This Organization](#This-Organization) +- [This Organization](#this-organization) -- [Window Manager\\Window Manager Group](#Window-Manager\\Window-Manager-Group) +- [Window Manager\\Window Manager Group](#window-manager\\window-manager-group) ## Anonymous Logon From 75772364e18b8bd4aac658cd8eb362969fc9d8fc Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 21 May 2019 14:10:24 -0500 Subject: [PATCH 051/118] Added a link into the Referenced Topics with the information required to a spreadsheed #884 --- windows/client-management/new-policies-for-windows-10.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 7d77e94d7d..6efbed9a1f 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -254,6 +254,7 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId= ## Related topics +[Group Policy Settings Reference Spreadsheet Windows 1803](https://www.microsoft.com/download/details.aspx?id=56946) [Manage corporate devices](manage-corporate-devices.md) From 902ff53be3847152f6390f113b8200173b84c0e9 Mon Sep 17 00:00:00 2001 From: CTroessaert <43269447+CTroessaert@users.noreply.github.com> Date: Tue, 21 May 2019 22:17:43 +0200 Subject: [PATCH 052/118] remove typo for Hello for Business --- windows/whats-new/whats-new-windows-10-version-1903.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 071529cc49..64477e8511 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -120,7 +120,7 @@ The draft release of the [security configuration baseline settings](https://blog - [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD. - [Streamlined Windows Hello PIN reset experience](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web. -- Sign-in with [Password-less](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/passwordless-strategy) Microsoft accounts: Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! i +- Sign-in with [Password-less](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/passwordless-strategy) Microsoft accounts: Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! - [Remote Desktop with Biometrics](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session. ### Security management From b5eb147c3edab34af088a94ea374233e6ce375e4 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Wed, 22 May 2019 08:06:55 -0700 Subject: [PATCH 053/118] Update security-compliance-toolkit-10.md Updated page to include 1903 release --- .../threat-protection/security-compliance-toolkit-10.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index fe229e350d..faa63ea948 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -26,6 +26,7 @@ The SCT enables administrators to effectively manage their enterprise’s Group The Security Compliance Toolkit consists of: - Windows 10 security baselines + - Windows 10 Version 1903 (May 2019 Update) - Windows 10 Version 1809 (October 2018 Update) - Windows 10 Version 1803 (April 2018 Update) - Windows 10 Version 1709 (Fall Creators Update) @@ -69,4 +70,4 @@ LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file. -Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). \ No newline at end of file +Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). From 39c663b33f6a18e42d55ea3029f171e64103c9a9 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Wed, 22 May 2019 10:45:18 -0500 Subject: [PATCH 054/118] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-Authored-By: Joyce Y. <47188252+mypil@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 69de4938f5..3cca011117 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -769,7 +769,7 @@ To remove the News app: -or- >[!IMPORTANT] -> If you have any issues with these commands, restart the PC and try the scripts again. +> If you have any issues with these commands, restart the system and try the scripts again. > - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}** From fc8f2edd22104dbe844ed6158b8548357bdbd96d Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 22 May 2019 22:00:33 +0200 Subject: [PATCH 055/118] Windows Hello For Business overview: URL correction Description: Under the "Learn more" section: - The link to "Implementing Windows Hello for Business at Microsoft" no longer points to the correct Showcase page, but goes to the main Showcase page (Showcase portal) instead. Proposed change: insert the correct link to the (en-us only) working page. Unfortunately, there is no localization for this page yet. Closes #3728 --- .../identity-protection/hello-for-business/hello-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 58614660a4..bca87f02c5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -97,7 +97,7 @@ Windows Hello for Business can use either keys (hardware or software) or certifi ## Learn more -[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/830/Implementing-Windows-Hello-for-Business-at-Microsoft) +[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/en-us/itshowcase/implementing-windows-hello-for-business-at-microsoft) [Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy From 793ff13d99c1ff6ba80410495690483e7c6f4607 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 23 May 2019 01:31:01 +0500 Subject: [PATCH 056/118] Link was not working The link was pointing to the wrong doc and that doc was also not available. I have updated it to point to the correct doc for Azure AD Connect. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2405 --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index dd447eb2b1..dc00790f7f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -85,7 +85,7 @@ Organizations using older directory synchronization technology, such as DirSync
## Federation with Azure ## -You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) beginning with Windows Server 2012 R2. +You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) beginning with Windows Server 2012 R2. ### Section Review ### > [!div class="checklist"] From 38a53c1ecf3b81a8b61801e92de75586f2de5898 Mon Sep 17 00:00:00 2001 From: MatthewMWR Date: Wed, 22 May 2019 13:52:23 -0700 Subject: [PATCH 057/118] Fix AllowTelemetry precedence info --- .../update/windows-analytics-FAQ-troubleshooting.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index 9942044960..e2e21a62bc 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -84,11 +84,13 @@ If you have devices that appear in other solutions, but not Device Health (the D 1. Using the Azure portal, remove the Device Health (appears as DeviceHealthProd on some pages) solution from your Log Analytics workspace. After completing this, add the Device Health solution to you workspace again. 2. Confirm that the devices are running Windows 10. 3. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551). -4. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set). +4. Confirm that devices are opted in to send diagnostic data by checking in the registry that **AllowTelemetry** is set to either 2 (Enhanced) or 3 (Full). + - **AllowTelemetry** under **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is the location set by Group Policy or MDM + - **AllowTelemetry** under **HKLM\Software\Policies\Microsoft\Windows\DataCollection** is the location set by local tools such as the Settings app. + - By convention the Group Policy location would take precedence if both are set. Starting with Windows 10, version 1803, the default precedence is modified to enable a device user to lower the diagnostic data level from that set by IT. For organizations which have no requirement to allow the user to override IT, the conventional (IT wins) behavior can be re-enabled using **DisableTelemetryOptInSettingsUx**. This policy can be set via Group Policy as **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in setting user interface**. 5. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information. -6. Add the Device Health solution back to your Log Analytics workspace. -7. Wait 48 hours for activity to appear in the reports. -8. If you need additional troubleshooting, contact Microsoft Support. +6. Wait 48 hours for activity to appear in the reports. +7. If you need additional troubleshooting, contact Microsoft Support. ### Device crashes not appearing in Device Health Device Reliability From 9d7c8b2a10ec71d6f3d1a2707048dd45f088cb84 Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Wed, 22 May 2019 16:16:36 -0700 Subject: [PATCH 058/118] Microsoft Defender for macOS: move JAMF based uninstallation to the JAMF article --- .../images/MDATP_26_Uninstall.png | Bin 22356 -> 30951 bytes ...soft-defender-atp-mac-install-with-jamf.md | 31 +++++++++++++++- .../microsoft-defender-atp-mac-resources.md | 33 ++---------------- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_26_Uninstall.png b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_26_Uninstall.png index aa0d5c7caf671bb8d1ece4ad8a56c34427c5e530..6463593a6c9735f7ae3b2f49316860c634253eda 100644 GIT binary patch literal 30951 zcmcG$WmH|s*7v({x8SZp65O5OkPsvgEI2^|1b26L5+K2y1PJc#5IneBaCd^<+TG_l zeeO8pz2kj8+}-qUSbOcYR?VuKbJqO-s>75OWie1mP$3WqhP<5A8wdoJ0Rn+>Lq-Hg zq=dtJ!G92qUdc*99-;qaHWws-BPh0VS`H8hD=qY27}q>8XK)b7QU0|w(mDbGAr`~j zN6kZUh}cnD(^1mq<3|%~M~I}oiJ_y(dn%U?j^Uy2pFWmi&-%gyt+|vz$*e595%9(0EfHQ0>NR;R2_J& z%bc8f1g%SlBR${c(#-L(0WWEd)bWkr@r})Bs_Y_vM}dg=*FrI?w(@XQ@yIdLA(5ZV z7s?$uBM}b-^rsK@CA}ONdJ3e(e}ys%jrk)t660hMkg?cE&7Ke}xOrjH4ONf#kI!#) z&(B9^SJdEVGrqX|!@
wmlZQt*~Pa>DX)E<#b3t;Ow%OjE)A;>5?x5l{9f$?<5( zG_?rR>DLG4dJ)c_mWqa+_IT%lI}W-@a|z_G4rkQomu@f+?GnUV=G0L6opQov78`F{ zB8U838W!rc?=z;Lt=Zp;Eu}w>e-J*I>@L$nxAl0x&-Oh?J)of;l}!JOdgXOpg|u)5rhx|=4~1APx1LSp}dhjm1` zc;s5y9;C)s<*kK?XlA)Stn)6Hc6GV>J0jL<6R8~&#qf}}9acg`?rI=G37=A;i;9WPsfI7?zh_PsC4ksAWs&Pf>oGzCBQ%2*84R5j zpBd3g{SvDF;7DkaJ|J)h&yY=M| zYzwZe??3Ph8r@?PvBNx)l!EBO%nxjh7V}{p1w3#_O+pq;yJiBBBVR{$y`!WMSGDA$ zi}I~k9cTA=xf|N@Tf)ketn{P*^mAG!!@vYIyWAO;rdu!%#%zVj?t^*_)`Nkc9u@v}Fo;Cysik*-)X z!arRf8`k0$b%!?e5Onpeh9aX8tGqkAy+3yKI=;oPCXy#FV+9WxH6Nkuos9soUCgCp zPWkKyZ83O!@L*-;J^W<+>P6m(XP9bjh0|-Ul0xT#C<9xjG$I@pqr4f1_J(^coPDAQ zW2*!U+j*&WPV;m z29kLW7j2SFCDMq7O-$|@M{fx*?P zMVIvaNnT2R`;mri@hM$JPmjU!7%sSJdjQ`^+c`>D-@HD|?2)X(dt}t`y;w5BXxm0& zirEm_yo+REQA~Lb!(BUeVn;hiHcbz;<^Y z8XQt8UDJojL0Yp+Gx}<9weMu!Cp+~y4atQ`sLv6RmD+T6J~yM`wRj&CG?p16UMi{T zKnj5|O)$Ksw2lhJj=)KA`D|b&j{kMO!LXLdu$qVp;>uTw952(wclb4`UiH_CZ9NXT zskFEqxlS{MujM-3)gXu zY@(sIIxHr^a)j{cT5Qv>rNS@DSbzm~SWdNqTSAI#isq5lCwZv+7GoKZM04)kTqLD#+B`ENt(c z>BPa=7gwOnt{WK&Ilz92C&ub7&8%O9Nu3o<=^lMFu^FX)R@^Gbnc{f-=YH3nzB^DH z4*|rc!Q|x7-G-WoqnAg{Sq0Nkfyv6?!P*YuICwdp;Pc$KmUT)f$c4r5o7v@0TEw#V zM0Y;DFgHI8+&`mzdN{7X&szz@FyC-o8--L>aLk_xA;+A~bmAj++|A2$Xx{YfeUvyj zl(_vhxg|dS&H8=5%(|l)RzqrYp8|2f_lBvnAA1`{yu_K~^4rdrk*>tR=EoC03%()N z0|<~iyG{zLIXm=45$mcd7g|0cVi0NLr4$BUDtnw&^h6WedlZ|(84c^K5hsxam0{z4 z)%F+bB}ky4R;T5)V(RiUt}c5Qg5ZV!plq!UYk{!d_VIvOJ1fAH z{5iqD`iQ)1HD1uX`bh&>v&A$&L;-`Q0)F_&YiI@a9~Tux#JlWM#VU!0h}JZeA-Es8_kZ3)hZ}tTKl{GS!_C2(POV@ceIA)zh4A`B)B+GQX0 z1@6pxQeA~Pb-XAvSrBs>WIAYX+3l<%wd)j!Na0etZTpW%DUAGOFS9CY9;b`vX>+PO z-8Sj={M3J~G=#~!x^5_hX0xx&Gbzsn13vdDM9J8_t#tRWTkOYtfjyyLMA*4?)j7K->JWdHQ+G=D#JGd%1H2pwj<>YH zS&N=)b3jBo$EtcVx?te^P;y#=Kj`wl{!qyUc2AYR!rf$qN@H z%6KCQyW4mx=3(-Xo6TXIkDWWw)>Snw73|bTBmI3+L0aXNnW#coZzX?)#(H@J>l&#$ zqjJYXbHnQlJ{MZSh45%=LQd7*m77`OP|Vtn$-Q<<(#w?|H{94KgwZjVpK|h7x#QP5 zS-%&UcHg16?sd|-x_ID7NGc!;IGi$lH}ANF`y7g1**3c_<8F`Fu}^#J9}$KrtKfM3 z^oSurJfgHDH4K`Dj6BrkwQ3$e?~{w_Iqm;48cMUP=)BV1Y8}vB98%dE)o7CpJI>BZ z9O~~IAYDE4RvDvKBY4rG3#2cjAD-s+gscw@-NOk;t0*I}XLyk%jtq3%u*k;x{N}&& zM$ncI0C^E-vHs*ZJzcs0j`qYmEf|Bf8KOJOJr%X7YKel$Os5y6UG;zWioBiSmX!-( zBL?44im%fn>kIiwd2?=(x@OM97Vn>KXkjs{-wq8cPhrVC`e zrV0vDMhc8gdRmK{Ag%pGVG~?50vGYE6=T`MZzKJcW+8@Q7O%G|u2(y9cs65_gI~pd zNarL{Q9pa(z|4`x=;An1gbL+(D)a5w*2(uXBYs_LBFDLiL;FN8?~6+fgtlc~iniY; zqZe2dJ=#7m(|ov8CGRyESpTFIEU%{x+%y`MTG-H*=Z*g?xEdtk=)Xjvl9c zW&Ycf${5KN&CqQA;w8o(RzA=$DV4h1>C~g^jM7EJ7SlpLTqAU zf{cM7t)sJ$InB$QI4&K+G^qWHw|ML|wZ&UeT(fKjh5AC;L)SeVSX zH~KB*)$M&@VWIE%4w=0!(y6O3BNLM!V|d@-V4!-DNd)m)orf?*Bq<+eJYD;aV|H;d z`iBo6z`Zsw!Lrw|(Mp7&ySv-dOg%=bQw6&NY9**j{CA8e$9)LtGpK+kC@zLD8P2_4Jp!MORwC;`1 zgPaN;KN;rv`8kNx;BJ_LKT1kUTrX$M?C!4Zyc4;N^%*dkyXLlUv8zOPe3`_8VRBD ztnmqXiw&PVv>CDcl!U2vK1%;?jqv&`<8e?476(Vyqg&p}ikV&^*>`PiEmMCjJUg=t zqz&{6zMZQtjE#*)_Y~8G!x|a{6_VLu5Cg=$bmHj(0|VQvYl|M~mC_^4(%lf*nvP*l zPfw3)Tkk(AE1^U1@bKE+bN*%6t}xtkr@g668af&p*!ueVnMyM(3row8h4h*l-u;FL*f=(~J7QlF@s={+w zbRq;pQCUq5@4NwgR<~%a@RfTf+XHWNI4#2Cupa5C=?qgbl^^HaQ$vGL^x@ig@GB46 zmoHy5%M4&J$@sC=@KF4H-Oe`KH|(=AGY$H#1l-RVU%q-(?zr(NW)whx3BE`^)*0l>jWG`~$$kFVEbjJw0}{~E8FnnaF&de@=f5^dvaIl(B_EQi&p#UmO40b;h6YZ_jg zrQ(*Uy$hp(L>6%oAy5p1PSbRcLxE!bRtlFTH-?szD4Vt&$2A7AKVjNb{S}eZ`aa~P zEjQ1s8xMGe@6X4tK_^58AYrYAh}}^O3JHxgz7D}8@0f0VaN_3UTaS~aXircQ4I3R* z7C!01ovHdTj!z0FDJ2E3)6?h#p`xaS`S$G_BQtYXs(=F(GVJ%FBE!mAY<&D6`2>2y z@%-23Ha4<4I%H&+NIwS#;?mMEiY5h%uSmE|(ZPHe9UX;eB~r^j5vIVZv0e-h!(}k) z2t`}nAVSpjm3uCyF4=MHsFm2pP_?E$>DLipGji?j8}Ji*a-Zn z-K>i{7_aIj+If0CU%AXM9R_^Ub#!u3Y zJdvJ0eJUp}?>D|93@U-}yw(e$2xtU_w{fAN=4w}|fx*Ev&!3~^<>lE5rp1~N z%SMxlo0`%y6QDu;!1&I@D~{K%Ul*2?bbn$}mGR_L(9lQ{Jfu@rW7evW5^>vg6a=k3 zPlYocA0Lm)$e`qQHktmR3$g7+>=;fH;xqS*QY?T*15eRq1dpfj@$vrQh>$W(=CWC< zU0!5=kVORi`t|05Q!%rbiI?}%e~%Cc$B#)hzisQRebu(@=t?r44!m?G1fSsGM15V8 zDw;II5KynvRPdiA?-AvHDi z^{=Fsz$j8aqyG4((3yL3*m#s(QgV>3cjPE|^6M3w;lte@%_?&osJ}_lbN?`!rVehG z)4~tqd$QgO2LZ!uY-R>IrZ?czC%lWKTVO+FZS8R2^Y91>u^NJ|jV7n3b82b`n3$Nr zLMkmSZKm0SZ*6^jY+)f1%&MYCFdA{l$wjsg$;7c^Q&J+J?sBn_@Wo^D=Z+4E!4y8W zLYH-mN~>AUCg6x%59_zENl3!Mv!L)TdvZO135n?zqUy^$;JO~gS7tfQTC7!xh=fG} z9Y;S}AKX39$7JuiuyMxlU1rS)A|fI>>+IH*-@NgUj>gQ*&4tIO1dj$LNAFmUtctpN zu+UMH!;G}=z(z-kO-mSuagV`V)dz?#=)+Hmi4ut$XNo`6m6d(Z&mAv(3i9)5fDaLJ z-fzp6jwo~5Q_n3Z(6^=9p9EpUc;{E1W`iRWm{Ln_TjY0tMtpjj+|FX-;y8X=y1Tn8 zgR3+iwUExv&hD;*IMhb&vfx*{?46Q9LPOKg;I3G#{yhJ6N-*d>BQXC0Hrc|$!zEl@ z`Imeiy{c+!_0L(lV1S>3IuU448kNMN78TVaM@~skj~+_l%K`p=v^7o0#b_*BI^b{^ z1wE4G*)s`X7F0B}a@*AoL##k@{u z8~+ubd>`J0r+odYtg9?UI@oNw?C?ezWZmVu1 z@m-nQnW^yEAQyDDLp%ksop&d`ZQXgWf`~n>>p~8mB7}@6<^ zH=vVxgUv_$?OS}Pl|UMx4+0d_;ceL~!;PPn>bL5#blu$Cl$i_=$i)Y4Z*OOMzJ84{ zH#Y}PMys5S>`!1Y1|F~Q`}a3o7#JAhXPF?u(`C~5jnxBh%>>+ZKsc5-_5@6kmX_95 zQ&8QHADEASG9HP~XJ*Qc?Uuc+RyR{@)Q<#F&;y<7bu^n?Puz}fzVKKQ7#SObAg>M$ zA%ba&EbIheazVe@4ic`oPoKDp)3ZxGH=b)&Ti~~x=dpd;`?GlDO-K;&)Lf!r`_}8J`@8TjEH9CJobS~O?-;BFZ)g~Jw%qhyRAMajTL zbaTFsQ3m1qy;kt773Q-;V9k{acSClfAG_`C|D&0hcS#+>{+EvOzsjHgmSg@-xBr%7 z{#I%JPQ(9FY5rDk{#I%J^YoiLxuJr&k-LH?*JAJwVjz5snY{)>A$<8L1pH((0-xdC zs*eGmK5kL1{7ESy(P0C`6Nf>LUNY$0La2lPzy=toDsX;;H=d#wJ`vf-Q8Ktyqc5mC z|2hNu<|5$ms|}T2IoG^eJ2bnHfH|A-JDLif^nJmY`NU6IZ1~M&<7ffsTm7qH`D{js zM3d@QCMyYWXi1fg`opZ+|MRiHCabI>s$-U`Fa@$dw&QC??8`r%qdSfe5IiRrX8+?f z9)>WZ$Hgx9X3;__Vt#&JTXJMy_aSqGX@$(`pucVfeLH;Pu+}!f2gi1B{g)?a49`~Q zgKN}OzG^l$_{SD9o|{eE#xx?hAa}ZN)KjZgDt6ID`ns za0?}1L$kkI1x{?F5m1Sz1K~(35v=m4<=>2c6!mVU)GO7{4P_p