From 7e436a1ff90580df24237eb0ba0b7eac11716785 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 15:31:50 +0530 Subject: [PATCH] resolved warnings --- .../active-directory-accounts.md | 30 +++++++++---------- .../enterprise-certificate-pinning.md | 2 +- .../hello-cert-trust-validate-deploy-mfa.md | 2 +- .../hello-key-trust-validate-deploy-mfa.md | 2 +- ...man-protocol-over-ikev2-vpn-connections.md | 4 +-- .../bitlocker/troubleshoot-bitlocker.md | 6 ++-- .../ts-bitlocker-cannot-encrypt-issues.md | 2 +- .../ts-bitlocker-cannot-encrypt-tpm-issues.md | 2 +- .../bitlocker/ts-bitlocker-config-issues.md | 2 +- .../ts-bitlocker-decode-measured-boot-logs.md | 2 +- .../bitlocker/ts-bitlocker-intune-issues.md | 2 +- .../ts-bitlocker-network-unlock-issues.md | 2 +- .../bitlocker/ts-bitlocker-recovery-issues.md | 2 +- .../bitlocker/ts-bitlocker-tpm-issues.md | 2 +- .../kernel-dma-protection-for-thunderbolt.md | 6 ++-- 15 files changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index b876d29dfc..a48fbd757f 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -592,7 +592,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s > **Note**  You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx). - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample1.gif) + ![Active Directory local accounts](images/adlocalaccounts-proc1-sample1.gif) 3. Close Active Directory Users and Computers. @@ -600,13 +600,13 @@ In this procedure, the workstations are dedicated to domain administrators. By s 5. Right-click the new OU, and > **Create a GPO in this domain, and Link it here**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample2.png) + ![Active Directory's local accounts](images/adlocalaccounts-proc1-sample2.png) 6. Name the GPO, and > **OK**. 7. Expand the GPO, right-click the new GPO, and > **Edit**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample3.png) + ![Active Directory (AD) local accounts](images/adlocalaccounts-proc1-sample3.png) 8. Configure which members of accounts can log on locally to these administrative workstations as follows: @@ -625,7 +625,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s 5. Click **Add User or Group**, type **Administrators**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample4.png) + ![AD local accounts](images/adlocalaccounts-proc1-sample4.png) 9. Configure the proxy configuration: @@ -633,7 +633,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s 2. Double-click **Proxy Settings**, select the **Enable proxy settings** check box, type **127.0.0.1** (the network Loopback IP address) as the proxy address, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample5.png) + ![AD's local accounts](images/adlocalaccounts-proc1-sample5.png) 10. Configure the loopback processing mode to enable the user Group Policy proxy setting to apply to all users on the computer as follows: @@ -696,11 +696,11 @@ In this procedure, the workstations are dedicated to domain administrators. By s 1. Right-click **Windows Firewall with Advanced Security LDAP://path**, and > **Properties**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample6.png) + ![Local accounts for an Active Directory](images/adlocalaccounts-proc1-sample6.png) 2. On each profile, ensure that the firewall is enabled and that inbound connections are set to **Block all connections**. - ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample7.png) + ![Local accounts for an AD](images/adlocalaccounts-proc1-sample7.png) 3. Click **OK** to complete the configuration. @@ -738,11 +738,11 @@ For this procedure, do not link accounts to the OU that contain workstations for 3. Right-click **Group Policy Objects**, and > **New**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample1.png) + ![Local account's representation - Active Directory](images/adlocalaccounts-proc2-sample1.png) 4. In the **New GPO** dialog box, name the GPO that restricts administrators from signing in to workstations, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample2.png) + ![Local account's representation - AD](images/adlocalaccounts-proc2-sample2.png) 5. Right-click **New GPO**, and > **Edit**. @@ -756,7 +756,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 3. Click **Add User or Group**, click **Browse**, type **Domain Admins**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample3.png) + ![An Active Directory's local accounts](images/adlocalaccounts-proc2-sample3.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -778,7 +778,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 3. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample4.png) + ![An AD's local accounts](images/adlocalaccounts-proc2-sample4.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -791,7 +791,7 @@ For this procedure, do not link accounts to the OU that contain workstations for 6. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample5.png) + ![Local accounts for an AD](images/adlocalaccounts-proc2-sample5.png) **Note** You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations. @@ -804,11 +804,11 @@ For this procedure, do not link accounts to the OU that contain workstations for 1. Right-click the workstation OU, and then > **Link an Existing GPO**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample6.png) + ![Local accounts for an Active Directory](images/adlocalaccounts-proc2-sample6.png) 2. Select the GPO that you just created, and > **OK**. - ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample7.png) + ![Active Directory's local accounts' presentation](images/adlocalaccounts-proc2-sample7.png) 10. Test the functionality of enterprise applications on workstations in the first OU and resolve any issues caused by the new policy. @@ -831,7 +831,7 @@ It is a best practice to configure the user objects for all sensitive accounts i As with any configuration change, test this enabled setting fully to ensure that it performs correctly before you implement it. -![Active Directory local accounts.](images/adlocalaccounts-proc3-sample1.png) +![An Active Directory local accounts' presentation](images/adlocalaccounts-proc3-sample1.png) ## Secure and manage domain controllers diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index 632eb6cb36..bef5c8651e 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -10,7 +10,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.prod: m365-security -ms.technology: windows +ms.technology: windows-sec ms.pagetype: security ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index d3767350b3..6e41052f09 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multifactor Authentication (MFA) +# Validate and Deploy Multifactor Authentication **Applies to** diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 549c4ffd5d..1099786e5a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multifactor Authentication (MFA) +# Validate and Deploy Multifactor Authentication > [!IMPORTANT] > As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 0226c9ea7c..70c0e42b27 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -23,7 +23,7 @@ To secure the connections, update the configuration of VPN servers and clients b ## VPN server -For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. +For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. ```powershell Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy @@ -38,7 +38,7 @@ Set-VpnServerIPsecConfiguration -CustomPolicy ## VPN client For VPN client, you need to configure each VPN connection. -For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps) and specify the name of the connection: +For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection: ```powershell diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 807b6930ed..351952c249 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -34,7 +34,7 @@ Open Event Viewer and review the following logs under Applications and Services Additionally, review the Windows logs\\System log for events that were produced by the TPM and TPM-WMI event sources. -To filter and display or export logs, you can use the [wevtutil.exe](/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6) cmdlet. +To filter and display or export logs, you can use the [wevtutil.exe](/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6&preserve-view=true) cmdlet. For example, to use wevtutil to export the contents of the operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run the following command: @@ -88,11 +88,11 @@ Open an elevated Windows PowerShell window, and run each of the following comman |Command |Notes | | --- | --- | -|[**get-tpm \> C:\\TPM.txt**](/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps) |Exports information about the local computer's Trusted Platform Module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | +|[**get-tpm \> C:\\TPM.txt**](/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps&preserve-view=true) |Exports information about the local computer's Trusted Platform Module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | |[**manage-bde –status \> C:\\BDEStatus.txt**](/windows-server/administration/windows-commands/manage-bde-status) |Exports information about the general encryption status of all drives on the computer. | |[**manage-bde c:
-protectors -get \> C:\\Protectors**](/windows-server/administration/windows-commands/manage-bde-protectors) |Exports information about the protection methods that are used for the BitLocker encryption key. | |[**reagentc /info \> C:\\reagent.txt**](/windows-hardware/manufacture/desktop/reagentc-command-line-options) |Exports information about an online or offline image about the current status of the Windows Recovery Environment (WindowsRE) and any available recovery image. | -|[**get-BitLockerVolume \| fl**](/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps) |Gets information about volumes that BitLocker Drive Encryption can protect. | +|[**get-BitLockerVolume \| fl**](/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps&preserve-view=true) |Gets information about volumes that BitLocker Drive Encryption can protect. | ## Review the configuration information diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md index 61204f5c9e..f5e25880c6 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md @@ -2,7 +2,7 @@ title: BitLocker cannot encrypt a drive known issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 7ed9457a01..d8bb7f6c91 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -2,7 +2,7 @@ title: BitLocker cannot encrypt a drive known TPM issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive, and that you can attribute to the TPM ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md index e788a71995..57b7fbf0f7 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md @@ -2,7 +2,7 @@ title: BitLocker configuration known issues description: Describes common issues that involve your BitLocker configuration and BitLocker's general functionality, and provides guidance for addressing those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index c092a6fbe5..f066def4da 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -2,7 +2,7 @@ title: Decode Measured Boot logs to track PCR changes description: Provides instructions for installing and using a tool for analyzing log information to identify changes to PCRs ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md index f130448942..a10219b03c 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md @@ -2,7 +2,7 @@ title: Enforcing BitLocker policies by using Intune known issues description: provides assistance for issues that you may see if you use Microsoft Intune policy to manage silent BitLocker encryption on devices. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md index 2dd2a8d321..19bbdce535 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md @@ -2,7 +2,7 @@ title: BitLocker Network Unlock known issues description: Describes several known issues that you may encounter while using Network Unlock, and provided guidance for addressing those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md index ee38a4d96a..11cd49e917 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md @@ -2,7 +2,7 @@ title: BitLocker recovery known issues description: Describes common issues that can occur that prevent BitLocker from behaving as expected when recovering a drive, or may cause BitLocker to start recovery unexpectedly. The article provides guidance for addressing those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md index 4f34d0ccd0..898f3dcfbe 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md @@ -2,7 +2,7 @@ title: BitLocker and TPM other known issues description: Describes common issues that relate directly to the TPM, and provides guidance for resolving those issues. ms.reviewer: kaushika -ms.technology: windows +ms.technology: windows-sec ms.prod: m365-security ms.sitesec: library ms.localizationpriority: medium diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index af041c7955..36e66cf506 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -53,7 +53,7 @@ By default, peripherals with DMA Remapping incompatible drivers will be blocked ## User experience -![Kernel DMA protection user experience.](images/kernel-dma-protection-user-experience.png) +![Kernel DMA protection user experience](images/kernel-dma-protection-user-experience.png) By default, peripherals with DMA remapping compatible device drivers will be automatically enumerated and started. Peripherals with DMA Remapping incompatible drivers will be blocked from starting if the peripheral was plugged in before an authorized user logs in, or while the screen is locked. Once the system is unlocked, the peripheral driver will be started by the OS, and the peripheral will continue to function normally until the system is rebooted, or the peripheral is unplugged. The peripheral will continue to function normally if the user locks the screen or logs out of the system. @@ -113,11 +113,11 @@ No, Kernel DMA Protection only protects against drive-by DMA attacks after the O DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of two means that the device driver supports DMA-remapping. If the property is not available, then the policy is not set by the device driver (that is, the device driver does not support DMA-remapping). Check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external). -![Kernel DMA protection user experience.](images/device_details_tab_1903.png) +![A user's experience about Kernel DMA protection](images/device_details_tab_1903.png) *For Windows 10 versions 1803 and 1809, the property field in Device Manager uses a GUID, as highlighted in the following image. -![Kernel DMA protection user experience.](images/device-details-tab.png) +![Experience of a user about Kernel DMA protection](images/device-details-tab.png) ### When the drivers for PCI or Thunderboltâ„¢ 3 peripherals do not support DMA-remapping?