From 458ff0e6b8a7bd627833f26e83a24923e768a6fa Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 15:01:10 +0530 Subject: [PATCH 01/19] Update policy-csp-start.md --- .../client-management/mdm/policy-csp-start.md | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 588586543f..a7bfb4c8ba 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -51,6 +51,9 @@ manager: dansimp
Start/AllowPinnedFolderVideos
+
+ Start/ConfigureStartPins +
Start/DisableContextMenus
@@ -108,6 +111,9 @@ manager: dansimp
Start/NoPinningToTaskbar
+
+ Start/ShowOrHideMostUsedApps +
Start/StartLayout
@@ -766,6 +772,73 @@ The following list shows the supported values:
+ +**Start/ConfigureStartPins** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the SV start menu experience. + +>[!NOTE] +> TFS information describes feature area owners and policy handling work, but the work to implement the policy itself is being completed by OS\WDX\DASH\Cloud-powered Windows Devices\Project Hailey --> Deliverable 32179178. + + + + +This string policy will take a JSON file (expected name LayoutModification.json), which enumerates the items to pin and their relative order. + + + + +
+ + **Start/DisableContextMenus** @@ -2197,6 +2270,76 @@ To validate on Desktop, do the following:
+ + +**Start/ShowOrHideMostUsedApps** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +This supports a key Enterprise manageability request targeted for Iron. + + + +The following list shows the supported values: + +- 1 - Force showing of Most Used Apps in Start Menu, user cannot change in Settings +- 0 - Force hiding of Most Used Apps in Start Menu, user cannot change in Settings +- Not set - User can use Settings to hide or show Most Used Apps in Start Menu + +On clean install, the user setting defaults to "hide". + + + + + +
+ **Start/StartLayout** From b55a211f6f61c494201b4dabd9a26dcba4ce79eb Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 4 Jan 2022 02:11:59 +0530 Subject: [PATCH 02/19] Update policy-csp-experience.md --- .../mdm/policy-csp-experience.md | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index e4e0453c5f..cb785576ec 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -40,9 +40,15 @@ manager: dansimp
Experience/AllowSaveAsOfOfficeFiles
+
+ Experience/AllowScreenCapture +
Experience/AllowSharingOfOfficeFiles
+
+ Experience/AllowSIMErrorDialogPromptWhenNoSIM +
Experience/AllowSyncMySettings
@@ -362,6 +368,43 @@ This policy is deprecated.
+ +**Experience/AllowScreenCapture** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + + + + +Describe what value are supported in by this policy and meaning of each value is default value. + + + + +
+ **Experience/AllowSharingOfOfficeFiles** @@ -371,6 +414,40 @@ This policy is deprecated. + +**Experience/AllowSIMErrorDialogPromptWhenNoSIM** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + + + +Describes what value are supported in by this policy and meaning of each value is default value. + + + +
From 72febff49b7ea7998c973f3ca47a98c216d7b23e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 4 Jan 2022 23:16:28 +0530 Subject: [PATCH 03/19] Update policy-csp-start.md --- windows/client-management/mdm/policy-csp-start.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index a7bfb4c8ba..3ef4e79b17 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -779,33 +779,27 @@ The following list shows the supported values: - - - - - -
EditionWindows 10 Windows 11
Home NoNo
Pro YesYes
Business YesYes
Enterprise YesYes
Education YesYes
@@ -823,12 +817,12 @@ The following list shows the supported values: -This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the SV start menu experience. +This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the Windows 11 start menu experience. ->[!NOTE] -> TFS information describes feature area owners and policy handling work, but the work to implement the policy itself is being completed by OS\WDX\DASH\Cloud-powered Windows Devices\Project Hailey --> Deliverable 32179178. +It contains details on how to configure the start menu on Windows 11, see https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-the-windows-11-start-menu + This string policy will take a JSON file (expected name LayoutModification.json), which enumerates the items to pin and their relative order. @@ -2322,7 +2316,6 @@ To validate on Desktop, do the following: -This supports a key Enterprise manageability request targeted for Iron. From 864049b0d8b2b1469fdea8b90f57a81b2798898d Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 7 Jan 2022 17:42:56 +0530 Subject: [PATCH 04/19] Update policy-csp-browser.md --- windows/client-management/mdm/policy-csp-browser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index ba8ac722c2..7bab2b690f 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium # Policy CSP - Browser > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](/DeployEdge/). +> These settings are for the previous version of Microsoft Edge and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge and use the appropriate CSPs for the Chromium version of the Microsoft Edge browser. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](https://docs.microsoft.com/deployedge/configure-edge-with-mdm). ## Browser policies From f4e2c4ee26ae295581d2e6b3052363f3d4f02242 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 8 Jan 2022 00:36:02 +0530 Subject: [PATCH 05/19] Update policy-csp-browser.md --- windows/client-management/mdm/policy-csp-browser.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 7bab2b690f..7b3f0a6fb4 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -15,7 +15,8 @@ ms.localizationpriority: medium # Policy CSP - Browser > [!NOTE] -> These settings are for the previous version of Microsoft Edge and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge and use the appropriate CSPs for the Chromium version of the Microsoft Edge browser. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](https://docs.microsoft.com/deployedge/configure-edge-with-mdm). +> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](https://docs.microsoft.com/deployedge/configure-edge-with-mdm). + ## Browser policies From 8c6c0790d2c9caa886ac3d8a3fd7eaa83f2e36cb Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 8 Jan 2022 00:42:50 +0530 Subject: [PATCH 06/19] Update policy-csp-browser.md --- windows/client-management/mdm/policy-csp-browser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 7b3f0a6fb4..3ab4a15f8d 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium # Policy CSP - Browser > [!NOTE] -> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](https://docs.microsoft.com/deployedge/configure-edge-with-mdm). +> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](deployedge/configure-edge-with-mdm). From da7399f346a57f55461383014aa39a5632ede6d0 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 10 Jan 2022 15:28:32 +0530 Subject: [PATCH 07/19] Update policy-csp-browser.md --- windows/client-management/mdm/policy-csp-browser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 3ab4a15f8d..7b3f0a6fb4 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium # Policy CSP - Browser > [!NOTE] -> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](deployedge/configure-edge-with-mdm). +> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](https://docs.microsoft.com/deployedge/configure-edge-with-mdm). From 02af56b64a72a8ac99155346a85ffd126a2df8b7 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 10 Jan 2022 15:35:47 +0530 Subject: [PATCH 08/19] Update policy-csp-browser.md --- windows/client-management/mdm/policy-csp-browser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 7b3f0a6fb4..cbf9ef190b 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium # Policy CSP - Browser > [!NOTE] -> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](https://docs.microsoft.com/deployedge/configure-edge-with-mdm). +> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](/deployedge/configure-edge-with-mdm). From 6d2d48751f5c93be28772a5f81e44916ded8d032 Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Tue, 11 Jan 2022 18:26:47 -0800 Subject: [PATCH 09/19] Update audit-registry.md --- windows/security/threat-protection/auditing/audit-registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index ace2bfd284..39a62a47c9 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -48,6 +48,6 @@ If success auditing is enabled, an audit entry is generated each time any accoun > [!NOTE] -> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (event 4656) issued by the object manager. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry-related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, you will not see this event with the setting to just see the registry-related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". +> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (event 4656) issued by the object manager. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry-related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, you will not see this event with the setting to just see the registry-related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". This behaviour is expected only on the newer versions of the OS (Windows 11 / Windows Server 2022 and above). On older versions, 4656 events are not generated during subkey creation. > -> Calls to Registry APIs to access an open key object to perform an operation such as RegSetValue, RegEnumValue, and RegRenameKey would trigger an event to access the object (event 4663). For example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. +> Calls to Registry APIs to access an open key object to perform an operation such as RegSetValue, RegEnumValue, and RegRenameKey would trigger an event to access the object (event 4663). For example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. From 8281e9088bed93059163888022a781746a111729 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 17 Jan 2022 16:00:52 +0500 Subject: [PATCH 10/19] Update change-the-tpm-owner-password.md --- .../information-protection/tpm/change-the-tpm-owner-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index a43a8f75e9..c973d67343 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -46,7 +46,7 @@ Instead of changing your owner password, you can also use the following options ## Change the TPM owner password -With Windows 10, version 1507 or 1511, or Windows 11, if you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password. +With Windows 10, version 1507 or 1511, if you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password. To change to a new TPM owner password, in TPM.msc, click **Change Owner Password**, and follow the instructions. You will be prompted to provide the owner password file or to type the password. Then you can create a new password, either automatically or manually, and save the password in a file or as a printout. From 23a330ae358be9e3becb8db6136df20171541682 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 17 Jan 2022 18:26:11 +0530 Subject: [PATCH 11/19] Update policy-csp-start.md --- windows/client-management/mdm/policy-csp-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 3ef4e79b17..0418be1e1c 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -819,7 +819,7 @@ The following list shows the supported values: This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the Windows 11 start menu experience. -It contains details on how to configure the start menu on Windows 11, see https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-the-windows-11-start-menu +It contains details on how to configure the start menu on Windows 11, see [/windows-hardware/customize/desktop/customize-the-windows-11-start-menu](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-the-windows-11-start-menu) From d8eecaf654c236d0c8bd7e945026c34e4ed24eb3 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 17 Jan 2022 18:29:24 +0530 Subject: [PATCH 12/19] Update policy-csp-start.md --- windows/client-management/mdm/policy-csp-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 0418be1e1c..6726040cec 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -819,7 +819,7 @@ The following list shows the supported values: This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the Windows 11 start menu experience. -It contains details on how to configure the start menu on Windows 11, see [/windows-hardware/customize/desktop/customize-the-windows-11-start-menu](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-the-windows-11-start-menu) +It contains details on how to configure the start menu on Windows 11, see [/windows-hardware/customize/desktop/customize-the-windows-11-start-menu](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu) From f935d970854ba4eee34e4a6603516f25d62f314f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 18 Jan 2022 20:37:27 +0530 Subject: [PATCH 13/19] removed invalid link, added correct link as per user report #10287 , so i added correct link --- .../protect-devices-from-unwanted-network-traffic.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index c0a822af53..527df8967f 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -27,7 +27,7 @@ ms.technology: windows-sec Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable device are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats. -Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](https://www.microsoft.com/security/sir/default.aspx). +Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](https://www.microsoft.com/security/business/microsoft-digital-defense-report). Running a host-based firewall on every device that your organization manages is an important layer in a "defense-in-depth" security strategy. A host-based firewall can help protect against attacks that originate from inside the network and also provide additional protection against attacks from outside the network that manage to penetrate the perimeter firewall. It also travels with a portable device to provide protection when it is away from the organization's network. From d3d2a324970d2232e05dbe959dbd023acfd966b0 Mon Sep 17 00:00:00 2001 From: Sergii Cherkashyn Date: Tue, 18 Jan 2022 10:34:32 -0500 Subject: [PATCH 14/19] Removing groups option from Windows 10 version 2004 After working the case and talking to PG, Ravi Vennapusa, confirmed we cant add groups to Remote Desktop Users. Only users can be added as mentioned in the linked in this section article. Also submitting change request to this branch, since not able to access Review one, getting 404 error. --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 138861993b..3fbf21a37a 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -66,7 +66,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu - Adding users using policy - Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview). + Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview). > [!TIP] > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. From 132f4a861ef1776530f1c0866e4bec32ab6d7c30 Mon Sep 17 00:00:00 2001 From: Dan Pandre <54847950+DanPandre@users.noreply.github.com> Date: Tue, 18 Jan 2022 10:45:16 -0500 Subject: [PATCH 15/19] NetworkProxy CSP missing inadvertently from Hub --- .../mdm/configuration-service-provider-reference.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 8f140c8f43..47a47c403e 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -1135,6 +1135,7 @@ The following list shows the CSPs supported in HoloLens devices: - [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) - [Firewall-CSP](firewall-csp.md) - [HealthAttestation CSP](healthattestation-csp.md) +- [NetworkProxy CSP](networkproxy-csp.md) - [NetworkQoSPolicy CSP](networkqospolicy-csp.md) - [NodeCache CSP](nodecache-csp.md) - [PassportForWork CSP](passportforwork-csp.md) From eba33af05dbccb3bfc7a44516b08bea914e13a0a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 18 Jan 2022 09:11:03 -0800 Subject: [PATCH 16/19] Update connect-to-remote-aadj-pc.md --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 3fbf21a37a..ec54bee4ae 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -9,7 +9,7 @@ ms.pagetype: devices author: dansimp ms.localizationpriority: medium ms.author: dansimp -ms.date: 01/14/2022 +ms.date: 01/18/2022 ms.reviewer: manager: dansimp ms.topic: article From a938ac3cd2a9a158ac9871db93b048a46614458f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 18 Jan 2022 09:12:29 -0800 Subject: [PATCH 17/19] Update protect-devices-from-unwanted-network-traffic.md --- .../protect-devices-from-unwanted-network-traffic.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 527df8967f..d64c7e44ba 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/08/2021 +ms.date: 01/18/2022 ms.technology: windows-sec --- From 73f3ae01d93331eccf92a26e6b104138b42d001d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 18 Jan 2022 09:13:46 -0800 Subject: [PATCH 18/19] Update change-the-tpm-owner-password.md --- .../information-protection/tpm/change-the-tpm-owner-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index c973d67343..7260afb4d5 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 12/03/2021 +ms.date: 01/18/2022 --- # Change the TPM owner password From 832752a80dba8a5c69ba3b80793e18ebd1dc5c91 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 18 Jan 2022 09:14:40 -0800 Subject: [PATCH 19/19] Update windows/security/threat-protection/auditing/audit-registry.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/audit-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 39a62a47c9..a9559b8677 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -48,6 +48,6 @@ If success auditing is enabled, an audit entry is generated each time any accoun > [!NOTE] -> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (event 4656) issued by the object manager. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry-related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, you will not see this event with the setting to just see the registry-related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". This behaviour is expected only on the newer versions of the OS (Windows 11 / Windows Server 2022 and above). On older versions, 4656 events are not generated during subkey creation. +> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (event 4656) issued by the object manager. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry-related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, you will not see this event with the setting to just see the registry-related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". This behavior is expected only on later versions of the operating system (Windows 11, Windows Server 2022, and later). On previous versions, 4656 events are not generated during subkey creation. > > Calls to Registry APIs to access an open key object to perform an operation such as RegSetValue, RegEnumValue, and RegRenameKey would trigger an event to access the object (event 4663). For example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would.