mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 03:13:44 +00:00
Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into fr-2024-03-refresh
This commit is contained in:
@ -11,7 +11,7 @@ manager: aaroncz
|
|||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.date: 02/27/2024
|
ms.date: 03/11/2024
|
||||||
---
|
---
|
||||||
|
|
||||||
# Update other Microsoft products
|
# Update other Microsoft products
|
||||||
@ -23,7 +23,7 @@ This article contains a list of other Microsoft products that might be updated w
|
|||||||
- **MDM**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowMUUpdateService](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowmuupdateservice)
|
- **MDM**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowMUUpdateService](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowmuupdateservice)
|
||||||
|
|
||||||
> [!Note]
|
> [!Note]
|
||||||
> This policy includes drivers. If you need to exclude drivers, use [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update&bc=/windows/deployment/breadcrumb/toc.json#excludewudriversinqualityupdate).
|
> This policy includes drivers. If you need to exclude drivers, use [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#excludewudriversinqualityupdate).
|
||||||
|
|
||||||
|
|
||||||
## List of other Microsoft products
|
## List of other Microsoft products
|
||||||
|
@ -11,7 +11,7 @@ manager: aaroncz
|
|||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.date: 12/06/2023
|
ms.date: 03/12/2024
|
||||||
---
|
---
|
||||||
|
|
||||||
# UCClient
|
# UCClient
|
||||||
@ -35,7 +35,6 @@ UCClient acts as an individual device's record. It contains data such as the cur
|
|||||||
| **IsVirtual** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `Yes, No` | Whether device is a virtual device. |
|
| **IsVirtual** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `Yes, No` | Whether device is a virtual device. |
|
||||||
| **LastCensusScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
|
| **LastCensusScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
|
||||||
| **LastWUScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
|
| **LastWUScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
|
||||||
| **NewTest_CF [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. |
|
|
||||||
| **OSArchitecture** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `x86` | The architecture of the operating system (not the device) this device is currently on. |
|
| **OSArchitecture** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `x86` | The architecture of the operating system (not the device) this device is currently on. |
|
||||||
| **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
|
| **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
|
||||||
| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `22621` | The major build number, in int format, the device is using. |
|
| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `22621` | The major build number, in int format, the device is using. |
|
||||||
@ -62,18 +61,18 @@ UCClient acts as an individual device's record. It contains data such as the cur
|
|||||||
| **WUAutomaticUpdates** | | No | | Currently, data isn't gathered to populate this field. Manage automatic update behavior to scan, download, and install updates. |
|
| **WUAutomaticUpdates** | | No | | Currently, data isn't gathered to populate this field. Manage automatic update behavior to scan, download, and install updates. |
|
||||||
| **WUDeadlineNoAutoRestart** | | No | | Currently, data isn't gathered to populate this field. Devices won't automatically restart outside of active hours until the deadline is reached - It's 1 by default and indicates enabled, 0 indicates disabled |
|
| **WUDeadlineNoAutoRestart** | | No | | Currently, data isn't gathered to populate this field. Devices won't automatically restart outside of active hours until the deadline is reached - It's 1 by default and indicates enabled, 0 indicates disabled |
|
||||||
| **WUDODownloadMode** | | No | | Currently, data isn't gathered to populate this field. The Windows Update DO DownloadMode configuration. |
|
| **WUDODownloadMode** | | No | | Currently, data isn't gathered to populate this field. The Windows Update DO DownloadMode configuration. |
|
||||||
| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows Update feature update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
|
| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The feature update deadline configuration in days. -1 indicates not configured. 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
|
||||||
| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: DeferFeatureUpdates. The Windows Update feature update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the policy setting. |
|
| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: DeferFeatureUpdates. The feature update deferral configuration in days. -1 indicates not configured. 0 indicates configured but set to 0. Values > 0 indicate the policy setting. |
|
||||||
| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
|
| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured. 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
|
||||||
| **WUFeaturePauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause will end, if activated, else null. |
|
| **WUFeaturePauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause ends, if activated, else null. |
|
||||||
| **WUFeaturePauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause was activated, if activated, else null. Feature updates are paused for 35 days from the specified start date. |
|
| **WUFeaturePauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause was activated, if activated, else null. Feature updates are paused for 35 days from the specified start date. |
|
||||||
| **WUFeaturePauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for feature updates. Possible values are Paused, NotPaused, NotConfigured. |
|
| **WUFeaturePauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for feature updates. Possible values are Paused, NotPaused, NotConfigured. |
|
||||||
| **WUNotificationLevel** | | No | | Currently, data isn't gathered to populate this field. This policy allows you to define what Windows Update notifications users see. 0 (default) - Use the default Windows Update notifications. 1 - Turn off all notifications, excluding restart warnings. 2 - Turn off all notifications, including restart warnings |
|
| **WUNotificationLevel** | | No | | Currently, data isn't gathered to populate this field. This policy allows you to define what Windows Update notifications users see. 0 (default) - Use the default Windows Update notifications. 1 - Turn off all notifications, excluding restart warnings. 2 - Turn off all notifications, including restart warnings |
|
||||||
| **WUPauseUXDisabled** | | No | | Currently, data isn't gathered to populate this field. This policy allows the IT admin to disable the Pause Updates feature. When this policy is enabled, the user can't access the Pause updates' feature. Supported values 0, 1. |
|
| **WUPauseUXDisabled** | | No | | Currently, data isn't gathered to populate this field. This policy allows the IT admin to disable the Pause Updates feature. When this policy is enabled, the user can't access the Pause updates' feature. Supported values 0, 1. |
|
||||||
| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
|
| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. -1 indicates not configured. 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
|
||||||
| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. |
|
| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured. 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. |
|
||||||
| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
|
| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured. 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
|
||||||
| **WUQualityPauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- will end, if activated, else null. |
|
| **WUQualityPauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time the quality update pause ends, if activated, else null. |
|
||||||
| **WUQualityPauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- was activated; if activated; else null. |
|
| **WUQualityPauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- was activated; if activated; else null. |
|
||||||
| **WUQualityPauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for quality updates. Possible values are Paused, NotPaused, NotConfigured. |
|
| **WUQualityPauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for quality updates. Possible values are Paused, NotPaused, NotConfigured. |
|
||||||
| **WURestartNotification** | | No | | Currently, data isn't gathered to populate this field. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed. The following list shows the supported values: 1 (default) = Auto Dismissal. 2 - User Dismissal. |
|
| **WURestartNotification** | | No | | Currently, data isn't gathered to populate this field. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed. The following list shows the supported values: 1 (default) = Auto Dismissal. 2 - User Dismissal. |
|
||||||
|
@ -26,6 +26,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
|
|||||||
- csi.exe
|
- csi.exe
|
||||||
- dbghost.exe
|
- dbghost.exe
|
||||||
- dbgsvc.exe
|
- dbgsvc.exe
|
||||||
|
- dbgsrv.exe
|
||||||
- dnx.exe
|
- dnx.exe
|
||||||
- dotnet.exe
|
- dotnet.exe
|
||||||
- fsi.exe
|
- fsi.exe
|
||||||
@ -143,6 +144,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and
|
|||||||
<Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion="5.812.10240.0" />
|
<Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion="5.812.10240.0" />
|
||||||
<Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0" />
|
<Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0" />
|
||||||
<Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0" />
|
<Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0" />
|
||||||
|
<Deny ID="ID_DENY_DBGSRV" FriendlyName="dbgsrv.exe" FileName="dbgsrv.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
||||||
<Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
<Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
||||||
<Deny ID="ID_DENY_DOTNET" FriendlyName="dotnet.exe" FileName="dotnet.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
<Deny ID="ID_DENY_DOTNET" FriendlyName="dotnet.exe" FileName="dotnet.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
||||||
<Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
<Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
|
||||||
@ -854,6 +856,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and
|
|||||||
<FileRuleRef RuleID="ID_DENY_CSCRIPT" />
|
<FileRuleRef RuleID="ID_DENY_CSCRIPT" />
|
||||||
<FileRuleRef RuleID="ID_DENY_DBGHOST" />
|
<FileRuleRef RuleID="ID_DENY_DBGHOST" />
|
||||||
<FileRuleRef RuleID="ID_DENY_DBGSVC" />
|
<FileRuleRef RuleID="ID_DENY_DBGSVC" />
|
||||||
|
<FileRuleRef RuleID="ID_DENY_DBGSRV" />
|
||||||
<FileRuleRef RuleID="ID_DENY_DNX" />
|
<FileRuleRef RuleID="ID_DENY_DNX" />
|
||||||
<FileRuleRef RuleID="ID_DENY_DOTNET" />
|
<FileRuleRef RuleID="ID_DENY_DOTNET" />
|
||||||
<FileRuleRef RuleID="ID_DENY_FSI" />
|
<FileRuleRef RuleID="ID_DENY_FSI" />
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
title: Enterprise certificate pinning
|
title: Enterprise certificate pinning
|
||||||
description: Enterprise certificate pinning is a Windows feature for remembering, or pinning, a root issuing certificate authority, or end-entity certificate to a domain name.
|
description: Enterprise certificate pinning is a Windows feature for remembering, or pinning, a root issuing certificate authority, or end-entity certificate to a domain name.
|
||||||
ms.topic: concept-article
|
ms.topic: concept-article
|
||||||
ms.date: 05/24/2023
|
ms.date: 03/12/2024
|
||||||
---
|
---
|
||||||
|
|
||||||
# Enterprise certificate pinning overview
|
# Enterprise certificate pinning overview
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business cloud-only deployment guide
|
title: Windows Hello for Business cloud-only deployment guide
|
||||||
description: Learn how to deploy Windows Hello for Business in a cloud-only deployment scenario.
|
description: Learn how to deploy Windows Hello for Business in a cloud-only deployment scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: how-to
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
# Cloud-only deployment guide
|
# Cloud-only deployment guide
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Configure Active Directory Federation Services in a hybrid certificate trust model
|
title: Configure Active Directory Federation Services in a hybrid certificate trust model
|
||||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business hybrid certificate trust model.
|
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business hybrid certificate trust model.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Configure and enroll in Windows Hello for Business in hybrid certificate trust model
|
title: Configure and enroll in Windows Hello for Business in hybrid certificate trust model
|
||||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
|
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Configure and validate the PKI in an hybrid certificate trust model
|
title: Configure and validate the PKI in an hybrid certificate trust model
|
||||||
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
|
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business hybrid certificate trust deployment guide
|
title: Windows Hello for Business hybrid certificate trust deployment guide
|
||||||
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business cloud Kerberos trust deployment guide
|
title: Windows Hello for Business cloud Kerberos trust deployment guide
|
||||||
description: Learn how to deploy Windows Hello for Business in a cloud Kerberos trust scenario.
|
description: Learn how to deploy Windows Hello for Business in a cloud Kerberos trust scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Configure and enroll in Windows Hello for Business in a hybrid key trust model
|
title: Configure and enroll in Windows Hello for Business in a hybrid key trust model
|
||||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
|
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
|
||||||
ms.date: 12/29/2023
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business hybrid key trust deployment guide
|
title: Windows Hello for Business hybrid key trust deployment guide
|
||||||
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
|
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Plan a Windows Hello for Business Deployment
|
title: Plan a Windows Hello for Business Deployment
|
||||||
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
||||||
ms.date: 01/02/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: overview
|
ms.topic: concept-article
|
||||||
---
|
---
|
||||||
|
|
||||||
# Plan a Windows Hello for Business deployment
|
# Plan a Windows Hello for Business deployment
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Configure Active Directory Federation Services in an on-premises certificate trust model
|
title: Configure Active Directory Federation Services in an on-premises certificate trust model
|
||||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business on-premises certificate trust model.
|
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business on-premises certificate trust model.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
|
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
|
||||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
|
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business on-premises certificate trust deployment guide
|
title: Windows Hello for Business on-premises certificate trust deployment guide
|
||||||
description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust scenario.
|
description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Configure Active Directory Federation Services in an on-premises key trust model
|
title: Configure Active Directory Federation Services in an on-premises key trust model
|
||||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business key trust model.
|
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business key trust model.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
title: Configure Windows Hello for Business Policy settings in an on-premises key trust
|
title: Configure Windows Hello for Business Policy settings in an on-premises key trust
|
||||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
|
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business on-premises key trust deployment guide
|
title: Windows Hello for Business on-premises key trust deployment guide
|
||||||
description: Learn how to deploy Windows Hello for Business in an on-premises, key trust scenario.
|
description: Learn how to deploy Windows Hello for Business in an on-premises, key trust scenario.
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Prepare users to provision and use Windows Hello for Business
|
title: Prepare users to provision and use Windows Hello for Business
|
||||||
description: Learn how to prepare users to enroll and to use Windows Hello for Business.
|
description: Learn how to prepare users to enroll and to use Windows Hello for Business.
|
||||||
ms.date: 01/02/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: end-user-help
|
ms.topic: end-user-help
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello for Business known deployment issues
|
title: Windows Hello for Business known deployment issues
|
||||||
description: This article is a troubleshooting guide for known Windows Hello for Business deployment issues.
|
description: This article is a troubleshooting guide for known Windows Hello for Business deployment issues.
|
||||||
ms.date: 06/02/2023
|
ms.date: 03/12/2024
|
||||||
ms.topic: troubleshooting
|
ms.topic: troubleshooting
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -2,12 +2,12 @@
|
|||||||
title: Windows Hello errors during PIN creation
|
title: Windows Hello errors during PIN creation
|
||||||
description: When you set up Windows Hello, you may get an error during the Create a work PIN step.
|
description: When you set up Windows Hello, you may get an error during the Create a work PIN step.
|
||||||
ms.topic: troubleshooting
|
ms.topic: troubleshooting
|
||||||
ms.date: 01/26/2024
|
ms.date: 03/12/2024
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Hello errors during PIN creation
|
# Windows Hello errors during PIN creation
|
||||||
|
|
||||||
When you set up Windows Hello in Windows client, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.
|
When you set up Windows Hello in Windows client, you may get an error during the **Create a PIN** step. This article lists some of the error codes with recommendations for mitigating the problem. If you get an error code that isn't listed here, contact Microsoft Support.
|
||||||
|
|
||||||
## Where is the error code?
|
## Where is the error code?
|
||||||
|
|
||||||
@ -24,41 +24,41 @@ When a user encounters an error when creating the work PIN, advise the user to t
|
|||||||
3. Reboot the device and then try to create the PIN again.
|
3. Reboot the device and then try to create the PIN again.
|
||||||
4. Unjoin the device from Microsoft Entra ID, rejoin, and then try to create the PIN again. To unjoin a device, go to **Settings > System > About > Disconnect from organization**.
|
4. Unjoin the device from Microsoft Entra ID, rejoin, and then try to create the PIN again. To unjoin a device, go to **Settings > System > About > Disconnect from organization**.
|
||||||
|
|
||||||
If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
|
If the error occurs again, check the error code against the following table to see if there's another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
|
||||||
|
|
||||||
| Hex | Cause | Mitigation |
|
| Hex | Cause | Mitigation |
|
||||||
| :--------- | :----------------------------------------------------------------- | :------------------------------------------ |
|
| :--------- | :----------------------------------------------------------------- | :------------------------------------------ |
|
||||||
| 0x80090005 | NTE_BAD_DATA | Unjoin the device from Microsoft Entra ID and rejoin. |
|
| 0x80090005 | NTE_BAD_DATA | Unjoin the device from Microsoft Entra ID and rejoin. |
|
||||||
| 0x8009000F | The container or key already exists. | Unjoin the device from Microsoft Entra ID and rejoin. |
|
| 0x8009000F | The container or key already exists. | Unjoin the device from Microsoft Entra ID and rejoin. |
|
||||||
| 0x80090011 | The container or key was not found. | Unjoin the device from Microsoft Entra ID and rejoin. |
|
| 0x80090011 | The container or key wasn't found. | Unjoin the device from Microsoft Entra ID and rejoin. |
|
||||||
| 0x80090029 | TPM is not set up. | Sign on with an administrator account. Select **Start**, type `tpm.msc`, and select **tpm.msc Microsoft Common Console Document**. In the **Actions** pane, select **Prepare the TPM**. |
|
| 0x80090029 | TPM isn't set up. | Sign on with an administrator account. Select **Start**, type `tpm.msc`, and select **tpm.msc Microsoft Common Console Document**. In the **Actions** pane, select **Prepare the TPM**. |
|
||||||
| 0x8009002A | NTE_NO_MEMORY | Close programs which are taking up memory and try again. |
|
| 0x8009002A | NTE_NO_MEMORY | Close programs which are taking up memory and try again. |
|
||||||
| 0x80090031 | NTE_AUTHENTICATION_IGNORED | Reboot the device. If the error occurs again after rebooting, [reset the TPM](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd851452(v=ws.11)) or run [Clear-TPM](/powershell/module/trustedplatformmodule/clear-tpm). |
|
| 0x80090031 | NTE_AUTHENTICATION_IGNORED | Reboot the device. If the error occurs again after rebooting, [reset the TPM](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd851452(v=ws.11)) or run [Clear-TPM](/powershell/module/trustedplatformmodule/clear-tpm). |
|
||||||
| 0x80090035 | Policy requires TPM and the device does not have TPM. | Change the Windows Hello for Business policy to not require a TPM. |
|
| 0x80090035 | Policy requires TPM and the device doesn't have TPM. | Change the Windows Hello for Business policy to not require a TPM. |
|
||||||
| 0x80090036 | User canceled an interactive dialog. | User will be asked to try again. |
|
| 0x80090036 | User canceled an interactive dialog. | User is asked to try again. |
|
||||||
| 0x801C0003 | User is not authorized to enroll. | Check if the user has permission to perform the operation. |
|
| 0x801C0003 | User isn't authorized to enroll. | Check if the user has permission to perform the operation. |
|
||||||
| 0x801C000E | Registration quota reached. | Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](/azure/active-directory/devices/device-management-azure-portal). |
|
| 0x801C000E | Registration quota reached. | Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](/azure/active-directory/devices/device-management-azure-portal). |
|
||||||
| 0x801C000F | Operation successful, but the device requires a reboot. | Reboot the device. |
|
| 0x801C000F | Operation successful, but the device requires a reboot. | Reboot the device. |
|
||||||
| 0x801C0010 | The AIK certificate is not valid or trusted. | Sign out and then sign in again. |
|
| 0x801C0010 | The AIK certificate isn't valid or trusted. | Sign out and then sign in again. |
|
||||||
| 0x801C0011 | The attestation statement of the transport key is invalid. | Sign out and then sign in again. |
|
| 0x801C0011 | The attestation statement of the transport key is invalid. | Sign out and then sign in again. |
|
||||||
| 0x801C0012 | Discovery request is not in a valid format. | Sign out and then sign in again. |
|
| 0x801C0012 | Discovery request isn't in a valid format. | Sign out and then sign in again. |
|
||||||
| 0x801C0015 | The device is required to be joined to an Active Directory domain. | Join the device to an Active Directory domain. |
|
| 0x801C0015 | The device is required to be joined to an Active Directory domain. | Join the device to an Active Directory domain. |
|
||||||
| 0x801C0016 | The federation provider configuration is empty | Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the file is not empty. |
|
| 0x801C0016 | The federation provider configuration is empty | Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the file isn't empty. |
|
||||||
| 0x801C0017 | The federation provider domain is empty | Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the FPDOMAINNAME element is not empty. |
|
| 0x801C0017 | The federation provider domain is empty | Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the FPDOMAINNAME element isn't empty. |
|
||||||
| 0x801C0018 | The federation provider client configuration URL is empty | Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the CLIENTCONFIG element contains a valid URL. |
|
| 0x801C0018 | The federation provider client configuration URL is empty | Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the CLIENTCONFIG element contains a valid URL. |
|
||||||
| 0x801C03E9 | Server response message is invalid | Sign out and then sign in again. |
|
| 0x801C03E9 | Server response message is invalid | Sign out and then sign in again. |
|
||||||
| 0x801C03EA | Server failed to authorize user or device. | Check if the token is valid and user has permission to register Windows Hello for Business keys. |
|
| 0x801C03EA | Server failed to authorize user or device. | Check if the token is valid and user has permission to register Windows Hello for Business keys. |
|
||||||
| 0x801C03EB | Server response http status is not valid | Sign out and then sign in again. |
|
| 0x801C03EB | Server response http status isn't valid | Sign out and then sign in again. |
|
||||||
| 0x801C03EC | Unhandled exception from server. | sign out and then sign in again. |
|
| 0x801C03EC | Unhandled exception from server. | sign out and then sign in again. |
|
||||||
| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed. <br><br> -or- <br><br> Token was not found in the Authorization header. <br><br> -or- <br><br> Failed to read one or more objects. <br><br> -or- <br><br> The request sent to the server was invalid. <br><br> -or- <br><br> User does not have permissions to join to Microsoft Entra ID. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure AD and rejoin. <br> Allow user(s) to join to Microsoft Entra ID under Microsoft Entra Device settings.
|
| 0x801C03ED | Multifactor authentication is required for a 'ProvisionKey' operation, but wasn't performed. <br><br> -or- <br><br> Token wasn't found in the Authorization header. <br><br> -or- <br><br> Failed to read one or more objects. <br><br> -or- <br><br> The request sent to the server was invalid. <br><br> -or- <br><br> User doesn't have permissions to join to Microsoft Entra ID. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure AD and rejoin. <br> Allow user(s) to join to Microsoft Entra ID under Microsoft Entra Device settings.
|
||||||
| 0x801C03EE | Attestation failed. | Sign out and then sign in again. |
|
| 0x801C03EE | Attestation failed. | Sign out and then sign in again. |
|
||||||
| 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. |
|
| 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. |
|
||||||
| 0x801C03F2 | Windows Hello key registration failed. | ERROR_BAD_DIRECTORY_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in Microsoft Entra ID and the Primary SMTP address are the same in the proxy address.
|
| 0x801C03F2 | Windows Hello key registration failed. | ERROR_BAD_DIRECTORY_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in Microsoft Entra ID and the Primary SMTP address are the same in the proxy address.
|
||||||
| 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Microsoft Entra ID and rejoin. |
|
| 0x801C044D | Authorization token doesn't contain device ID. | Unjoin the device from Microsoft Entra ID and rejoin. |
|
||||||
| | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. |
|
| | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. |
|
||||||
| 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. |
|
| 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. |
|
||||||
| 0x801C0451 | User token switch account. | Delete the Web Account Manager token broker files located in `%LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts\*.*\` and reboot.|
|
| 0x801C0451 | User token switch account. | Delete the Web Account Manager token broker files located in `%LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts\*.*\` and reboot.|
|
||||||
| 0xC00000BB | Your PIN or this option is temporarily unavailable. | The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Another common cause can be the client cannot verify the KDC certificate CRL. Use a different login method.|
|
| 0xC00000BB | Your PIN or this option is temporarily unavailable. | The destination domain controller doesn't support the sign in method. Most often the KDC service doesn't have the proper certificate to support the sign in. Another common cause can be the client can't verify the KDC certificate CRL. Use a different login method.|
|
||||||
|
|
||||||
## Errors with unknown mitigation
|
## Errors with unknown mitigation
|
||||||
|
|
||||||
@ -73,18 +73,18 @@ For errors listed in this table, contact Microsoft Support for assistance.
|
|||||||
| 0x80090020 | NTE_FAIL |
|
| 0x80090020 | NTE_FAIL |
|
||||||
| 0x80090027 | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. |
|
| 0x80090027 | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. |
|
||||||
| 0x8009002D | NTE_INTERNAL_ERROR |
|
| 0x8009002D | NTE_INTERNAL_ERROR |
|
||||||
| 0x801C0001 | ADRS server response is not in a valid format. |
|
| 0x801C0001 | ADRS server response isn't in a valid format. |
|
||||||
| 0x801C0002 | Server failed to authenticate the user. |
|
| 0x801C0002 | Server failed to authenticate the user. |
|
||||||
| 0x801C0006 | Unhandled exception from server. |
|
| 0x801C0006 | Unhandled exception from server. |
|
||||||
| 0x801C000B | Redirection is needed and redirected location is not a well known server. |
|
| 0x801C000B | Redirection is needed and redirected location isn't a well known server. |
|
||||||
| 0x801C000C | Discovery failed. |
|
| 0x801C000C | Discovery failed. |
|
||||||
| 0x801C0013 | Tenant ID is not found in the token. |
|
| 0x801C0013 | Tenant ID isn't found in the token. |
|
||||||
| 0x801C0014 | User SID is not found in the token. |
|
| 0x801C0014 | User SID isn't found in the token. |
|
||||||
| 0x801C0019 | The federation provider client configuration is empty |
|
| 0x801C0019 | The federation provider client configuration is empty |
|
||||||
| 0x801C001A | The DRS endpoint in the federation provider client configuration is empty. |
|
| 0x801C001A | The DRS endpoint in the federation provider client configuration is empty. |
|
||||||
| 0x801C001B | The device certificate is not found. |
|
| 0x801C001B | The device certificate isn't found. |
|
||||||
| 0x801C03F0 | There is no key registered for the user. |
|
| 0x801C03F0 | There's no key registered for the user. |
|
||||||
| 0x801C03F1 | There is no UPN in the token. |
|
| 0x801C03F1 | There's no UPN in the token. |
|
||||||
| 0x801C044C | There is no core window for the current thread. |
|
| 0x801C044C | There's no core window for the current thread. |
|
||||||
| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Microsoft Entra token for provisioning. Unable to enroll a device to use a PIN for login. |
|
| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Microsoft Entra token for provisioning. Unable to enroll a device to use a PIN for login. |
|
||||||
| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall generated this response. |
|
| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall generated this response. |
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
ms.date: 01/03/2024
|
ms.date: 03/12/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
title: Windows identity protection
|
title: Windows identity protection
|
||||||
description: Learn more about identity protection technologies in Windows.
|
description: Learn more about identity protection technologies in Windows.
|
||||||
ms.topic: overview
|
ms.topic: overview
|
||||||
ms.date: 07/27/2023
|
ms.date: 03/12/2024
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows identity protection
|
# Windows identity protection
|
||||||
|
@ -3,7 +3,7 @@ title: Windows passwordless experience
|
|||||||
description: Learn how Windows passwordless experience enables your organization to move away from passwords.
|
description: Learn how Windows passwordless experience enables your organization to move away from passwords.
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- tier1
|
- tier1
|
||||||
ms.date: 09/27/2023
|
ms.date: 03/12/2024
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
title: Remote Credential Guard
|
title: Remote Credential Guard
|
||||||
description: Learn how Remote Credential Guard helps to secure Remote Desktop credentials by never sending them to the target device.
|
description: Learn how Remote Credential Guard helps to secure Remote Desktop credentials by never sending them to the target device.
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
ms.date: 12/08/2023
|
ms.date: 03/12/2024
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Web sign-in for Windows
|
title: Web sign-in for Windows
|
||||||
description: Learn how Web sign-in in Windows works, key scenarios, and how to configure it.
|
description: Learn how Web sign-in in Windows works, key scenarios, and how to configure it.
|
||||||
ms.date: 12/11/2023
|
ms.date: 03/12/2023
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||||
@ -11,8 +11,8 @@ ms.collection:
|
|||||||
|
|
||||||
# Web sign-in for Windows
|
# Web sign-in for Windows
|
||||||
|
|
||||||
Starting in Windows 11, version 22H2 with [KB5030310][KB-1], you can enable a web-based sign-in experience on Microsoft Entra joined devices, unlocking new sign-in options and capabilities.
|
Starting in Windows 11, version 22H2 with [KB5030310][KB-1], you can enable a web-based sign-in experience on Microsoft Entra joined devices.
|
||||||
This feature is called *Web sign-in*.
|
This feature is called *Web sign-in*, and it unlocks new sign-in options and capabilities.
|
||||||
|
|
||||||
Web sign-in is a *credential provider*, and it was initially introduced in Windows 10 with support for Temporary Access Pass (TAP) only. With the release of Windows 11, the supported scenarios and capabilities of Web sign-in are expanded.\
|
Web sign-in is a *credential provider*, and it was initially introduced in Windows 10 with support for Temporary Access Pass (TAP) only. With the release of Windows 11, the supported scenarios and capabilities of Web sign-in are expanded.\
|
||||||
For example, you can sign in with the Microsoft Authenticator app or with a SAML-P federated identity.
|
For example, you can sign in with the Microsoft Authenticator app or with a SAML-P federated identity.
|
||||||
@ -21,11 +21,11 @@ This article describes how to configure Web sign-in and the supported key scenar
|
|||||||
|
|
||||||
## System requirements
|
## System requirements
|
||||||
|
|
||||||
To use web sign-in, the clients must meet the following prerequisites:
|
Here are the prerequisites for using Web sign-in:
|
||||||
|
|
||||||
- Windows 11, version 22H2 with [5030310][KB-1], or later
|
- Windows 11, version 22H2 with [5030310][KB-1], or later
|
||||||
- Must be [Microsoft Entra joined](/entra/identity/devices/concept-directory-join)
|
- [Microsoft Entra joined](/entra/identity/devices/concept-directory-join)
|
||||||
- Must have Internet connectivity, as the authentication is done over the Internet
|
- Internet connectivity, as the authentication is done over the Internet
|
||||||
|
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
> Web sign-in is not supported for Microsoft Entra hybrid joined or domain joined devices.
|
> Web sign-in is not supported for Microsoft Entra hybrid joined or domain joined devices.
|
||||||
|
@ -1,167 +1,156 @@
|
|||||||
### YamlMime:Hub
|
### YamlMime:Landing
|
||||||
|
|
||||||
title: Windows client security documentation
|
title: Windows security documentation
|
||||||
summary: Learn how to secure Windows clients for your organization.
|
summary: Windows is designed with zero-trust principles at its core, offering powerful security from chip to cloud. As organizations embrace hybrid work environments, the need for robust security solutions becomes paramount. Windows integrates advanced hardware and software protection, ensuring data integrity and access control across devices. Learn about the different security features included in Windows.
|
||||||
brand: windows
|
|
||||||
|
|
||||||
metadata:
|
metadata:
|
||||||
ms.topic: hub-page
|
ms.topic: landing-page
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- tier1
|
- tier1
|
||||||
- essentials-navigation
|
- essentials-navigation
|
||||||
author: paolomatarazzo
|
author: paolomatarazzo
|
||||||
ms.author: paoloma
|
ms.author: paoloma
|
||||||
manager: aaroncz
|
manager: aaroncz
|
||||||
ms.date: 09/18/2023
|
ms.date: 03/12/2024
|
||||||
|
|
||||||
highlightedContent:
|
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | tutorial | overview | quickstart | reference | sample | tutorial | video | whats-new
|
||||||
items:
|
|
||||||
- title: Get started with Windows security
|
|
||||||
itemType: get-started
|
|
||||||
url: introduction.md
|
|
||||||
- title: Windows 11, version 22H2
|
|
||||||
itemType: whats-new
|
|
||||||
url: /windows/whats-new/whats-new-windows-11-version-22H2
|
|
||||||
- title: Advance your security posture with Microsoft Intune from chip to cloud
|
|
||||||
itemType: learn
|
|
||||||
url: https://learn.microsoft.com/training/modules/m365-advance-organization-security-posture/
|
|
||||||
- title: Security features licensing and edition requirements
|
|
||||||
itemType: overview
|
|
||||||
url: /windows/security/licensing-and-edition-requirements
|
|
||||||
|
|
||||||
|
landingContent:
|
||||||
|
|
||||||
productDirectory:
|
- title: Learn about hardware security
|
||||||
title: Get started
|
linkLists:
|
||||||
items:
|
- linkListType: overview
|
||||||
|
|
||||||
- title: Hardware security
|
|
||||||
imageSrc: /media/common/i_usb.svg
|
|
||||||
links:
|
links:
|
||||||
- url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
|
- text: Trusted Platform Module (TPM)
|
||||||
text: Trusted Platform Module
|
url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
|
||||||
- url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
|
- text: Microsoft Pluton
|
||||||
text: Microsoft Pluton
|
url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
|
||||||
- url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
|
- text: Windows Defender System Guard
|
||||||
text: Windows Defender System Guard
|
url: /windows-hardware/design/device-experiences/oem-vbs
|
||||||
- url: /windows-hardware/design/device-experiences/oem-vbs
|
- text: Virtualization-based security (VBS)
|
||||||
text: Virtualization-based security (VBS)
|
url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
|
||||||
- url: /windows-hardware/design/device-experiences/oem-highly-secure-11
|
- text: Secured-core PC
|
||||||
text: Secured-core PC
|
url: /windows-hardware/design/device-experiences/oem-highly-secure-11
|
||||||
- url: /windows/security/hardware-security
|
|
||||||
text: Learn more about hardware security >
|
|
||||||
|
|
||||||
- title: OS security
|
- title: Learn about OS security
|
||||||
imageSrc: /media/common/i_threat-protection.svg
|
linkLists:
|
||||||
|
- linkListType: overview
|
||||||
links:
|
links:
|
||||||
- url: /windows/security/operating-system-security
|
- text: Trusted boot
|
||||||
text: Trusted boot
|
url: /windows/security/operating-system-security
|
||||||
- url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
|
- text: Windows security settings
|
||||||
text: Windows security settings
|
url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
|
||||||
- url: /windows/security/operating-system-security/data-protection/bitlocker/
|
- text: BitLocker
|
||||||
text: BitLocker
|
url: /windows/security/operating-system-security/data-protection/bitlocker/
|
||||||
- url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
|
- text: Personal Data Encryption (PDE)
|
||||||
text: Windows security baselines
|
url: /windows/security/operating-system-security/data-protection/personal-data-encryption
|
||||||
- url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
|
- text: Windows security baselines
|
||||||
text: Microsoft Defender SmartScreen
|
url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
|
||||||
- url: /windows/security/operating-system-security
|
- text: Microsoft Defender SmartScreen
|
||||||
text: Learn more about OS security >
|
url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
|
||||||
|
- text: Windows Firewall
|
||||||
- title: Identity protection
|
url: /windows/security/operating-system-security/network-security/windows-firewall/
|
||||||
imageSrc: /media/common/i_identity-protection.svg
|
- linkListType: architecture
|
||||||
links:
|
links:
|
||||||
- url: /windows/security/identity-protection/hello-for-business
|
- text: BitLocker planning guide
|
||||||
text: Windows Hello for Business
|
url: /windows/security/operating-system-security/data-protection/bitlocker/planning-guide
|
||||||
- url: /windows/security/identity-protection/passwordless-experience
|
- linkListType: how-to-guide
|
||||||
text: Windows passwordless experience
|
|
||||||
- url: /windows/security/identity-protection/web-sign-in
|
|
||||||
text: Web sign-in for Windows
|
|
||||||
- url: /windows/security/identity-protection/passkeys
|
|
||||||
text: Support for passkeys in Windows
|
|
||||||
- url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
|
|
||||||
text: Enhanced phishing protection with SmartScreen
|
|
||||||
- url: /windows/security/identity-protection
|
|
||||||
text: Learn more about identity protection >
|
|
||||||
|
|
||||||
- title: Application security
|
|
||||||
imageSrc: /media/common/i_queries.svg
|
|
||||||
links:
|
links:
|
||||||
- url: /windows/security/application-security/application-control/windows-defender-application-control/
|
- text: Configure BitLocker
|
||||||
text: Windows Defender Application Control (WDAC)
|
url: /windows/security/operating-system-security/data-protection/bitlocker/configure
|
||||||
- url: /windows/security/application-security/application-control/user-account-control
|
- text: Configure PDE
|
||||||
text: User Account Control (UAC)
|
url: /windows/security/operating-system-security/data-protection/personal-data-encryption/configure
|
||||||
- url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
|
- linkListType: whats-new
|
||||||
text: Microsoft vulnerable driver blocklist
|
|
||||||
- url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
|
|
||||||
text: Microsoft Defender Application Guard (MDAG)
|
|
||||||
- url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
|
|
||||||
text: Windows Sandbox
|
|
||||||
- url: /windows/security/application-security
|
|
||||||
text: Learn more about application security >
|
|
||||||
|
|
||||||
- title: Security foundations
|
|
||||||
imageSrc: /media/common/i_build.svg
|
|
||||||
links:
|
links:
|
||||||
- url: /windows/security/security-foundations/certification/fips-140-validation
|
- text: Hyper-V firewall
|
||||||
text: FIPS 140-2 validation
|
url: /windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall
|
||||||
- url: /windows/security/security-foundations/certification/windows-platform-common-criteria
|
|
||||||
text: Common Criteria Certifications
|
|
||||||
- url: /windows/security/security-foundations/msft-security-dev-lifecycle
|
|
||||||
text: Microsoft Security Development Lifecycle (SDL)
|
|
||||||
- url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
|
|
||||||
text: Microsoft Windows Insider Preview bounty program
|
|
||||||
- url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
|
|
||||||
text: OneFuzz service
|
|
||||||
- url: /windows/security/security-foundations
|
|
||||||
text: Learn more about security foundations >
|
|
||||||
|
|
||||||
- title: Cloud security
|
- title: Learn about identity protection
|
||||||
imageSrc: /media/common/i_cloud-security.svg
|
linkLists:
|
||||||
|
- linkListType: overview
|
||||||
links:
|
links:
|
||||||
- url: /mem/intune/protect/security-baselines
|
- text: Passwordless strategy
|
||||||
text: Security baselines with Intune
|
url: /windows/security/identity-protection/passwordless-strategy
|
||||||
- url: /windows/deployment/windows-autopatch
|
- text: Windows Hello for Business
|
||||||
text: Windows Autopatch
|
url: /windows/security/identity-protection/hello-for-business
|
||||||
- url: /windows/deployment/windows-autopilot
|
- text: Windows passwordless experience
|
||||||
text: Windows Autopilot
|
url: /windows/security/identity-protection/passwordless-experience
|
||||||
- url: /universal-print
|
- text: Web sign-in for Windows
|
||||||
text: Universal Print
|
url: /windows/security/identity-protection/web-sign-in
|
||||||
- url: /windows/client-management/mdm/remotewipe-csp
|
- text: Passkeys
|
||||||
text: Remote wipe
|
url: /windows/security/identity-protection/passkeys
|
||||||
- url: /windows/security/cloud-security
|
- text: FIDO2 security keys
|
||||||
text: Learn more about cloud security >
|
url: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
|
||||||
|
- text: Enhanced phishing protection with SmartScreen
|
||||||
additionalContent:
|
url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
|
||||||
sections:
|
- linkListType: how-to-guide
|
||||||
- title: More Windows resources
|
|
||||||
items:
|
|
||||||
|
|
||||||
- title: Windows Server
|
|
||||||
links:
|
links:
|
||||||
- text: Windows Server documentation
|
- text: Configure PIN reset
|
||||||
url: /windows-server
|
url: /windows/security/identity-protection/hello-for-business/pin-reset
|
||||||
- text: What's new in Windows Server 2022?
|
- text: RDP sign-in with Windows Hello for Business
|
||||||
url: /windows-server/get-started/whats-new-in-windows-server-2022
|
url: /windows/security/identity-protection/hello-for-business/rdp-sign-in
|
||||||
- text: Windows Server blog
|
- linkListType: architecture
|
||||||
url: https://cloudblogs.microsoft.com/windowsserver/
|
|
||||||
|
|
||||||
- title: Windows product site and blogs
|
|
||||||
links:
|
links:
|
||||||
- text: Find out how Windows enables your business to do more
|
- text: Plan a Windows Hello for Business deployment
|
||||||
url: https://www.microsoft.com/microsoft-365/windows
|
url: /windows/security/identity-protection/hello-for-business/deploy/
|
||||||
- text: Windows blogs
|
- linkListType: deploy
|
||||||
url: https://blogs.windows.com/
|
|
||||||
- text: Windows IT Pro blog
|
|
||||||
url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
|
|
||||||
- text: Microsoft Intune blog
|
|
||||||
url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
|
|
||||||
- text: "Windows help & learning: end-user documentation"
|
|
||||||
url: https://support.microsoft.com/windows
|
|
||||||
|
|
||||||
- title: Participate in the community
|
|
||||||
links:
|
links:
|
||||||
- text: Windows community
|
- text: Cloud Kerberos trust deployment guide
|
||||||
url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
|
url: /windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust
|
||||||
- text: Microsoft Intune community
|
|
||||||
url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
|
- title: Learn about application security
|
||||||
- text: Microsoft Support community
|
linkLists:
|
||||||
url: https://answers.microsoft.com/windows/forum
|
- linkListType: overview
|
||||||
|
links:
|
||||||
|
- text: Windows Defender Application Control (WDAC)
|
||||||
|
url: /windows/security/application-security/application-control/windows-defender-application-control/
|
||||||
|
- text: User Account Control (UAC)
|
||||||
|
url: /windows/security/application-security/application-control/user-account-control
|
||||||
|
- text: Microsoft vulnerable driver blocklist
|
||||||
|
url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
|
||||||
|
- text: Microsoft Defender Application Guard (MDAG)
|
||||||
|
url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
|
||||||
|
- text: Windows Sandbox
|
||||||
|
url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
|
||||||
|
- linkListType: how-to-guide
|
||||||
|
links:
|
||||||
|
- text: Configure Windows Sandbox
|
||||||
|
url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file
|
||||||
|
|
||||||
|
- title: Learn about security foundations
|
||||||
|
linkLists:
|
||||||
|
- linkListType: overview
|
||||||
|
links:
|
||||||
|
- text: Zero trust
|
||||||
|
url: /windows/security/security-foundations/zero-trust-windows-device-health
|
||||||
|
- text: FIPS 140 validation
|
||||||
|
url: /windows/security/security-foundations/certification/fips-140-validation
|
||||||
|
- text: Common Criteria Certifications
|
||||||
|
url: /windows/security/security-foundations/certification/windows-platform-common-criteria
|
||||||
|
- text: Microsoft Security Development Lifecycle (SDL)
|
||||||
|
url: /windows/security/security-foundations/msft-security-dev-lifecycle
|
||||||
|
- text: Microsoft Windows Insider Preview bounty program
|
||||||
|
url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
|
||||||
|
- text: OneFuzz service
|
||||||
|
url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
|
||||||
|
- linkListType: whats-new
|
||||||
|
links:
|
||||||
|
- text: Completed FIPS validations - Windows 11
|
||||||
|
url: /windows/security/security-foundations/certification/validations/fips-140-windows11
|
||||||
|
- text: Completed CC certifications - Windows 11
|
||||||
|
url: /windows/security/security-foundations/certification/validations/cc-windows11
|
||||||
|
|
||||||
|
- title: Learn about cloud security
|
||||||
|
linkLists:
|
||||||
|
- linkListType: overview
|
||||||
|
links:
|
||||||
|
- text: Security baselines with Intune
|
||||||
|
url: /mem/intune/protect/security-baselines
|
||||||
|
- text: Windows Autopatch
|
||||||
|
url: /windows/deployment/windows-autopatch
|
||||||
|
- text: Windows Autopilot
|
||||||
|
url: /windows/deployment/windows-autopilot
|
||||||
|
- text: Universal Print
|
||||||
|
url: /universal-print
|
||||||
|
- text: Remote wipe
|
||||||
|
url: /windows/client-management/mdm/remotewipe-csp
|
Reference in New Issue
Block a user