diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 1eb791b4fd..d4302cecac 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -37,8 +37,8 @@ to opt out of automatic restarts until the deadline is reached (although we reco restarts for maximum update velocity). We recommend you set deadlines as follows: -- Quality update deadline, in days: 3 -- Feature update deadline, in days: 7 +- Quality update deadline, in days: 2 +- Feature update deadline, in days: 2 Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you @@ -62,7 +62,7 @@ be forced to update immediately when the user returns. We recommend you set the following: -- Grace period, in days: 2 +- Grace period, in days: 5 Once the deadline and grace period have passed, updates are applied automatically, and a restart occurs regardless of [active hours](#active-hours). diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 3549b7bdb6..96a06feeab 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -36,7 +36,7 @@ With a current version, it's best to use the new policy introduced in June 2019 |Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days| |-|-|-|-|-| -|(Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 3 | 7 | 2 | +|(Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 2 | 2 | 5 | When **Specify deadlines for automatic updates and restarts** is set (Windows 10, version 1709 and later): diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index eb76f1d581..14cccd81d4 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -83,7 +83,7 @@ This subcategory allows you to audit events generated by changes to security gro > [!IMPORTANT] > Event 4754(S) generates only for domain groups, so the Local sections in event [4731](event-4731.md) do not apply. -- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4737 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference. +- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4755 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference. > [!IMPORTANT] > Event 4755(S) generates only for domain groups, so the Local sections in event [4735](event-4735.md) do not apply. diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index f0c1ef0a6c..dbc99216c2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -90,7 +90,7 @@ There are no security audit event policies that can be configured to view output This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. -NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the +NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB relay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos versionĀ 5 protocol, or different authentication mechanisms, such as smart cards. ### Vulnerability