Merge branch 'main' into pm-20220920-MAXADO-6286399-federated-signin

windows/deployment/breadcrumb/toc.yml

@@ -0,0 +1,12 @@
+items:
+- name: Learn
+  tocHref: /
+  topicHref: /
+  items:
+  - name: Windows
+    tocHref: /troubleshoot/windows-client/
+    topicHref: /windows/resources/
+    items:
+    - name: Deployment
+      tocHref: /troubleshoot/windows-client/deployment/
+      topicHref: /windows/deployment/

windows/deployment/upgrade/quick-fixes.md

@@ -134,7 +134,7 @@ To check and repair system files:
 
 4. If you are prompted by UAC, click **Yes**.
 
-5. Type **sfc /scannow** and press ENTER. See the following example:
+5. Type **sfc /scannow** and press ENTER. See the following examples:
 
     ```console
     C:\>sfc /scannow
@@ -146,6 +146,20 @@ To check and repair system files:
 
     Windows Resource Protection did not find any integrity violations.
     ```
+
+    ```console
+    C:\>sfc /scannow
+
+    Beginning system scan.  This process will take some time.
+
+    Beginning verification phase of system scan.
+    Verification 100% complete.
+
+    Windows Resource Protection found corrupt files and successfully repaired them.
+    For online repairs, details are included in the CBS log file located at
+    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
+    repairs, details are included in the log file provided by the /OFFLOGFILE flag.
+    ```
 6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example:
 
     ```console

windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md

@@ -15,13 +15,14 @@ appliesto:
 - ✅ <b>Windows 11</b>
 - ✅ <b>Hybrid deployment</b>
 - ✅ <b>Key trust</b>
+- ✅ <b>Cloud Kerberos trust</b>
 ---
 
-# Deploying Certificates to Key Trust Users to Enable RDP
+# Deploy Certificates to Key Trust and Cloud Kerberos Trust Users to Enable RDP
 
 Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time.
 
-This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user.
+This document discusses an approach for key trust and cloud Kerberos trust deployments where authentication certificates can be deployed to an existing WHFB user.
 
 Three approaches are documented here:
 
@@ -77,7 +78,7 @@ Three approaches are documented here:
     1. Tick **Microsoft Software Key Storage Provider**
     1. Set the Request hash to **SHA256**
 
-1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them  .
+1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them.
 
 1. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
 
@@ -87,7 +88,7 @@ Three approaches are documented here:
 
 1. Execute the following command:
 
-    certutil -dstemplate \<TemplateName\> \> \<TemplateName\>.txt
+    `certutil -dstemplate \<TemplateName\> \> \<TemplateName\>.txt`
 
     Replace \<TemplateName\> with the Template name you took note of earlier in step 7.
 

windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md

@@ -69,7 +69,7 @@ If the error occurs again, check the error code against the following table to s
 | 0x801C044D | Authorization token does not contain device ID.                    | Unjoin the device from Azure AD and rejoin. |
 |            | Unable to obtain user token.                                       | Sign out and then sign in again. Check network and credentials. |
 | 0x801C044E | Failed to receive user credentials input.                          | Sign out and then sign in again. |
-| 0xC00000BB | Your PIN or this option is temporarily unavailable.                | The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Another common cause can be the client can not verify the KDC certificate CRL. Use a different login method.|
+| 0xC00000BB | Your PIN or this option is temporarily unavailable.                | The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Another common cause can be the client cannot verify the KDC certificate CRL. Use a different login method.|
 
 ## Errors with unknown mitigation
 
@@ -108,5 +108,5 @@ For errors listed in this table, contact Microsoft Support for assistance.
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
-- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
+- [Event ID 300 - Windows Hello successfully created](/troubleshoot/windows-client/user-profiles-and-logon/event-id-300-windows-hello-successfully-created-in-windows-10)
 - [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)

windows/security/identity-protection/hello-for-business/hello-event-300.md

@@ -41,5 +41,5 @@ This is a normal condition. No further action is required.
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
-- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
+- [Windows Hello errors during PIN creation](/troubleshoot/windows-client/user-profiles-and-logon/windows-hello-errors-during-pin-creation-in-windows-10)
 - [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)

windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md

@@ -8,8 +8,8 @@ author: vinaypamnani-msft
 manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 02/14/2022
-ms.reviewer: 
+ms.date: 10/19/2022
+ms.reviewer: jmunck
 ms.technology: windows-sec
 ---
 
@@ -55,7 +55,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
 | Name | Build | Baseline Release Date | Security Tools |
 | ---- | ----- | --------------------- | -------------- |
 | Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br>|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows 10 | [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| December 2021<br>May 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022<br>December 2021<br>May 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) |
 
 <br />

windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md

@@ -28,6 +28,7 @@ The Security Compliance Toolkit consists of:
     -   Windows 11, version 22H2
     -   Windows 11, version 21H2
 -   Windows 10 security baselines
+    -   Windows 10, version 22H2
     -   Windows 10, version 21H2
     -   Windows 10, version 21H1
     -   Windows 10, version 20H2