From 7cc627275eb7ef939abb5f7a37dc94d2a5e978a5 Mon Sep 17 00:00:00 2001 From: Guillaume Bordier Date: Mon, 21 Jun 2021 17:13:49 +0200 Subject: [PATCH 01/24] changed screen capture to remove double quotes --- .../images/pinreset/allowlist.png | Bin 33880 -> 33638 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png b/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png index 097b1e036df4ddd9e2f4dd657f4a9aef2a97dc1c..5b1df9448e00e4ddc1e45396eba1bba735ef6533 100644 GIT binary patch literal 33638 zcma&N2UL?yyDl6XhzO{N3J6$UK|w^N6PgvJBLdPDq=pWmgeIc!DFUz3gb;c!iPS(s zKtw@GLQhBnp%Wk^0Rn{1AHVP0`|Pv#I{!J(S}ay(&CD}%&&)mdbzS%K!ProT?}W$+ z006-E^vT0#0KgFp0C0$QoQqR(BxT#1^Y4)VGoAYYIPT&C=f_c(dj|IafT~2^-B-sr zzj=I~So#A1f6f2-JM`A^*hK)~?atGO_nrsa(Z_hh&d%l@93VQfT-{7m`~3#-#-ZBQ zSJDm-Um61JYinF6&AW2Jq;yvDtrgzODyap zJV}KQ0O&h=3UcVu%)Mq-S2#R>z@@KaVi}D&~@MQ_U@UmLjY~l2lL0?JcgHD6190e z@u&0t%kL>ccAIe#RonhRp_-s|elgY$J0Li~veB0+6U>Wu#Hjq&lF2t?u%*Y8ZEv z^Pa~^r3-WdBKyRN6a05(#1LABdsSEVZ%?90O?^Bq;8V-iPJur4>?3v6gM16i2|RD| zQ+VoiG?!D|roAB#+nfpHwDO@_Zf7@U7bGLc1!J?q6=zaoYv+yXK2QLFi6?H)uuw$P zY8Q$pqqZ8 z{HktYIji<}Lg#f*^V#0RTiE znwzKAdsQ|&^3^0*BH?0w^I~WDEUR7_wK&qBbx36|3>zg7Bw~-k&G%M1A^XX4b!snY z#5-m|*J@j3OODwRhvBQ}*T?_^4J zWZ8>?L-hd)mJ%(wX%>+Dg>Xdw1Vu^Q%RXnAjOlN`RcLJw^X{ngwWw6X9|q)*|ha6#3?&Cs3Pg!nRt9N$UhG7C;%+IwwcIsz^URodR_ z*XTF4@n_9pO?NivDW5;TqF&6%!_0~dEs}9B6n6r<1Oh-hT1(8~MfTxV&6mt(1WX~+ z=GSc->_)Hfs^eb2>Z~7C!ojEy4Auu+923c_M{XK`?Y)fK#q z1)7(Ji`M!~#iMQx(i9dm4-p~33;ZeOL1P{vrGfCTa58+c+<%n67_v}pJ?B2HiEe_Y zgy+r+b&rv53@1EJNh|SLxH+cb{&xf;=uL|1la>q>J()nsfQ34LI2Q>VQKwRcYtTPt zN@t-*3x|1(6tU%dP5{8gN;U9eK~qzcZZtw77^~(yhBA-LB^(_wYJN&euGH&(Q2JrF ze!x)Gyw~U-2-^gGdd}tI5i|FR!Zf>QR2)n|Yczbd1)?BgS3a(68b??1-S5@{8+9<} zFM0=Nn#&%HJ#DtX##5;{(kvK;ZPI}47vk$qHiHB80ouUYD}=bFMS_m7lxkwJ?fg4? zZ*yO-EG4dO}S;FVA{zm9y28*C)1ly%%-37TwEf-5I54;!^@eCRx8DMFA&4o zLT=O5jVLnD+ym$H?e|&28sMj*-T~8S!|&|J8neLKSLtFF&Gmc330A-pX`xqz$1pko zK*F<>W8>TWO^^59Q%ns9dG+xg71YZWJPM}dON z{Bh*1A*~^&c>&Mh%GT!eA`)}YRKR2B89Upy>K4HXzcnKvA~yezMcA-2)Xek1AG3Vl zqggZ)l#5H?0bC#x+&aDFzvQ*1ZJ786Ir}@UiA^Ldd}o@9}1jPuv2& zwhzx8=+zy|ooTyY`PDxkjpJwN@)N zCcjgik?&lZ8#VKEh6mfSBhVNb;oR)_ONo9Q?;iQ>UZhXr2a_T#4}N?y(|A&%scOw` ztm!nzcn%+0k(Uo6OgNj1$Nhn1W*L=Daz;A8xW4CGCUF+jJ36?LSh=5z@0V=G8Mh@= zn8R%rV$g$zKrF754-s8C5896$_X8%cA|5G~jVlk5S!pO2?`r;vu*v}T&~q?Pz?ndX z9iq{HmaNsUs&TSMxuYS5y{FOSczD8cn=+!x*(xc); ze2xEOnd!CX9HR~mhPn@BrUiuRc&}Uzb*qTTB6f@2x{zFncJVfLt9kD9Da;BX*K}_o zN=(L1$$)q4J2dZ8=J|E zXib3Oh7A(0$ZD;F6tq|%FFtSDe9YH0UQQQN^NwpL%p44dhoIcPzZM$le7Ha~qV?Yy zOA$e4D+Ws>jQGyOKOnR!Z?dS@v4k;<_wWgq+C9X1+ItxT=DBNKqGSux6YxI4ZuCO@ zA?GcCM)ll1CpGUun_dt@aH$zj!+}(L0f3x4%b?)+nB$oB7lXV2SKTfpc;FF)iTaK- zx%HXH^4qM>h+VB?G)UZfGtbAzq)s)}r^Z87ML`E2bw36+L=jvE%N!;Y6AsJ=)TT1J zal=Je>sq&IE6g%2%PZdh6(b(C()k_S2p4G*=;)N)V~8l1%rgUPLxR>9nDLC8qqD>B z(!7QrC!uzNOd;KYYGlm1=@N>PN2hq^KHCOMEguGm#J@~(ZfPgzYEu@jwWn)8(yvmO?b;&7r@Iwc5r|yMURj4X@9iXw z=}Z_GUJrkr0M{D(1SRtr47!sCYm>_qTC_^@_DJ@fo~aHygQhNAsOL`%m~J2sf}4&> zdc9E7+@~Pp-T-FI6FT}es;-9t#_R;TLPIr}g^LV4;0VAcK<{KzbIkGPca#Tz2ajb6 z_pJNvFJqO*=V^!*yoG(ZQ}!XiqFMMMV7b1D*tox*Hi_}!0 zF4GBm$=g1s=`Xf|v|TzC50P}IOnQV0ymaf=^Da@j<0?LqqbxnTvvIqyfEHuz(P71% zN@Ec1jBtjdgmev$l5q{4-b(#vykRe4oFl!rFk&het-Ps$L069gtSfe95pL7ZT*^JS z=RK5P0&#w+(2lo!UH0f!G-X5~T(bvH1^|YTU562f=4iQGB>&ew8mj}Fzo5<8?HIC?nvO z%C|`8j<<+x37SJcp06JTOOwuzW?L_Td)-j`c)e*RQ`GavO?sGy5luh#W!h$4OG0wZ zFc!l=8pqkK!Kw7fh@epG>m287r>d%&!ey5&5r##98v1!Gi&0e1w5mnHT1SN6SN3MTl?K zDEk^g-L>;rzIwNBjpiGVF#AJC*O|%gY04I)t+uuAag8G53rB+tpLuf4f4(NS7`3FS zTQjL#=!Du%47EZSbw5LUhp-k$7t-9r>MP6leBcc0c}0Su>huYh$aAz0zDI^CF$Z>; zLH-bKCugI9-Pt(BD*G@o?;%T#6erM+BwGZOw7>L%{;h^Vl%=Zx03~PH3zhGGJ`l=O zn%gbh^11)Y^hMw~x!|w6 zD--!zUuknaFByX%I1D(OY&r@CMF1(xq9R%Oz^xzbJt{~6W9 z@2hL#F=i^sD|ijj1SP(?g&|Q$?(Iqi&j0pgG}I;O~nCm-86|rZREQ zoh^>N*{-IphblV!{KvcxlNP#k#xXI~AYe`lLp1Cl?*>#mK^4hF+>&fy^@+Ky547~X z4~(`{qVJB9!_-}u#IQNAGw?uinjU@7l(D2Y+_S+LuEqqO;T&e*eQyo-e@s|c2clxu z80D9PGzuO?j^uJe&%@I-SLnNgei}6aP+fWjmx*1`6urC7b+HoVVVDc!xzscIrm;De z0hQPBU;5i@>D@%bC9+lJL4C7B!zfxmB+@^X*jXY=tD_d%*1GuK&JmBvPWZ$i|2AbQ z0BCSx%o`Ht&3o+YVZn{ zx0dxrS?bS5wAZ*NC=qJa629oB;X~y^?XPOOkMF8@zmKUt;L}iFyQQ(K+x&5<`Oxt@ zQnfg{0jsOUHfPV}ZxaL|!Eiw)gP@jZDqvxk?1#;*cg>&&rYy22iAcn1V;8-l}g1*3g`dZv% zZL3`g!-^`QTaoUD6MGBJ*aXlCu~Qy*Jqf-b@HkjJdv$JBN}uTqRo*cur3b$Rwu(%> z^j`_Jw@+PG_ufCAp?d^iT=`fO;@!fCasMa$LFGQHzh`7%=Y<$F80?esS8P6Cb?*D; zSMK`O$jUwyqSIW*a7lgh6U*Yc8@&QSMLeu)mO_VFSp-&XvCetqTtl5;$#nGUWr*^* zTZEwO{LlR&qg~)e-vkD&%8s2uJqC4$=Ad$QY8z`UI~3BCXo#b|$Wh~%K5(}`vDRm?ErrWo zYdHhlgVMPlKD?0%w<~y5PxK*w7H|(MKI@&wrJI@%9~hwMSPm05o?RWdA~ZuOwC7tC zvZYd^;RBwgEHjT(X7`|h^ZuJoX`k$g-`E6r=-|K^;NV?y=W4Uy7K zYUqUv)`B6s_55eueoZ4uI5cGbElvCx1vfI>eJ#=|2aTv9Gl&*#Qq2`VxG)XEt|HP$ z$wxm#jSPLu$S{{`b|X${EUpaxyxyP#CCDhXn58vH;=GD2l$zRuQqA~64Vd9+we<*l z`AWHs!*fqm?-97{*?U~~*D!h;LphBBcWo6`AB%1Q*~V!YyLjZzgZmR5Z}8{2+p#Nl ze%@jMWyb*8gMB54h02?o;(Sra{bcuPQW%hO@4*iE+w^+52lX(Y#O)`_8qGGMTA!|U z3z(}TvpjNt&E&4y-cdCeFZmMzeexlT2FzD;w_hGRQyW)&fFBY;${GPv#k*l z!Z(c3hPi`3S4-RMxI;7pf4Em0%P`f(nu=G4)H=a+MUFDpxVmmw4t#0)tCci89Kn@} zhJlW`$4%GbA4OZqc$;4%EIw9c-WVw$@=*4-h3pUsjdhbzcI5_1b3X}wP&@l)Yy$8I z;FMCl=9)$%0+w>-2 z6J7PtM(OBo0n%C;xNt(_&aaTM!AxqMzUhIr_)v*b;AHG0X*8rr9D^f!EiN1h*xAb; z#^185!u(E9{3M{YYfR0KY~Gpg?(FpCwyy@iY5$8svaklCn_~rSWJ>n}ptSm~XXfu| z?t&RgJNklDb7)<2wIl|nqjt#0s3N-fgJF)i*{^kYQN88xSba%cHEE8>cC2r-(10Dw!4j+uX(kKd>? z*OU$JNElAAZv$O4ocH|fn;^#eOFZjk10O%PfOvpJcX#*LN_F+!AlJcmBL{Gyu{`QE zC>N-y&r&w}cBsm^M-hE~roz7?7DvuofsOW;%yjG3O>NkrLJNhx;a*oIhUjVR=NZ;l zq3;^&2`zACpar!382g*C(RvSFUUF?C)Yw}?{X5YiZ-T}*=&fvMtSnfKRm2cvZ_5t{ z_QY91Y{Lc_@q=nKi(Y6|y~z3$4b_YRl1=Lk1r9ta&ZV!EXXA^kQRo`cw>;GZyU@z4 z@C{2?1j=G|iQDer4pB|pN#9a%#%O2uvzCHQ<2wj4D4hW-Jb`?F7yuaNePrPM?P-nu zG-&Re^5-3rX{S_kc1SpF6D*Kk?0qiKq!&)cjQ&34S2Ayx#k^)(?`jG0j- z{1w$$3i)|_HaYOT6vmD)B*|ohzCppp=u}P^knz#{{6h0f9Xs%dyaGo+Fv#b_q#U!e zFNtPaTFlSw*VnVZs~HH(t1|X$eRYGb%PDJ-GLa$W_5IGxkt3+K1WOLt1~K{3q+5`Q zx6Nm?$dmN^{v$FyxG&b*we^Izg40W7#U6w7KQZPz6V96idZE^C z6YE>8gbLAH*p!goi+u5v7%3xD4pqtvN9)PkS;FHZNjdQ{cKA;ph^Uv}%`#TKE}cR$ ziz=Kct}9FEwdIdjQo_v31`>Jemf`m9jPboE7hk8!8n?z?lV(Bhq@}o0NnxHfNqfB? z@#DJKj1Ks)?N*F=vUNdmM0%yL9|3MQSS0LIphq}&X#b3dMpJc0(J$eowYi>~MD$GAe2S>z z>qV{<;zG$_tlN~_M+GM<2PU>vJYPn4LGfuzc4}dLKUpfpecd)3O#ZlO@%y)Bp%fP+ z)a2Q1TSpEihD8*cf5<2V4Ke5Dx98Wp6SO(4J-1FsFe@e-ohynZZ)KNOG&uK1vH$i_ zf79Nctaxv~)?R$;2u7KsbiFHJ&qD+b&Okg zwwX}WH(1kS>;;*6R{H672Y@&2ZhkLv*6-s*%(*)R`m~rPlbX@niBJyH*c&g<^v7C0 z$4eFr`byj(hZLR`Rq(79@2&opxSsaMj(;!-XS5go=w|@HDJu@;!FjY@Pec9*dvYKB z5#=})&i(faVqo@y2I((x@ko+77dIo8Cnxu7wdC*Yjqa%r^8f__@PWye+3ua)D897V_W$NTc2M|-8~)8ne3Z3U*S1dbfQmD3q(W@I2z{jrC$DS=$p$;4Mq4U$>A7lJ<)L6gT^|yyBHk_x@RT6a;YF6OvbM$l2St| z=bNRL+As+3Kxibod&=E0ddI9yWM<;d>Uf-WH?&wIlr`#jR$XZyRW;X78Go6MZef!+ zIurn~D42`v_kBB28d|$=D_EceOq9F;VQJp2(f4E5%*JRUQt?Nb8VF$2 z@|T?@f9Bw$r)=7CZS%8DNPVw1e@Yb=Kzl=oan84K4WEZwK@h35AZ!tG9^=Fo8 zDXzY>PWW-1IpvI$G!pfMZP4kr&t-|~P1mZfIUh_2Lef+bWJio(K>n-o-SD13M$O=V z%;)r7gS4@4jX_3BB-;Zkdw&gPsp0VrbA!G|SG{Yo?}5NxGOYsC4x`S0`CO$?_7u3Mj8CMa#YVKwd)>!aa)`!Bq1ZE2n0q9J&rlZe1e9`&|FXlS5< zTgmu@jgg6C-!qiGy(*bVzr(LzhSy|EKJ1W>QZ^cAgYtBSCooV6-X<h=x_9!tdsU z(y=-{X?L-5MPzj8p+AWPeaoD~@#Xw+0x%ufVdS}1eJCJ&0z%2~19_y)sIK&rzMKb9 zmfpF^e(=tMB7a8Onubb;*Zw4)R(1vM_$)%Oc1=?C_NnB!+RDptVQ;dRpo1gx?ktAp zp>;{S~b2b-gvU)gI zQ1%Fc0eK}8VaHd8dU92cC`cP|YhycNp;*Q8xoxu+OXfd_10^GMjgq&SAq1XQrB8ti z6g4l2w=n%NbhA#*Q{Qz?1pmx3vIeHpNDxX4Z~z}Bm)Eo~X)^H74?(sHq|w8jkw&!j zJ$I;bC>FIheH*RP_ii-CwdHF0EoI7ivUiY*u6G?rmUelD@Z!^d`>j7Y3#i1| z*;z&~Cu;#%>o(YKD*;&icmwoy*R4f;mAmU2rxC|*{+ZC_$N$|I+6-F9|7@E!f_6-N zuk#0p{BP~RvzVq9clsw!wdIAhKz_hQRjk!Tgxz$nc}Il=N!9G?n)%h0<;}slJ1RbY z|IK?ETR5-VRoM3|R+?))<@7x9o47+ggHeOTKSl_@raq6K<46{Ok}su`*Om{fSbbeB zQIa*{q(X3>H+@&uINlckxF5&KoZvjiW&gz{U8?0&cwo1SKwf}*=TVAspn8!tgi2J6 zP2kLsip}iXvNoo1C<;eQ={&FlKB&cmX=@G45C_xQjN0qI z*@9z_b37LA;&0S6;icRB3*Tloo>7blTmHMhs6dOs$2Xr=v@YV$`qX7HQ(rmGOA@W z5KFp7!MrY-g{C{12!6uJ;ZS)OawA~TbTZ?Z2nlGrI7HZD;7V6xzg>{}2mjZK+7Jqx zlzci}W(P7J8U!rQyI0%rq^s{%$a&f1d3wq-=fpCRTioeypt6tbU5cu$iljkBrl~45 z@_y#3EJ>9@;Wyj0;p5hU6?rKBCN9oRZXBd$(6=iu4VqheH|4uu`nn89BMc^l-u0`d ze{e=^H%Mi#3_g-b_f(Ur=v9##B6Ps9dQ1)dV~;2c-p0i9h1*`_dNpb;_mJ<>^}6{! z3XD5PoZdY+I{IpHuv7mllc82=m%Xb~n)9X5zxFoJVtR}!YTB^5h720Su?}y zhbK1HA(z!!-16jYklNcXE#8x6lLa$?QS1nI|4CbB^H}&%<49dRwfqtqvDeylLja!n zS7jLb3tnR7?f{8&ryLA)Y8dxq>fBW>@v<$j=qZJ7a|(N;gLHl>Mhb5D=Ub46>n;q}&WU z%R>rB2Zw@TGj>@oBa=mLTOK=>v~I(vR$JER;MjXhXha)I%1;!{;?=4)NQY@J8JrI> zCBYMUe3k#&)fQMzIxMBqE3 z;!r>5{!#J~0?FoP9kBq5S*068Pd5dQZ^fX~?ruiaI{^!YWl-2_{S|kUS+5X)J?|_mWZHdBXxQSA8{(R8Fv0H27)DW z%b+irQ5hl=zvabVIIRH@_seS=Lf}51IjIcW zhychK1FtE3gvVeI4YI%(84IJ6Ya1h;9}SpT?P&Q{q~;NXul~N&c8CUosRWb5OmH(RuE?pUyB1v+IyHS2T ze`aA_`R}XnRBBSUOLjOuylI038q;|W_hF`?Hi?OAD^xqI7uXQEGQPfDH*NtbpQc}& z==;wFzO;6@M20DJ&Yhm2HUB;8$iME)3`J7}g<9?iLBUKF?|Unr5lGbX6pwyz!SI&B zgqUVnLv>9}{^a@2bWk8rV?S!Yi75jtc8(ZWRq+%Hib>FD#{u}G{_{S+FZTv@7c@7$ z{mUtOxC{&easv`FF`*mt!{c%T^HtMJnPvT-g=~&eNa>q%;~=qMKGsDR2XTrBnzrdp z9P_EYJ!|4=m30c@dm#$>FvJm94odreTd6laRON(X8xi-ZGH~_!Yxj`sFsV-TQV2>D zw(a<6bn+y&u11g}ucCse17cPyo0TGWb7F%sLpO&19Y+!ZS> zU)Ije5(eixpB*B~48`YzTii>6iMAqs-QCjC$UnQwn0XvyU}HP9%nw6yXh`U*6iN4L zNjZ(o5h#2GSKl5~ourd11U$$cK=6}F-?Dn;8m{5uq3wt@bIz#2YT0zc%3DDKlD@ z*SokV#Q&(uT))XA4SS<@Fd^Te<;!*Ok4;(JxU1zvjr}XTbX`qSF6_~cneLyU$@O-J z$9OZQ9&DH!IG651x|7%_ev5+@5$UYh{8>_CujWoqxcWjt(r8E7#fS+-MNGI^K={pq z)SF`EydNLC4mM=iKBrvJSi?)9SO?{0ANl%Ebs&%p~)&m565%5Y$Ee|J0Gqy9~j2MDt|__ z?5j;>YCmq?UM&CJvcHb_9d(5JN?~E)=U%M?_0>+P?1vxY;^^ighD-|PDohRhF>ITI zMGgH})Lvzm&eKxMB-L1l$eFr3uq%Vek{btaS>K3)`&|R-_4oYz90pa9D+hH;rj{-WfWyI$8$12vHUVD9U+J9MZaupYP zU`b_sj-_mM;huOM#89sU@iC_>Xcyx?X?_MtgvnOZvI8e6ge#7)El2yYbC&E8#m^Mn zX76_5hnt&mNNmHjYfMLG%e#ZjYx^d9($%2Oq2F~>C>ZBo-y*$A%6A^!ACs6(+zg0fL6%$o5A>J?y51etz}-MxpFA|qx8uORIp zSxCxO+GDT1vF+dc-b+*Nl+a`2VW){3OR}Hs8<;hw1?)o8tF-2C-5ZF+o^|$c6Rw5{ zL@=IghM}0MTAk|DJxB-Xpn~kUIzs+z8^`#x*6q{Y+akHz2aWVkL-l|XSo?5Bgj^&p zR4XJq*lB=jeYN*d;&{mCd!~ek`^@V%(*Oz)Eg|#wfLs8bSW>c{f;WG9hj^&|qeqX_ z4t81jb3KeiXh|L|zMtqx3A4zV96YMX+bx{0uYZ z$WG9?b#S&xD}G@S0&}3rW)~;`BR9E|9LUYhFf`y0eq2+A-BGnmxquLe3Mfm9On^%cZ0m;QvOacG%iuRyr+7 z`00BX)aE^>@KBiZ?zSpDV6HgvMfv%Nu`yv9oNUj@5`FxbVoyG6;lXL}mxX$N@jD4X!ON)>&$a#b0Qc zMq~ZqnWf0g*?b_%`X8oEYv-up@If96jm0GbEkkS7LkQb!qP!2k4POXyVrrNyES8Gw zZ}NkonML z14W~+M6&278_5`7>dF%`#;=-TxAg&b*r((;=JH^vsT77oDW`CabE4(POBobdRBnm) z#LOKt%jxRONc!_c&93Vsg$_VjAvc01kaWXVDBt|UYL?}MN927E%kG;_TZA31`jkcW z7BA7i&Ebya-sGyIX?4bPEA|WNof7UDFtc=BqzUMn)!x!!A#i5Sjt;-^&fv2YJg7FS zp*XP%uUWh+KzC0tg^M6ev_R!UgWRt3#!@p3N)a2o;*GbFQkKtEdvrre(Sqg7SUhx1 z`bE8s69csN+^V}?w`JEbzGd_lJbphP{2(Vj(EWf1)ohXR3`X!IgWknBt6biXwv|>@ zdW1DnYb9Ro@Rd@T#-{jH>?FUrFS~_RlR7(|%b_d1*q|@s7l`JM{3(6y+S}!87>mh< zInQCwnWO7LKioSd=3FOZ!xe5&PtQDVsuD-^tC`-DropXW|F>zjtXzm|Ugg#CDFE3BuPJya4ZRf5?mc-T?8%zPv#l zEg+Xz>{z(1EH;ZIp|x2xz0U|9%+uN`ryvhXswb=^qLfXx8#t)UcJ}A#?xCS=sn#Qs z9qy%>%iBL!HLWyq%95rXgoIQs%MiuRaPU!4$be4}*)he!;7zIC9y!tin^?X%oW8R+ zof(-pxL(gqHIiBQ-K9?O$d}A0t_SbSK6|>V7cKUSv<_$W&FZHshGVVMK}ta-D$CH0 z1zAVJDT#y1E>MDu?uLkAN%^S+(05{NL-!Z9XJ4LM(1OJS#DG(JxZ*YQcuUL|2fE57 zFm3sP+(m0Cq=M(6kL#Vqlv)!`=9xO{++N`8j8!SS3V#TD*r4&fmjLmXgvzAV7792R zk&0d$@RZ54oULo|G&|-=YES5FA?w60td-rDJwPU!R{UsayeqY9ezo^EK_e|I{}ZqG z0E;QnX;&HQKD9a`@Di#-)h!Y_u2`Zi=pRG6Zc!uRNS_fPe}vvWH2H9zuk`1{&gOI? zA#?&vC(k}q=srquAw7a#f);fO2Y&88I{v-W_tym3+)bGFytczo@@^|(49?TbcRnmp zdFKZp zw!)jfNSt(+HS>&EQvWLQ!aFAaIXYUaHM09?gxf)s+^EiUw|AMFt9AW7frF{XvNwT7 zNTVItT+2R6vOQe8>@&$+EOP?m+hISQvBnsuh8>0$mfAXDKa~4)_gsP)Spe`68U=Qt`aC zj0*POiHCR$nL^klZsQ*A_SnRi{)fj65W>~$wtKrl_<*8wdr>zpBu8syrjy-NYevBm zy)|{+&RIlwiw3Y+(MWl#H;$r<7ZZPRJ`5h$ZZFW4$ zwDP=W;Q__l<*%B^6o!()2l@ozFjQo6GO^;zeg^GUBQ*zE|uH;eZE2R*kudo zQkWY$t0$}CVBdcNyf@cfk`3Y@8t~4?*-Z;RjV7t z&0K2ZV%~mP->S;6qdrtR=V#DRm+$)wY}b;7>vWqa@Xz+oqp2faFRYF5_;&|Vz|DNF zUB|`;jjSN|5K2A%J^rAZg=nv@UkYpA#wvUpkB4lg%#t>X`J`W{=>-`n5|)ajr}GZ! zhIpeG=@=WJ)-99%?72n84l89qOD}w}Kx(dj5l`5PJEuQ96JmILr{Rex)d2sX)rvTz z02_NuYMfV{^^`MN!8byJx4F>Y&J^Mx42@r=$$mEJ8wlH+_pP343G#KF5+25rvAE?Z zWjRUPaJZf+QBOd%;};PT{)^POc6m$#{lbl4Te8-bA!w2N`j?IDs8z+lvjwy)xeFm- zxVP}W%eCIdKaw5uakOhl?s;usLTaQd=#}UE!Ll4K!Xs#7c&7L@%YAw&OJuY{pO+c> zTeawyG$pGzwz$V+>1@SAnYo+BlO2W9X8y3zRpVz7;r{!NiL_b>CWKXF>03Wz&p)~U z!l{L97~<2~HL`xtU(_zS%*iZ^l$Y|MM|d>{B&JI=>|S<<6{%k}sP2VEw!gNWh%puX zY0;i*g~$SM0~B}&UA8&aL7LM^6ktR^L0Zvmer9d2tAlN zfb{w!L!oQ0ZR8gOYJ;m3NVXBhD0tT5`{C@@p#55py3!>@*eTI4Oh4pN9M=#Z?gf~$}?_UfMGzKhrF}Pg^A4h z`oOu!ah|Mtx7r15J(kFZIk2c`V@t+p*iDLylyBZv0m?ERw6e2b+`{pEj}vfrr5e?S zE!u7mmxzLCOJHgL`{^HSusa$hglv)ABn!jgzxB2ktI?D`UrtK)`i<}@=oyKa`sgAW z@+unC(Ig7C3`{W3R<{!P3W7klT3e!H_MG3|-CvI>I*BoEJFiF(x@tgo6?(Sgy4H}j z?MJK>30@J(uqK&W`f5cK(7rsibZ>D=jS;};i5@t)aM$+YhIv)T>Ohniwn`HYw!ocm zaCe9as|Glt=q@!|fJly{UfNTyNxQX!-Rb%r@^m_K?&56fk+u1nq#=5~Dr)769d5Ne zU|fXSu-U?iunW=6!Lzq)l_ZTAi5ndB^H?`1KFH4B$KPL{+ijD%A;W?L$8c3MT-#?0 zBT^9Lm^E|f@$R+0gS8j_kG0D(*QMYTIHe{?nex zykR34X%M;iz2e1pthmXqpypypiXd<8f`#F;$II1mxzNc%^(ARBE3$ZIF~oyBUrT*GQ)swWl=Ki`_BxPG&KbotDdyMf`)QPM)Er;c^w zYcIufk?6bGjRr}f=+YC&z}1*}dS_mDG*V8l*?=ARVh(R*(n>BgYXWB|BUZ_I>EUZ$ z(Ly$IlH1~6JjhFW%jUM)FNT-!mm(8y!ZHOdw?Du>?Owaf67fcDVl#i+dZXBDaiWRa zubpP#oibOwc-AR3pFw*oCwi2!>CE)1k><^*jjNm6{48~E%c;=2 zQ`BE}ZFhGLmh4AOSR(rk-8a$BuJ2pbwTQk?Ar*jz2B*_~+J@er^9VJO6Z{WwnkL1t zv*lZg)6Q8fqZMRV3{u=D$Vc(nff!z6Kbu3n_NHc;CZ_L7aD|y7a@(LV?>^02&G_x7B7cD|W zeF}_97%4k5Z$>f8vy~VcUSH8R6$H&?Zkkarz}y(HcU9m)jzL9gy{;YB_0b2GRzKrF zMpOn(`4VfOb69O#4%q~r$m1UeLvKX} z>_jd?xg(eUXc6+=BABEMTHG&H)W#P()XTmX*fFAEeiq~b(nVqFQsj`H$zqkLV$hFE zwtt6I#q3Jjci1XCl~WISKfpf;ndPD$r9ip#%`?W;8%@VEY!5^{7j0HD_P-Q{D7xl( zR17Ak<@G+J>?IXOP=_bDMVKNpH`v_pNifuj-5n_>vX*Uv6zUTh50}BC!i;?bbHlYp?H3yVLB*8aElMgXE-*=QAQYnXy?>e3 zxy%P>^z{awc7@zf(vS=_U4&SFJ9482#^dE;vchs46;ImJc6B$TYk;Tcpb4dnb;K{l zo#l@aw`J?Si>AvhMP}(qLffV_3Qq;Sgpo?~icB_JEwa zQYhNUtJoSXm)Jt}{t=o;HX3BrNMvx>6Wk4-x9Bk)fUmpxt&jv?!+#vdB>Y!e@uJbc zS#Hk0bG`nbIT#tvjnD6VJ**N|r`mW@OVCew@gh>$8K9%<*>x>L*}BpSiH|zM*fZr& zes2ntW(|jndc2O><($6!Pl+$(wn1{Ni$EMd1M?;tn{w#l`X4I))KkJHR>70YIEb_c zJv&bJTT^=lh(Gqf5Nl1R@K)w;0m$_2C(_3J3*tnP?b90EK7@0F@1kick<)v&beBT?8dtUM0{IAb{ zgfT$LjeizsJHGti8Dh}?Nk;u&2_pa0S^v*DC;!)^l+%z(j@3&nYn(ZZ9p^d4)v-I5 z%Y8Ml>8X4a(t^nvzN0aQTX}e8oM??^IEI8Y0`1Jr=lDHIwY~)IHz(!waxy6htIV6uM5mcvKdOT#GI#{ zuYr^g8$F|61gQ9J>^D9{B-rKmgSd#QX8Hfr3(8)*2lF%m63!K=ml<>m{ujyi&)Wad zbf2Epq*&TY$km$anBTh>C25qk#E%@0K<_lT4@--w_>T0Liqnj2HwTK%YA`usZy-wAdF&?v{M9oNn}mFSW;ULWQ7r#3P1sp< z5Edy@1%{0JgKF&=p>g9yJdLf?qC|3@!Sqz)jk#;W(dFQi{mxn!T-4V$PZ@^|mJuD|(tifk$@(NlUs_n+V)N=!i7 zQcdR(v8^D*oBQp;F-q6vZZ1MR}j9_#Hg z=6x4cKcrk=&u5IY`-gtqNsmkockbX9%T*4@l=}gGWcZKF(u&l;)c(7AMm?fM?|YB( z)+;z|B$*?OHvJeJX;VPb&7mHaAl*-vDeRG{f%&8(kV)@mQGZiHzn=K$e!;G0N7`Hh zT2>JiMY6QErVk$`AMB1w9M#XU&zZ#SLQ^9q@CpLGDJT549}~)#CEl8zYB=^5UHOhg zo1m#2_?}gxb)0B=F=d*O58ccF4CaO}@jnQUtNdUHaQ;;I>!9pO@x-zUdxc> zj&7Uwwz!$JWV{l*wUb3tm-?&y{=fFlGpwntYu8xWii(QBmTCp*Dxp_F zM5Rjah)9jpP(z7|fPlbOngl`-2%Si;0W5&D&v(T;k-EaBM`L6Th z{5W6!u`aHaxmM;{bB;0Y=NV)E%eBwtc%;>@4d@)xlos@$o)K;{a{A1efMAh$JQZB~ zM9FV==2$0QpebfUuFx zVO%Z=gfk=G`iI&muX>`{ZiaUBa3eWSGnt0-hIPLhR$c7oH&fKse5d z>DJ7#-U$xe+&^=5y_DY8YG!zOI7W7k&HTU|$B|0-yE(&Qvyaw1fhAbDP|q;@FnGHw z_N#WSkKI)6*We%!$Zy#;nVeO@#bR`zz&XO_)2k)@crpi;v7@wxTz1!aggY2q^?J)z z!WP_OcEb&yz%4|lhdhJG%+W)>^+7s2=sbNcjLsdjASu`k016y3BaHT_O_9&gWv+Iz zfZgJ_R5_mljtb1e7A#FwqgG=9QqN-xPEIyc{=32a0f@*IIoJB##!G>R8#Z4CHleYx=#VLo7j&x;Y{}<(6XSm(M2=@M z`y6WYyU`*jcw4{z8Lo9rh+hq?JI0Zax}u<*R8$L(*btI9-4+{Lfr_DEOo2^0l^o)beFtDws&kT>gm?YT2OXj*N|O#M=2Z|^TQkTgM^CUpq zoI>2{qQ>A$$gmta7_CG(N}a#g+TlI8yGm*&!FPW%$1EpOR zw~!}}L(k=+*tt7|L zZn6b;?VZnt+y|0@X3#;akX}yNg}PSCTkW%dxbL60vi`i&#fNbKkO~ffBxww ze=M`5`N(UN;Ib)T?{07Ojr{!l<&zJGWj4nkq%-aZC0?@e3Gjn__pi{Fv(5q}SUvT( za}f_E;`ly(+UZ?>Q4jFfa7XDVy2rRnhgrKFqszdKM#PIqJI&OOC+*E18Tz-!ZK|eD zev#F-kTFoRdqR#(sJf|9gRFk(gL8S&kv>fpS%Ne1tK2{-8R|^XnJnwUFNva;&l>oV@ksTUSVLG^?CQr7x`Q` z_@Ex+hT*-?O~;h_*KyMyZKvFNcEe}aCze{kK^IkF7c2aVR7QYxqa$4<6La^X9xx}8hx9rH-U^scCyI&U002U z#%t9CI!%f?Xe&Q>d$ltzK|`^+RowLQg|7%h}kgFa2#&dBXI!?(+RVVsmp^!EAS8gyuHE*c?| zK2IeTysutaQm2(cJivu_+Qo>?T*I)TH0A zH+9D!AztPQX%60|o*8G~RA{ZTNu+j;@t*oTVf$Y3kae3tgF%J1)1*{S<;n+Zqbz!j zZAtyI?51LaMv`bWc=1tdw|se5kt*4q%U>%u^vGkuB_t)An~Ehrg? zIpXu&uH<-(k#sWoNe%I-t>#zSji~Z*vxy(jT%HCd3F>F3^~SkUZ`%OxhSlD zx>z?8BM0(deb^0`=yV~-JN0MRP`CE0>*+fIvnTA;u%_9DZ1>Y=EKUQItXh(G#j*V9 z%I%1r&K2&Wq3cQpbAsJ2-LoR;DOClliN@{lhsO7v6~iy1*+%lpF5@!u`VfflT?LWPxgV9YddEPIXra>I&3xb`uT^LixGcPQtn@;Zfuq| zG>mbJ2?;^MC0%ee#EaQoC>&DY1!4_eGPr?L$?*A=b zQH+<)43*wHXpl@@HRe3Y+1pp96G8O=@f1oExVn$v<5HWA0xMR8PTT>q3C_?bA5OWj zk(dtxKqZSY9^RgHiWAVIJ;?G8c}rtvo4HS0b0lX^XI69kOen-@FdT3B zrI49D{kTqL9-yf*f3R{4C%(tK1%pK`-*D8q#qHcfkHc&_F6xU8o$3CI({sG_+uubd zy2cZo)WTuR2=YLBu+to%sJGqkhWh4EXgkbIN-a3`*YKrl5B`1l04CpX7Kl_CPX2>F z<^MkY@Z${Ln(h453qD*ibZJU}PZ!I7%&q-f+?;<+mjC9n3BjM*8g0>ipfkU?r0<9x z$ZZew2V^@E=%Js9hrv9Cf5TH|B@ViE-QXn;m5nRAy1I|2}S z?_czK`{l=Bf6sa(4+WG4Un{IOqg@)>BOo1C(lyo==OsAM_J05*9(+&alyMgsmekBN z#@eal86|(R=6s@)Z?sZq=Z)(`-QRPbUK#Uj!rR64^R*u4Kp3Y|iY0cnal*S$>t#HRUeaYJl zJ&`(XOO#4z4A05Y2khlg4}g?45FzX;rcOVboxf8C+0R{+3FkkK${zLl zmssPmSz4~NW~?Talw6A-i(3 z!E`yN;Hi#8&19QKR0>saa);sYRNfGP-~gfw!?WKnPMnCntRkjj^X1b^=yWLi(wWDA zn6V@5 z@DY8Sb;F}iHYaGZRdZmc*Dc1xrC9Ur!h;iK6-9U^alE=dmf=Bvo4>?c*RA5h7{ci$6i|fUeS9e6 z+t-klN~~4k9)pW8p4{6VzPTs<1X}|jiV^`EkDiLTgGQ5bYimCYw(ZdE_OFPO-gKvo z+qWlNf8ra{{{}JrWw-{3Eq1C?>~_&3NxCfiTFvseQhoBTWFc_4_7|y!8|ynZ_C*AC z<>H)J^PGs?SY2-s+?x;jtM^`VA8@Y_f45OwJ<$)C5f!z^@dKpD-rcC!X$HS9@%S9U zU#FECcgR|wWv5q_c~pR59piOW;(l2_LCYPL>#cM9fP{D`xFByq!p6YKd5#fNT z%zVV!c`)l@ZK}5qm$K~?<0OSV_j5oPxs?XTsrBTk6lvx>DLXYYM7{E%dXkq5_cA$F zP&j>?a;v3>a+X0DlZ;S@wMuRi3e@=lPOzRiNMiQIn8}kOq4gHN&TI*e)ys^yb<1|BbQdZ{*@a1Jg) zSf<}4BmMxHLfw=3HVSs@FrQg{7t$){7Wx<&{Up*V0~>pOuI#Ea0!fQ$wcQa5>qE@r zrF;V*)59lPE-r}8SG_;)vp8>yvEdWq_ZRDBP{{{22oh*5qfDN(wX(<#(xqM#OBsE) zVynU&CI@E~`Wcr7x}c@IMp`82=koD}SiTZ-^OWPZcT;D9fw3=}Wl34oj5JKC5xs?bEc-0LFN^|LZ=5F{J9;vEK_r@tqB7 z1TzJPi5D#tsC0c&c|%fIkAT5~E37U&Y%HCZiF-Cj5HS5?f&#udX+hotsmBG+KgufM z@_h8w+{CsMHhp1nYV+6$ed-FA+(7nq zckl%U8uWYI5EDa=hvcLV5)CCla}ry>ilf_)G!*)v-3-0{Af~^=<+0D1BFaq~tlBEY-sp5eRoA_V zCqf|dx*>EriT}#VMt#M+tw7L6GX;;FazNV!wOKb)=vA5?ot0bD^r^Csx5~>+3P9m) zvRKj(_cFAG!`UpRa-aS&`0utkHQOF+1CM{@=Oj$Lq9!OA!pqBO7B(u5LBZI$sAb_G^yC3 zn_Oopp>j4?!WeIrEIXMjx?687m#BogeHJU*iIc`VkE$QomVq!GopF`Wwbo?rNr&y$ zB357fhlYCTvRLt7$q6+e*uN80gw0yZrt9Ue4T!DHR_n#%77ia@p4Vh=$PVST2c9xF z-8!2p1dT&R0 z=M*%h;*8yk6y!T|FD;olAYabES!J8V<;scNyKU!Ljn z|87K~Xe^X`Yf8zGgw?1WfDLPW$c1W!Mk#(uszVeHr1+a_czKqyESX$Ry~;^De6WdW z=!yW&CRkPv=j0QXMG@eaqbDvhHAR%a{EEhJd8qCL9?ZxG|Iqo&9)Fw_A`q)tYoHIf z1pJg}_Rd4y6fXiU8U8__Bv$$CiE4K6$ZWrOE%2V@-u=?WX;{?91o3J=n=fd7YJPOo z!hGIJ$u@=MvUWWd_ptDa15ltgS&CT+b}!~xfIXBYUh7U3tDC>T4e7d8_w_wfZO%PM zgB@YcPCK93v(N=e zB@G%%O|*k<){4=^0pw96m*++xCb_w5NkzoMIv-k!4 z3IIOHoL6B@WofB-C*$uG?$$`*TV2OmtEaMj`ULm~vQn^3yR0(qQ_9&D6`)nhT)Mg< zCOF)CD5X63;^aX!4}L*+=0~`u6V*ftp`t>68nrEfbp; z#bU)f(RMGjCipVw%K`m1v8H5nV4LXH4NO{Xgrl% zKTrDcbWy{kV7cH+ZzxV=M6q)??qFn5({zVGLr)j%2`BdPp)QUR63Ma5y z?jcr-qPD2Jsq=UuVc!NN=PW;>hzaWE7Y9-oM8&JZz8fIqDS_O=E~=fq$ZJ4XhF}KC z>fk`sri87#7!CU+S~k<%w?4Z{FJ6)0q|obzMZtzu=PV?&tnGRRNk~ZkpS)MG zV_n#>`J5>A#>{@U2=*zX^D}ytlm1D&LgWYI+u>Cl^m;D4v@asgldy_yDVSEZ3?A*R zrXv2%R&IV#Exs}}dsoA?Nu9DGS*c(`z z_Dja~!~Ef*(BA7r`T5V1y?0mrN}~pu@VLaX9+3Yyar_QA$8Q)Rn1n#agDcZSwZ z1J3Y3=<4L;*`0EvaqoDq7buy!#uqj|HfABmhAN%R-K1~O$7A;WCiFAxK5j2tYO!r* z4YNd+2ftb_0qpvE&w$!{%}u8yI0EJmoeciPbbR;KfZrz*3if|D?K@`yH<$-x+Q1hn z5A;7&5qt987XzNghy9U(==A~&@b|{?ui!)5%`Ppjd-*>#=CrFsvrK!h_C$h9-tl20lsu_dRL`d!v&TSVqWK#1+b3*V@30kM;J^72hf>$+AqzVG9a zmVY+Em;YUt%_%swH^SyqD)TOHuCKHknrX+ZZj7F7uc<^KhK5cU4((4ddjLb1#I`Mh zY%Zv$ONSJE*$Ku@COWI%g-7KK)Kp}@JBuc*J%48?!dDI z4ozHG3Hl-gsU5HGW=Zuu0gNCc|J<6S9fHqs_iTHLOp-7nD|EE>3D{Xb!J7tX#N)El zDgc@AnI*ka#9I87mE=Pl(4a)JrVez)M(|3cb)n>SPtW+FeoiTTKVyBWasHNU{s9Q+ z+6V2t;{NNy`Hr!OJ+pz{?32)xnl+CEDG25^7~Cez;yRv@oMD%k_L{%i$@2kuIuuLk zjzqizIcaa~sM>6_#K6Jv17`TXqp5Ed#f{6TFDsB7z=@O{Jv!ew|MV#hU+0U0QLb z1a|zyNDk+l?pVMJ3KCy67SLFW^mWA*m<%|S@6!4&ZF+AP%x~Y<>G{?Zo&QL&x8~P_ zJ(Z}&u-Fmc4;#Xr#d}Q+h<%4y;FZ!==+^Y&7*nMRNWrc7;-BvZ$H7djjmqp-i-Bh& zhc%?0L9uI4n|^t*YZiQ`enYuvxl3Yk+wUavFe+||@n2^#7zFJ;CztCCykK(yI zNu81l!f*znl#P#E^y<^Xg|{6R;*X$?8%gRZ?7l#JHad~gEkC#JdKIBBGf;^(cK=M& z9Dd#`f##E^q9%?D4Se*e`(Q9-%L-f=BJm>-=6 z{1^iSk<#;~ZKit%;g^8S=+vjH=(qf1`1+D1vxbk{3?Q!R*`bk!4^6yH=8}7ek6d)G zhmue%R(&D%>bAqEgU`};%Z2ckF+E`?6cOpLStq@(B=m1dw8z`CRSgAE!vOYlIwdwH zVA0sDG4l;{=REl>S1~n|!<3A5kZ{pTM9BWIfw;3L{}-ApIqAxT74GdNa&CBr{0lO{ zzz`kvcXWZB!QD@GeW>?oAe#G8WQ~{(1QMRFllu`v5TsU)k2wnmC+FKlOyKc0NE*q& zi0nE2YO)Yp)VAL9d3^akP#t0L7FrH)Ny#^IEL$9YJL=s^$nP~>hWXOGZ6}G!5JC-H zMqg68v+8h_p;P$?@b+7;W*6pvy1As|*GM-*+T9%^H@F=Cj@`(TZD;iZli4PZ$&Gqk zD}ZV@sKS{2`><6YB~iGfsy$=}pZ(PwBjphk~cj z)syDi+8uX%mTjJA+y(64UT}5*_HWZbx0HxL+B)`SSy|ctZp(F)VGxm3YJuA@$^A5P znMyLaR0eB*eLJbGD!KF%I2KLVAzmZ;leq(|qh65YMLuh}L}>y)YggSswckuBsaF3b zw)JD;Whi96@@4g{nCON8y6VdW)o{Rf;zXO9tfE^RmpM|c?nOipD(Ks!J{iHo;_re& zcr~q*dcL>BCdW`?sQ4mXN$J^JYwHaQk&`f##q$JJ`~_6)OavKSc3IYCQ>f7*lH~hf zl+d_&-;{L>dpAZSp(g_3xAHE1Bi3cCqRIMQkY?b@5fsa&{KaM3Xp_cTZOqY?PSe~1 z7shm=hO`kiseuq}?0>9~^5PO6HRW0FHsR$ip9gQc(L3G1NPk^Jg^U(o{1A$@ znIB2IZe@IovcVnVGpqzT4J$Yo)uzN~DK-Fm$k}6jbJiQj&JT<}KwGsb{3a7f>MK;d z#QeUP*0tGXS*=>7uOVUhkJYi5!s+5{&5Wp_JZKX7l3g&DH|$)VU(ww}g3L^%^s>ZM zkYxD*Zq-p_+cNdUQIK~D!R@~6(yDVPCqdy^#F0iNM~^D=&L7aieul*`G+W6zcfEMo ztLiLDpJF84I*sil&>QdqV#9h}$wDDz)aT^~kQ9?EeN%*A4jh5v)GC5zdVA zbz!dFPjVf3Gzq)hmeVo!F+Y9tWZRPM81wTF@%gDE#Mz=qDt#+d z@aDA-h%T7a@Z7GMQk=`1f3Zm4jc8kZnn2+1!*PAMbb6zc_DD26`vRSwA_~|S(AcPr zXx{S;z$h$gH>9yUZn|PC=f7xvE$(RsbJ;@6%Vut0_|pK2OWvHX?YojiBOHXWd_5WvzXVk-1j(f6z>uyM$U^(i;TEmKWX;ggW zz6^V3%K_r>1#P1z2rsv`vOxPKwp-GxzDsK~oz!?Mt z8Fil{g~n!qJEXPmFEA&wtQU{e;`9w-$P@a*3hQPVM zTor+h-hbp~elAG=kjr$;vw!wC_o+qIa{KPV!cEHJ>onK7!LA)&r6DakT8Dl`s2ZZn zGN~nFq_bnJah&eNB*$p@mwy=99=ORWZk0css#Fmc7&xUS*kkm5rSmurb0cV^-XYeC zM!OKrBZtA{Cllg)PWmywJkppGCpRKs@E0ewH%cJI86C6d^Ej*odBL0`iD(X(m-Yd^ zA&>dL&`llBExKI@Vb8l?jo2fF9z$=fy}X??*my!tqBvMER9d9|(t@%7<7 zznCw-RpO;hRhN5=5v>D+Adttnnby+K7^Znzqc4LltHqAXuY0w@JK2AS?#jP6lv^)) zqh8Nw>yqQ(do8=X$e;EJn!iLvYcGnJ${JbL%V#^JHQiHM={FUxk|ic46^8p9di@SAfg% zS$)FVmGpKQ9L9Mo`!)nHYsI;O14Z#TvlQN~(p_(TA+-E-Tixy%hly{KeOVZYBKJ$@ zVc^mjH~>!Nm2AoA5udJ2cvTS93SH?R)$04ohhPuhdQ}Cla70h|uWMIYdSY}6|X*3hN z4bR~r*YWK}NSB^YFHL(9ZPy#IScF>JSw%w~DU%g7AN`k;7(p(5lU_lJ-F-khy4UX% z^j@EXT*Z7&5+GL1HwWcg6$pvCg4>u9zLz*-bZ@1c$*EY%+DA*RJrpYF6r3j7U}5%c zSu*)|vnqeYD$pIS%T-`PKdZr|f>-=TNY7nEavV<3_KV}X(pw8k@coj(BthzX|0^^V z`W1*3{lz{GXz)OBbZXTWeGMZez~R}K&kC1`RixsbXP=E4vy=M7>lLxZ_{KqpyZ7c| z`Z>jxu$(z<^Qp^9{qqB{hJDr>i(&MaRSoo7MFqz+?!GjUbnv$lzU`2`)V9hKVBU>A zLR~EEDg=S)R~5by_dUUlo{`vu5F0IV9?F8B7Kp_w$AH>9W!74To}Fio63R9ncCs~1 zt||`F;&`23&LWN)zg5kP96cLD$en*Um$_y=6k1fpA-{gl4k+HKUJsamn!@hrVCh>o z^g4dW(ikO|A*Qd>o0Zfe1z8U4FU2&qEo_^+kO@(ZS#e$aH&f{OtvfB06vXQ{6>cZy zli7D|?DqznsWPwjg7j&zSc15YiDHSrXFBWD>2v+wUWYhbg}=t5*U6X3@$s(79Airo zE+bWj#KgNHV)M&4rw?KzWkGS0yOp0X?(xBIXc$%ept9;bij<{z@6LV0%7rXE1iOg9 z@*1QwBZ)YRfMPcm!-_JK0mWAs`T7J5EfKNc*HmF4yOm?Fu+7d5aR7|HHtn656eu$@ zsWZFLiW*MHLNOp4#08A=oaS%n=cU}H60t@LM#zxuht)%ilUl|T8>bV3jS4;&GgW+6 zsF%)(yUutQ=I5EX>)!vHX;fiv3=`Ay_9 z{rbrMg4;zm<*ea_hx))lOqK39SytXFkd4t%>*~d_e4zn_s0|__q-~*#%_q?oN3~uo zhsjwPGs_wJ`YPU2#n93cqouX75O(Y*WK7v5>9^c=U}{i%osY-6VsX5(iquxh+!hR5 zJC~NBxm^m}a^;J+=3CC+zPJ54cU`&K61tcav`+47i;T}bDLM2Ex-qrV{a&Tm zlFZ00-5Vb;Ux>EvhUb4*;UW^17#{lpPLn?&R~5IdlTc2c%xe2zK`+Rlb}+F2#Qv4@ z*WXopc{0k)CQFb#XrIg8ISi*^?GRdiy6@6ZtX2}_#i!KrM%Fx(Q7aq zCGtxAr&VaL?(Avq8t$}@C&u1S+Su%s=8W!P1Qo7b9l{iHdTsp1a69a;IJsAsKZ)U& zCi;AQ=4O|XndHrRhndi`Ik;NS7{acoPN9;pw>=1G zr^d3jRUurtKJ0jI5BL1=2B4=iUOHylB_S8zvuXE^ulZV{=U3qCN_N|WqH3%iQI(%d zqCj7Eqwm&!(WY(W=OU)H?YNB#PS*qKXq&y*8gzQn$PBVj9=kytYe}CE6-jsOD(B6M zweG}|4P2V$gsTaI$LQPZ%w8G=pfB(Zj8}jN(HT47yS9izcrR~1De*K0 zDZBz&U9Sw(DrLz?A-7po4%fuZhP(PkYynKs2h=)J;KfW(_}oVS*QCe>N=~SmAH*6l z^Jpb?pY3|rtZ%pxaLpuFx&NGgfD9nA!)+gD~aKf1p8;MCP?yO)CX06ZC=OkX@t`Ovxx2 zZAPT<`WJ?Uus9lj(MXEzof2OvI@;K4>{8MP<_kth=NU zD;jJWYhh5(fM?Ik=t{PyMSzbTpPaeBi{~0usTfOa zaxJ_prQQ1`7G1oLq4$qHCI79@>2)?YN|B^(vtm3goDd_gQD35qJ%nHRi|AQ!x)Wc+2d@ARGE zzls`&-)99`D6uT7>=n+i4FIa&%6lV~Rja@2wQdU=_}r6YG^uni%R4fSH@<*L|HOP> zL#)^GczT@#x^ak;o^v5*z6&EVC}Rkve`o?%iqmO&{Gr@CdgVN{C_Gc8QtEoZivM)4 zk;8_g5V}g)e?xZsW=m9?`;UJwXIePdqFYazK|6S|g#b-vedhP2jzRb7Q zl4FKKRhzPEI@;(IgO&K(4!c_i5ev`8hG1VgmbC-u8bKRwZNx>J+{I-Kzw@Ws$$_#{ zxiaTvEpXP9jIdxg1o9YW_(cw};+qaUeZ;PJKz4U*n2ZsTLr&a>l);QDu2|J=HH}gT_xRTI&6fc9=@0lHt!O(mmFAu&9C~LU{cB3S8@H z+H#?|sgZpQuYfXg3>ScmdBg&%HPEs#7Wi?2&p+DquRlj(_KvwfJOw2l`N50C04uMA zGmF)cItKU~V3h^8>6*94SOOtxg|E)e@g!XZNLN?s0fuv@s)Y-lOr2kC>$WXB|84kO zv3a%6FH;Ly6Sm~cOjlD7eO$+T0Jbuq)X_oW8hm!7;a4czMz*ra94?`RoZynaKbOI$ zIYk)u2Glryi`TQO2vKrjt*w*9i?k?RV$fD3P+!J5lJ_PW1 zcl!16WZgOT%eI$-bULcV%El(cwjSh4!Cz z6tjOY`MdG{Q!!Lb?tX1}^M;~^aBT!bUYxxft})zD;fS}D2wQuLEQ?9nx7KNy>Q$G2 z+OXdX+cNb}8tdL4uD%V@4}AzwvQ3S#kHF0znb0LHj95|#H?&P8VLrf=>k>?@-g9o= z7)9=TYx})G2;LKaZxO$ z59U?hYTX#+rQY)1gQ7e}7sJVhsU%6@m*<+4X=cc;zNVH~%5GlTZna9k7yxko8lfzh zm1^y1qk4%s#H6RrmtvU|ll9#Wn4^%Td&i+W$$d{+Fb5P%m zmT>POhwtEm?w%RM3}tjrazd5)$5+*t0^K_-r_-6L(&uYG*K|(ogi|Dtxw!dY%cISA zHkG~PP!?Df6Qjk3;z!r^AA5CVy}#y8C)CsNPsffUb`!5dy?)BcI)oKpu)UkWoyml; zQ!lB7<@=&XpHTZ?&}EvB5OuGtocysp^RVE)wS$)8rIKd55B2ULUHg4o$B}d|_X-ke z-6YVF_9QS&Xq)7-U$imCV2CZJ_Gm>(wL^th2T12pg**H6iPp`K2~)T9DJVPfbNJp? zUeyQ&%1L4brog)$=lwI;d&r-H4me3mJR6g%&_8luFTi+Eu97lVue*FWGm&&?bP~%i z5^7|*yb}tk(@(4ES$%Lk-TTp7RZ?BH?>pO^@c}Vo=EpZ(#d8@pSB9wa@{d>2GCi_+ z0eN>_TwOhPHWoBSZqVOD=_GC+FZKT|EVjXan<@_t-7R(8+Puek`gjsFERp+xX3WtA zzo^eannTn1BWT%SA6U#dtRzc=`bHwch&_KzxUs%1*ORf~PhsyrBetM_XxgyxJ4v?0 z4bhhZ;sY-w!aa%;t%i3-idd@3S3l)Kn47wK*lhb1bw{yS+9q?t&$wvJZJkLGoRD(K zWlfE;zy&@@e35SS0^<4r2%?1FR~97^+uM+@>tMyIq@lvKITVZ0pu#M*?6Cd40@c*i zhL1SuEN4RLwj5>19+_y1SWr!Ilh&Fr%}getFO+=TV!&JSFA3*N?G%fJGgZX@x(`k_ z3WO`2A&y5KK0Z|KtncdLGODIuNhBNJ_(LSOkR^F z1W2&c8`?O#zXBD;I&%WQMJhqh-`1U93am~O zUi9yfg+56>Ytn3*?utM@Kq~%eCnz^jIIvKaC8sdFWT^Gm!jqIuwLSmrXGbfsgZN( zrBAS7;TVm2m7k?W!SyXC0FmuwM(OgMU0vl$o7>Nc70x4-;B^rMFp{%L{|Fqz)@#4Z z{0@<23{9<%f7~R^d|xvbg_SuJ9&rp^xesNK*5}$N9sA|_AAZ(vhbh*N`Uuf<_VwWK zy|kVcw+_$2Z71aPj_bQV+ZPOtR$@1qIFk#q>zcIVu6973QMo_UgN+i{+J*S1hYjB9w{h4pJP}+S_80~T; z#o<|-M`?Vxj(*GLR*=??PAYEF^iRk2cdLs*i2V!wMLkvctxQ;OL_&84$}-}5{JJg2 z^Q{W%J*p}DiME%|)9XsPV|M9vtOu$sQ-?w!L*~s!SyrQdGvE%V#gh7R-$K=Q{evNg z0C{iAu5XUOCzTfz)^ZRv;o%D+E5z}=Ed_NVUwnpem1`wmfOkdU`iCnm#g%+;snLu` zxW#x+@m`frTf~z#F#iTYX*irMfsN=8!7>-)p^fsjJslCm(L4GU5R@{x0<@DmzeRIq zQ6}w=LtzgApGO<-c5P(7J;RT$%eBQS+Q}B|UxYt=={QWPG|-(Z-pW+>X@*JM67uZC zUa{_?^b|M_e$lA;IDWtX?+g$4QV^w{^g3R~!KZJ^h}eKM##aZTtM=JI+ud;~_}HnP z)qvD++XVqhi8G*KoEQ|^b40bSDDZrFT>7EQ%zRyfDE#%R_6;GqVdph3j!z+xZ)Ei_ z=32RPykg74CR)OPMN_YOb28$@4VHL0%)|PV)eZ-^jSqSF<`yR${HZ83{a6Gup^!cQ zGl3f|Ur8RBh&_sXz=?5`F5%A#%*-J}vM8BPtJhx6hd-*&3NRt-)NM799%OB*>+x&U z*y0iOVoSz4oIs6Y6`TP218QqOtc~%gv*qkqN%+J=NUzh}66c5dr`7s?he7jUxjuu@ z#vS}@Pby?zqi6ob zs<&IL{Eea+#kkn4cdqg#%W=pXiT|d*_-$p|#!Uj=@Z>M_Qf8Aup`2Oj&21Sxdha+8rJ}Y1-qCVPzgbpU2@B5WPc=Q@3d@B|m#&0RVlu z>QRAM@}%$P@>6y-4mU2YaP3;aOBln;j)a{()c5ihWazXs4lTinN=sUB5eb6zHa%{e z%{)ppVWYzC@c;+it>dgXH7!fF%r|JUa#}hiFY$T!DTkRXrSgshTd#J-qPc`I8!EJp z+0(B!#-i8~yLm_GKc72N{2#3hh$(MsqtNipDDTY2$@|uV)AL1l%`Klu3l+NS6zaFH zTY$#HM<&B=KkLXZmTK8Zsp-xwP;!E=KBImri(XzEaRw>?^3-I=xDkHbgO%}e zFJ7bS*5il=&8z!=RM6!{LZto_^(>xCxq8>MBa6zpCM!dlIpSF0kQM)&czZ?6fc^?B zuVHP6_8Ckg(ARfSh$iKpm`2rwcIkt}87yd7`+RZTMiY4adX%5^BBstOl~IQ&w^wHEcPp9|%~10oC9^G9aLAuP1S zdJ5UkyymBB!D4+ev$-lN31=!aZoFz|AF*1fjVbUm)ET*}A)2yEc+Bt_)A>br2;&u$ zYD)V2*3fi&?z}@p>^W78P-cETy4X|3(lb25>^?8_(>wC@ZyUv!@H2B}mz43C%4$lU z!+lqh>2jGO)c`+;7rP8yOq(CM)kIvsFj^?Sw2n(JE4Je~0k|`j_D4_{|0%AK`WIKQ zYKrgaGrK>z@O#ACDXdVTWp_ZE2k@mbX#KSF4pw9h|o-Go0p($72`j`mb2UB1HH(EUbs8mOapfPWN2bB~$ddf*w)zu>B% zQ=+C)0zZGtl!rsjV4g3u3s5bYyW<<-gC=Sf&u`nwC$zLc>iBBwcIq{~Z-_@Z{37nD zoAp=;vau7oa>1=lIq=CXErxeKmyY24{rzS6aoReYT!18+k4cL|df)Lp zn^C;k>xud)k#&n=Lv>$&@!YELbn;0oJjaopOI#79D3&ExYRL@^ww(WPoZFov{QbZH zoe@cs?!HIxZ};R<)#UXv(9&}sW&}agl2k^_5hr$@BP8tQh1{V*yT`?5%FF4=UUIcU zL&d!TsJ7uB9Hp5IGGp(IC&PIPI+i!OH_cGFRwzTy9}^vHeD()B>js!6&w#b}Fi$NW zAh#@G9^aRE&seic3cSqq0W0P5%iFt?cEqE2eVNC#Vxd>p4tmJLP`v@q-n)C`=KKJ= z@C@v1v&ZEI->IsM6}8UVj)|<1l9QD_8I?Iu%{*yIeH?{p(6jX9aW#W_v5zm)@p(J7 zJ2HgWiIkCf(c3>|@G4h~#G8K-$^+c(%i_k+RU0q1u<&Z4y~a%UwQP<}S%>rqv!ukm z5I-v695N+C>;7?T`QhmUD^Q%N`?^(HC7%fl?*r{c!# z;!@67{kh8guK>CUufz-bRbwt~1pq`ZkQOWxORzT%S7P^6UM=*!OM)jDMKxM=u1OJ#Sv4-qF=~s^)B0TSTDzXB;UpE z@yN#N^d+RK32X6h%f;x)hKpn??|p3bvxe~&-QWml+Srd0Z?Sr&G^GyWc_Z&aOzxY+ zCGy1sw{o0Lic)YBxRzh(vIwm6zYV%dUuW zyau|WAmYis1Ti+G2lC?(@1%6LQ^Hx(=Ggs2u|UoYXQ+CHk9v%MW|EHZ*hC`cW z!gx+TGxk6>Ra8DOY5G&X0oJtQ=*m%6sIsbMc8GGsHo=ETE0ybba4|O0R>Mx!8~Oq=oc(zxxiV9Xct-u=s0*oTYGk2#N>h8D&}H(TN>hPsWSNmy zKEtAvzqZc)V&l-4e+E-`O_frQ0P<{sDr;02h5z5|P_NJ{IVT%C;8>hh^wWgv10{6@W}EI;55lsoi{-8Ko(%Gyg= z{^syWWiCliirFq>$T>9KGxDnaxltg|_f=kodXJwg@JKM`KqD{>#k|g$!uzt{@#Zam z3`k>pdSmSi?TTsTqt|u*F3#%S<)XAn?bf$h;tuSh8A(`?E1JFf0=r(er`}N&&~vdC zpI)~W=^*W~)4k~}E;~@x;Zu!-uMZq1YL(z9)#d3%dkufV9o#XLrj`fB;RZ4M2tUO> zO^c&wzSBI_rB9WWD~&@3;|q6&=+befzPV^03$O4jA3tC=#Texkl)$`RF1nFP4N>p} zJGHox92XCF_xndx@i#B+@JG*uq%q3x2F$x)J=YRcR^g07pB=m?g#9x5bJ78C1%WqN zQ~1Rk^*M{;NNIB_VZix>s+u!oEvCtT?!sKgVMzyhm{SJ*= zXjav&RIdnw!K%)YWM*3FC?8WKDWlYq%s>mKmiT^qA)2A39~0=xKU9gHFek&`1wL|Z zqq9#ddK0fRZ700#>R0M2;+0c(kXt)!nclUH#n{e}6xzcbU^dXZ%(`p-(CBM?g0%?l z1<6qp`=!2Jxu4PAzi>7v*Sny;61Ln17WdVId`UWN>VRLSf|KE19#k%@8qN&Ww~A|3 z9e+;z)5^3?Z~B6v1|@N%{Mn4w4fB{HSmS*N1s#+?rQ(3UAuhSgA4>k)96xN__=t^i zK&d)4P{tJLonwf>?ts`GUXs*k2rIBFLha`u#ZlUo^0s_tNgce_q~B52@x!gqtP-i| zXu?#P686r~aOeuZZE!qYt=F#6g6)*ymVRb_Ud9@v+atC92hE$EP$=jzcMi6~%UT~$ zFAI6DK0JHb)v{q@crA1>de|l3iVDRBo6MGazoUbI9ae@XQU+^2x&|9W)pwM0PF#m; z5RVO=?eHvr9b0Ef%{HtWPVlFie=?{Q!g1EG;T**Sz->Hut1Kx(9BM`d-~4e21wR6~ z=#?2drySMFetg)mMJ6B&{=^leq%#557neQ{(Oo6vS z9B^*26I-BZm=@jnO7ltCl^*6BMwU` zd2eJ$^?0K}&aOa2QzGo(Wbzzs-yKp&>ry(-OUn@z678iLJx!j-uY+Ca(1B-=TJ?vf13WGSqAt zEnY6(5=*?D*+>2j5@roFHCuhf&I?FrFKVZyr#DTxy1Fj)RUvb~E*R#!LAyqt!9%0Z z`XF6+o)O-IVG7^JCKCmnJ^_WA8VXE*q^E<1y~6^DAVsQ~)&re9vOKd=3G+aOE0&-l z93ZeN^uwb|PxEsYk(I^3Iq~I4YN*HGwcqZw62(2@?N6TRG9=Y0pvDx(&yc zHA?zgACv>NF>a3UqSyc;u}?rSZy`5SFl)}E*nx}MV3~n)z!SLUPrMUr2MRtAi_h+= z>jysvhn6R=67EnItT%2>vh)nfEW8P#rf?sxTNsS=;c}IresKJ^99- z(k)#w3^`*2zN!?cJx6?knfoYE$+!(r67iNFz_%vi7CyOq005a;Qeuc}TvqgmccQkc zPl1<2qUwn$d5;e@>yI!=Xk;dO zC=isF&M$0A%r8ENg|2JLjd^yw&<=8VZ53P~^CG0=sZZx2E@Zs;h8qLJJX&`Rc~HHA z&2AK5&(iKDnrG0Oie_*o%re5kmx9b(Up4gJo09V8ih*vxo{_^Zss`%d2cI`M3%b@X zKX^@}mcFzSE}b4UOAWUu`3B!hpWP=UeZA{8c3C*|(T7_t=K^fvxV(WVprN*0;lZgK z`rx`~OBqIi8TvgNf@eUM&*P{)&F)F{_4xaU)s`A%aBzM+K|9p;!-sX&`fK`yK*#?6 z511ks_8W)S{~+-CGnv#Zy5STPuQvJUZQ4V^h+cWQr)~Dl`;hLQcX*?!c*kbbwjzjG z1~O6IIa+ET_t&7?)eY+T#hcg4bZo#UHa*@S!OM`ltF z0n3U+?$o+;W?qaSDJ1Pa_vhm>hD^ub-`{!lTTtO1`S*Y4-~fQ=v%m9c0KiFGZbprJ z-0}F|Z?Gz8GJ!ZJ2L;VAR!eQ`|SVLwD&W#wz6RWW{i)hUHLxy2IRNL09B#Y z3*0y%j$|4Eb+eWbQunL{>2=ah8E)|_gtZZoqBwCPu4`eSnYd(t$d=9e&6M&yFRrQF zq#$5}BS5Jh+Z_z3K**Ra%o{b3Oe9ntrtsXpVPNO#?8 zz7Ajv-z;l3!Ae1cF;-mJW7mcK+MJ{!B14xp{*3A%{WD5G_2#@mq`-hLKOcD41C!Xo zMtJ!j$GQU!t~ikwLeT!IBj-s<5;^6S}0a`!D~o z#r#$|Ll|u41TWn@c0nwH@|fkpgnar!nFv|b{5^r|aed_J+jp1i!bqEmd}ek?eW4Th zV2MndqQ+XG=S_#dJbNRARasxnJf1XPRB7aWRH>EmBdjyi4P=kZr@icCwUvr3WXo-L z%_gMftQ~Z^5sg*u@y_P>>*ZP-fuq>X#OymkTwvYEUik2F2O7x5osfu}CA>@S>Otb< zl3ki~!n&h|QE+GN4(8eF_~-ETftOv+dP^;=$wQlAvo z1ZDU*PAr79o=s%b_w!-?4Wev@s{feiH>wHsyVPKWJ8@l0PLF^mV!X2f=N?Zi7W4J5 zJe(v9vUfA*ZYl>cXFCpR*akQzjYtSoqntr-#=Ce@JBYw|0*d^-h?O*TA<5H+za$vX zGS-E}@LmAQ9}PK}qH$5OYp`)>9eUuT>8ztO*T1^sSg}RPA&!|FGxhL&>v3b;oYBTNbr@+4|Cr?# zKqzYrABK!*fU1(-ru)4kKNE?@l8(M&9A-;oRfm zS8l1n?>71_uO0mTkM3(QqWtZDIY5}e9lihlTwWC}i!D-_Td((0d+STjfk@}#`{hEz z?!U$sve$Vuib2s-(A5hUB1oD?c#Y)`D4j7MIkYtx9y~3WVgy*|%x*SXXQ_n^&+3>l z&I4}4Hug*Jq24$YSJPuh)hr8wxgiEn<^l@h!vRE(n_n0%n&JDudFV9GZiZ0RVsKbZXZ->nC!>uG@x^onjNp^L&MB z{c9%bVkBuM!(U?G(SA`NR!8s-cm2CzGRj*1vePJi;STOvyly$XA9&*`kH`5D&dfQ& z<8;^J#Pi%2KjKAP(=%7DKZU%}9JWJ2GTV!L~dJ^xCaa==V=d_ye(6a&K@+g_&x~SW0TH( zsIMZsw}MvKYJ^!a&X}pUI+t-xczO*!tDGYW%4=NZVQTSEhcITw z=zyeu`lCOf>~}Y_h+;hk4T$Nqu0nfJW>0{X)biaLF1jaeH+K0eYpRmfR_ujTwYpF@ z{f#3P9#c#p4P9u@{F-Z8KjpGHAC2koW_1TeduC4#n0BzlB!+(0GiV~P)F^`1q=D*` z`0_0KqPj=fz}cV)u=xX*swHL^lftNoJJSE_vW#BHv_sva4;U+>415`=;k?U1AM}|p zM#0kQCyEN8-xn? z36kIKQ*nhItX6fHRxYd(MyUnZ3xNRqJ%Y^`)Z9WWW&0TJ$nRCd_EMz1eNGzx^@0C+ z=J^nRdvH;^zNNkDiOKh4Ipv<2r}0#(M7N;*Fx10U*ZaXTDU2qzL?U6-BHbK*s=H(QADoYfpp6mzU~M;Sb2 z`>4sPv%Z561da+YulX~|!2bvc6zSX>_$2k_B<@(HJnoJi@TFB{?b>FijBLCkw$JH4 z5pvvqitZp`?^`qxNZL72aYsC*?@z4gM)NQ9;vc20nAk_yDc_Xp^9aG+M2)@k;rr6%@Ha_sV z+B(ZW?%(M3{{W}|6TMoLay@VTzR5U=_s-Ol&MW5f!)NfS)>l@RHwR~L-tIG!{h!#C z`yN%Mf~^ktr9jwf43Y=Xk;sP&lgg>=vC;VyQ1)Q1^1-j4E5!t7-^uCI|I_PpqXoHGM&Ap+-dFB-4cl*AJ;v#;depml1{`~Knf`bM;ESene5J6;-b%yQs zL;jKo+fLPBt|jkV(!yF|Vxej_BG7HLhG5C@q6)s%V$SM!i9gf1Eg!`X8)|Cq)dimr z$hKE8kq9*_^6O$Z=3``~*0gUnRQ7nJKBEEjds39|?$tS6*y5St%Km_SjP1WC^3rwb z^j=NYo1Gv=JrSE!V*hhbA#g=eVxgcHmq}U3-a|$VgNflL^WMgF0g+dn|3ezM39>4j z-Q$vVdN@k&rNEdPx07`q{kmb>IjElbd6@Aq*R;R>ZQ9e@jY`kq)8F5A_VgsiI$d?I z8e^=E?raY}S72mkZY7Oy_0?!a=&m2^i0`5QP&2MO8A?^Fl^E<*5GzyhCX;@@V{rmw zg4*?oYfsF5LbFInteCvKJkm3*x@SfI41Q00Pdf>lXUV*)XkL{cYyT$2aBz_ zdkUNC7OL%(ydEhqZ?l(BPg|&YW=)$Vsp%dp+zK`iv!&5v@iSjnOKbK4LAIpUxg0sJ zGD?K?eELg<#T_wEdb|$3L1P2V5Rsmv6__!if@T}t#FWwSLLdCJEM?uldf>=Jen)Po zVbZ>=oqO)1vRh4^{jv@kdM)pp43O>kJk^l|bA)F#?2M0fe=&6ZnEr>yX)Kx>|jqqBQs_m)GMeFz0MehXRp78#=si%MQO3`jV4fs-pH`2U>GpDap<9s1N z%bts{oD^w-2{WWd6CKV_nC8}WGNq&JeAuM2GM-}@73Z+Tuf_59{a|&jTz>?Z>OV5K(z?-+=)zifB?FGy^=#2x z<>e;p9$8-q_rUt#83G!Ixqzv%Q<4^a)Y8}Z%+wLubia7>-ZuR^H`gxgXMFLBQ}~wa zbngDH`*dHv-rIqJf$#3QVQ05Cr;@IG`}PfXjlUQ&(fn540eeq-Yg$M{x-sUsNM`Ny zE1@7p_7%Sys|yYCZ!^e?E-v~mZbZMg)@-stN2}}9WeOG+Cr}L)N+bd@DbS_c1Aq9yNTEXO2OfVJ;7vVHlM&W~FWH^?QYX!!j)aPRjQkO)ur zt8m}J+P50|8v!HG#QP6gzSj%lM8{ZyO}_i(Z&!MDS5S+uyn@y;|8jEQE#~RCf0i>w zb{qFoYAfh*`V!G|YriD?+*qv_Vw%JvsMFNQPC~)!rxbnmeS}BY`^|f_)=-t~b%|i* zcRCD1cOCqe)7i?n?(D$QCKF0FTkXl0+P4mFEsTw*otZsKGK1K8?ya4?R<9j%*XRmn z7v?-YNrd?+Gx1R<%so?n$j(FRBgoa)%%H zi%*|e#P#y4&zI?Ea}dDe`ni=KewX%4oNZU;R4wAAxjw_;iUhgvLb6kUBTHFJ^Wy!& zqNHfOm`vq`2Ly!{U6abd4dvqE_zPVlL&Jq;G(Q9@hCJM6Q`v!X^vz*M$}b{as4}y{ z?}CC8&*u6jI0jv^b{>Fx{_qZ{8?mpkZ#FW~Ky6LGqM|{> z7j!JwhqL>pttW;^))AGgBvg|W6WGoxiD;U z?r?~OS8?HGhT0STrjO;%hGb2tgRiq0Ch>A$Wa0IF#KdQ`8Infy<{9XO`mlf+X_GZp zoti5~T3YKogip1y=JP6`%6s5kn~xuQk^?8^?k)r&$_BRI3{Sz?=40FLsr%0z2!0Ee zLdvtnj8sJXMSh8;=yANpT8`SDob5u&St*O+KWC=XKx1DVwDRs9zGhX{9hN{f1XCR6 z(|xMDxGxxuZYxUwrqA^4Ic3(=i_tZ$8uX7 zO}V|i+@fjw{KQH^bK>y(=dQN(&t6c7LgQgTProt@O2%N;ax~)FlqkpFSGq7Kr;3hh z{*qB`rm^=+bFrJaD`=*)W)1i75UFM2m1lDd7Ur~N`uRY?T>U!d#;4Y1-j#QOAo!U} zbsL~Tkw^@xHOwe?GR5gqGnZZ7mY}yVp7s1Ujc}_7R!I}+ zvM3nCxntUiQP38Mu*^@}&yxPr>gl*yMsj#TzxynG$*9+~Jw|oDk)7y@8o?_EyDsv6 zlCukt96S~+YLSs3H-!I^k*qOk3K9a{jAMOT$9q&_OtBNY+KxX2kJP7?!E|63 z9`aYHwwadUTXQE{o*rxoT<)VS6|8(C4lC8kkw3l+4=*^Ijw~j-?OGjo3IQfhX75sn*!3)0H&*cV&@@rPVYCRx~h|x#rTYfqNvmFoSe-Kjlh z2``WnA?XS0-~2{Q4g$FLbgq$ewDo<4}pN+WIc;o|>u_EsbU^ z6V-Xc1s``RAvR|9+# zmTm##7?Z?Dm{WtharFcSe8SBUz%-EPm8p)e2~e26es2d~u3~xL8I<3w+AF9RSp&6c zc4%VS%@7N*o;HTpf*!r#9WQz5=vYdK82=bG6A(xY3?TTF-I5pmm;!fSSZcghzf*8p znB&*HgjH~o;i(-$86%$gpe}HbEgr3bK!?fbPf780!L1fre^jIbfrDd=j})UEOKQ() zVMs3OrJGO9@oT0F6*Q{3=6xCIl=;c+`?lxDi>3~lXYKAu35QRfV1}@s4Gc4}N~!qG zya4-bj{2htN|yw;@bPsjj1psrs!;P2HnbuTe=)wv%B40_u=w5WpF_F!C2!7NQ{Km* z%D-1W!N*(Pu|u_XPJA7dwpIoq*wnDkznnrOJG{&bm!1FVfkz;ukU);X%^; zX54C62cljU4!0;Xs~?i7Ou9NlRHZ>u@OQzgnW~UXVRxgwnUhONmK#ls6kd^vM2CF| zZ;;nP$Ykc8s{cXa5^dH9p0)M7OX7oy2WfEN%nmNb-FW!0&u!(qp$R)v@gX+ti=#6l z+Cn8SIENeL41X=@To_05t&j1Kz7g|~?HOpW>+Ktmz6SoV7_BYsg2qGNp3R*7+Niib zh>>n=t)@iE*am?k=6T1k6E-SKI*aB9AO4M_Gfu!8gZCN&p0RQ_otVK(Fi2|7E3g!& zIZZyb9oxlx#I7I2f7+H9v%P)Ajv*TYl>U0e2~y!WVis`D5LgM_3lMY8$*NrP5n7&q zw@-C-aeii#O>-gH>IoQ}Ap7Xzs?Qb2peK4B(H|qs6nonp!Zn<5(W?=z&og_3e z)LJkuq#H3d^r7xC5JDD^jo0QD!3sQ1UPIu9T5FL)l*{BdW9N>jNn^c{TN43M#onUc z>U{%IvH0P{($cV{&cVQK_(6tg`O^{Q-cnCFl)`!_?a*WluM&>lVXMY5<~-|8z`8CS zNma}5zE_pTbDmbhzC%#P%k5517+eY0GB~#%>M$7VRPxryb|JpM2v&Ejl%oXGg@jfAI?La@d5oaI zsH|v^&>4XKNVyIjSJA)na-x*5Usubc?nYbK%FZFxKEcV01y)xfcXANZxV)G#ol$;P6wLkPrr+p&X8GH`Kd_>GLUfJvc$rX0rtBS3ghen z^W2uuVtKK2X}1233k!6muvkhRrB+v{R-~u2is4NSriuH|9{clz#hbNs6D!-cWo!3c z5z7$>`qE*c_2f=Fh=dShaFO;Tq^ig>zG|g~R@rOr7K^W%kP-ZaVzbXwy>2Pef%;lq zpL9zq`=v2qm&{B&Oj^5E{O6URvHOL`)+-vJ){~73?<#+E67BkJ=O@v?lJt1(3WkE{ z9mUB*Kl~<4sNKQLh4gw!R^puoP0M|?k1c4gQiBdt32+yA;P0E9nTgQK9e`r^nR zUwp(!9usgAul4Z=#Y@-BEy%z15psllvb%rj^p?Ma@z-(Ee4KbfrTs08=<61TjNb90 zA9#vIjGacX-r9ys|4b`6U2>u*MB{n@xUyuDF(6A-CuCV~dG~i~BQUMUszijs1P##M z8lx~41}9>+ zcc~eLIRuD`*GrG%g8QPJ25w-sA9NBcLOp*Y@H}y}?DU)^ z)$)TDlQ_J-awk9tJe$2~No`WikA+55Z-lovRHUH|9SI)y<5)T))O{`U35c_F5?2VC z;J}8~tM@P}ge)Of>Q7}SffM1C@LzsonDkk~9S5%J37!04JORs+j|d{S(CNJ4ivn)r z-HKhAxMaHpR-qbpAmK>9v)*jYQ zv!|*=s5PWF*4a#D$(~2-f`!#d3#bn5p|{^g??e^(#8{%3H(9N#09XrO;2S(;?YdW> zzi9jG5Y;bOZKOIiL`+gcV6x=Adsz%4sCMMT{p0KNAxk$S3 zruj2sA@(8U+h9Fp^C3m&GwhTHLPkYPD#Uz&yJ?C?rWR@7<8Hdbavr~s%(>$MGG=H& zr)IMfOP5wq-;{TjYnpYgpdm$578>MBND|p(kX0*@iQJm%k@1acqUZzsKvwd>i2=s1 zj^YzJI~((<6LS5dD?*FsP5!MIbANXpfBr{s&2(?HxcUCzZA86V;|U!he^vT#gn}irrrRi=({Do5?I1Vz96I? zP(u99?Y#O3{$-V^!c(HbIPx%#>8*x9-iR!U`d8ulQMrFg%gbDr{GY0G4n?+qPSG#2 zFOxw)1pXS~dHio9^VqYqQwULBFnlKG>s&YVBpaf{6ort$|$%$aA;f;iZT!FlP( z2l+K*f>msv*qyoiz>^5S#ea%KK=HpX9PT^wpYpIgdv3yX^8dNi8DpQnb;nel6k4&tHi{MjlQw2HBxdV-rk(=G(t^|E1sG4&D5;^VrdGDKR}Y zwNbAL#u#5ekXQBJ4S!@!CG5N&=_Tds<%T|`ajW(RKMcn$D6V)xd$yk=&FiPKg)Zwt zgii}5>3Cmw!6Tgx5RLzjjMym&fVvt_6mD;2H-lIbr7!`&d5xWYix1ZARfD5Yy~XUZ ze%v{(?UuKcafciM2{AHBpuyGOd)~Rnzh?_@vF<4T&gqyWs3p7O7-Oi~^3kKbQuAVL zn>U6st6gPN`+&Rqx8`@v0ifhWzG{U4cdwX_vF~evsZ{u9`2b;1T85L&r`q1!dWx}r zaBq`ma2&EK-bQr=D(*&}VoiJJ-wU34u`_?7-!*ou{UL3_&@1;Gdt8)}zC-%+Q1AAfXAD%tyWyd@x4B$n$S>PS3PI@#v%`eyXc0%Xm2-8>U_^I?;#03)C&sKbU$J;((YBmPajM=PwQ%JZ80sOBK&Z2$do?Fh#*GRTh5_>R=sX_D^O{p?kzdw$m`Uxl~mAYqhmGs?HDb- zo{_2u%+!D_mJFKcP2=?iX2-g4SVrtg={3|eRMNlsm5IW@aXhm1JBo?jTxoTe1#hUx1s)84&?D+jF?fDbd=h6I z?gX)eOy6d5wD)z;(Zoi(%-q^mhhM_7J+UIAu69D+7{*q!W3M-z~okTKd?uemh@3T>;|JB}m zhBcLTecz0V*Z`G5l&Yd2AfVC&1T3TU-lRrFYUq&AK?GDpK%_|^AiWcMq+>-&LJ1IR zLJutj2oNBIJR4@lYv!8gy5IYLKfUj9-1`#=Ig(w@z0Y&4_5c4?#F$}AhpgdP%lex) zYUqFz9VI1f6jxvMZ)EhH4D0Do@`%SNuUoEBPjdM9Qd|utHiRBV6?acjMC1h>7(UV5 z4+bsow45`7>ICu-%^sNg$wNa=@0QG%FAb(hGIv^L?f9~m<}tH*gYfHl&P&O*1a8^8 zE@$C`>F?+_heS|9rIXo(Y2?dke4?+8#iz;NmAQ1LoJHwG^5y)7Z6SUy&8t_3IXOw# zdKlKuSK1Ed@nlf}s~YEpUBily)f35ltq%J4xai8boKJ1KCkQ9(+> zu#=%Tyx#=&4l}HkRq!QAuluF4(GR9%NiKmAfy3q%EIg*;10s&nq8ei68}jQ(QK+vMqOlYao4pJeVg+*1bnr>~HBczN| zi=~+R*OK_g;qJt?X6^BV+xFheBP}-w%J#AXMTZUgP7_~U9?ZQ$kSbw~vvMO?$M=@X z@ANxfUukjZ-*{d199JzOZ?sEiI!bUy)0x;Z2?_CZg^XdA-Z(1NdG|ZVl;e@gj*7I1 zW`fYJ$D;(new={p3+Y4Jp1XVx>%{_{DjGggoHyD>K^4SZn9+IBMzl}E$An|wHpow3 zY|_XMam4awsx-m_v--K2yhGF4kYmStjX-Gus+%XgN&H)Zeh5B4rcaY+=?$d_i*H_K zC7Z#N)L&fY&4dJpYxeGg2PD!_|CQ&j4GrGrupF(5oHN!6@Bi>oN?3L<`1z3SXIB^N zjdI2WeecneJNG+MMz)(~`Z6A1*r?g=kE_|9fek|ze_dTdWJ>QGZt|`f3>J5+K2xaT zH$M?t17RXmD&!P^xG{p4Sf?T3T@hC3lxvcSX9S`?4{Fa>1`-M}QeW1W7Hgnl&$1>Q z`Z`#NToZw7H>#Q$p*6B@d_su10y^FIs_RVxleW74h;@y#x_FSu4!JrXFGmh)>Sl=C%7>A^1$R)`uo^C>G}AGDX$T7>=k; zsBACX7VH217aE(fI&`!LxZg{k}9tWQR@xx&Uj10E$=3|XueD%xLhrn;gWutk?7{VI+NZ0dFBl! zK@XOU=2}22SCued-0DRYoXt70Vy1Ulu`^YDz|E<%Pg1ix?)KK{Cf2A&5u)wI4Vpbu zLviNH=85WFYdx#)^P7WFc7io|kg4w{=MO=eE9J$pg ztJLBCeY9N0H2sMgelz}j)G?~z9Gxi&wxggycBXIl^b>?625X)&_W83E9Rr^HcH@nN z*Gg^N;U@&MsA+jHx(fy; z&km&4J_Wm*s~5I4MpRinCypSMhw|TV9|6QIGM+t{VEX8=$J@@ToXIna%_4kg?{Bs7Gp_Lv3cui(os_PA&+QE z+B-`7qkvVd&j&Aziryl6rwmC!q_Oj`1>X=oef`l3KZ-n-Y6wF@V`m)%L^bsOT`qLG z)j>e>Rm@iU=sB-M?QW@V*E96V+TpmWckL`gxm$^+&#||^zZrg^qjI2N^_?K;<;|v6 zNXkd|yw`092<#$G;R&vqE@2DMShZ^HPm|MqUE9G`cSS0zc@BJ%s(Hs6@eXO}LATlP zM|{Rhwgwt<^gFCmmeFYrIk3(sC9eq|Ue0_PRmUSWA^<#rMn`4&O4c4;zJ+ja zrAM#7hfxOznRko5vQHyzcMr$Ymrv3yifXzEiv0I4x_v@69zfigWxjwERAl2mNO$w* z5jJqsvkUyz>Z)}h1bcH+;}_$%Maz`HQ-$+SyB8zo&d)q=PDD%E=a)bDM!VnYqa}qs zlEt!w$T&vomiD?X_$9oh8J|jHZC_{@6mb~2E7s-b5qY^09nizv4ffS!OC4B97Lbvm zMx(Ymh57FdS35=2u_BUe52u;f^dChZj0(3I{(R`R;SNjDM3Yz9OgVd^py%?_7o6)? zl3llYf)&sy&%Qo-oFFKY=Q zn6^d{suf@Id*k%wDkZT->EhRhme7D>jZymE`F0^ajkc*^{L7}I2XwaXj~JJ!LK&;8eY5nJ7?ZcQ3mn3sPaR6Nf5ELVTiV*UW7OJjYljhJ zgF0^ojmSpX7kaEO&X3_G2LlaP>A@AnCNnNN3r)(JhGbclYD9HDWNpY${{6xWTFzL` z8HxU@Bh;p;AMfeODU*5xdglOzXTW*f-FAd|Czx}XGw860bEmwPp+zna+v3S~b1v>; z*BgX`Zdk^a_hVF=k!@X7{W`lh^IdVB#1!%MA8oMT`rg&Bl8TYI0+&E?vhU{jO9+*S z1kd;8!z65@hC6)P;)L8ND~wUuGd;lQVZL0PRJjO&F&-7{$ssFy48!ft>3spOv!x~C zWgZq<2j-y-VZ*R?GespQ&1q4@JE_)^=3f6O6<^U(U2FA9e%;J~W7m|X5GffMcKW8a zK_!SgO^o54Tyf&}!IYG8O2>Uuf15EE)7HStH2Rq094F;Hc9o=i+%S;k-D2TfvoOEv z0E=a9f}D5Uux>08B{h$1-l|jfNeg-1AR}nJLeB|JO&2j-UwHo-HU?Eb1JNlUBU9e# z|5^w2habR)4>=*I7@oBU@Lm<;|E}CkStSWnrKx{beoo3FpI8-koA~!YlvgXr5_yKD zLcdQ)7q`hhx0FMnr|0M2piCpA&r5&!UalQZ?LHfA$n6m|6G{})dL-h!NPW$(w=a|% zv->UiKJ{QQ2SZm!U$sqncV5Q9LaUsZ#aOoUsD@rEc$Cz4D|Um7dg_i1CNcojeKK$E zr_Sxe1IEAW+&+}_mgI1ZKXxEe!KQa6U0Q7%QZ;Q~>JHXaEon1qsss6pyDn1yIVKJR z#9n3T`zmGtW%qkdq8Es(hv>QU+qsO-UOfI?riV)Ysj#+taO6Y!-%rTDN9I-sT++gA z3qAT-fw=nAzr@)$YYuhk{7hi!hyjwMuKlQ+;p7t_Wddyf^tb#^k`90W28elU3)4j? zcT|x4bRD#V?LTJLuxJZDhWWoG3m6y#fePAhp*Z3Hs0{}M{w{#K4e;okmHL++t~Zb2 zFL@)fd?pxn#Du}#(u)5Q+D|Sj7 zH$1Jl+wgIK=R^=MLkj@K`}OK^UXc?WX+rYx2ET`}>T9Q%Ka~8=g+U4+Msh^WXcvrY z#ausgo&HB`*ZlZ7@q@qh;kM^t_I`Oaj30`Mt~%i@D?mt;uMMsCH^2nd8{(#)*hIv=)sFodQGVfIVVGAczBNHX$h8JQsGOb3n7kTNNC=^1%C#zr3T#IdU~H(O{|F=Z}v zdRDdE;{Z=ly6O4IqO3vB@kK$1X%o3`4mR%VwP7yL@ys+WSA((1*eFqTsNDVa4avL5 z;Uw&22<>nO+N(UTi3*QE9shwc3Ivhlw_bSc$`cjo^7esaZ3!Alj~fwYR1y3R!{HCz z^F7%StE;O8C-x2bN$U%z(>cW2NH1696r0q|1Ou-;Fx zansl{kU7LSv{G&_6rK!dlFeqTGzP@+JH|v{G0n6wu12_Y%PW#AM}1$EuDgOTDOJW9 z)?NR<3fdXIY^8SMa>Cj+93B-G`#>6FjeV6=FUP|R!#C=&G-oQll~@DI5vmpN)k-M| zpJBSj5NUdC6V~zpkTwI_ZOzo9^<2`9T|^|l#0wvQMKgAt{guN>XNcn1A&Fw8&AjUC zZ#$GMW&xFYvYVc48}3Uz?Y+tPdGrEJ~Y}e#9!@nIzj0pLL$SIT$9% z<{epxXf*X8pf7J8h;03%_A)~kXY)>5I_ZR4lvXc^J6cbUJ3~Ani2N?q;H-&Rw|9

lpYe6KI-{@F<2^VS@YY9zx+A2m~A8A1ANJ7XcNLqZJeXwPF(dmaZ3 zcSJ5kTjijXMA$+>-kj891N-?gCNvT3V2J^H&LJxMYJ8y(nDeVTE!U8ohFKZpRb5#njagM&4-BQ$CX*E4iL-ZF8doi%5Ea2CuyKbXP{<-V;y#)JoCm;HWY zQb!u>%F*(qdb_dpq_O0ita&ol_f3=QR2cn;o=!YOG8em`4$ErtVfil~6lxzA&Y8EF z!Q^f#$Ks=<_|V3sIoMt_3|)|7og?&g;i_hqqnPoeI8V8EGq;Mw0l`E!E}OmR)P> z?D51mVEvv~QLCh8LNNb|>o&Qz%Jn_m!M{Vc!(jRniIMa6mA)MFj2z^kaPK{ROFi8h z_#s%q?{v^A{}o3~&i5H8ibeKuXSBZCJ^yO64a^kt0+{=uIuv2>crFpzrrS=)e9=+$ zmBi!+WjyJC_6l^+D$Rv5yi%TZDmfh8wfv4r3T!gLEbDJQL|cV(%H|~wd(NiZnXK}* zO+x-KFC=s%S4o0cttoB^lZ(Wyd9(rb@3E1;PuNL{1;qCoz7qza^D5g{|&31&}gDu;{DiBTlLij#w;tBo?C%gJkN zsC#P?7)P`Z`rZOc)V>}U>f-AdlVdUMFRmeBPOp2E+y@)_wlv9+|7gpASpt!mRQ%G& z4}ZPF@o9;K-k8)kNHXQ}El_rt=?z)=?OOg^LjLSqi!(boi(zA>xm|q=o}JWBj~(c6 zD_fYsVQ0-l=N+Fn)FqSZ=ailqaWe?-oeI-+?0^ve+NS_kVez^3(CqE{Z(+5BB;?x0 zi)@(p%wg1aU&WA9BBy#kpFuwY)JK*{EB*|S(>|e+`>2iVrizn#w17EycUPIbj2VAo z6*lfN*ZPKtS01gL3)0@x_8B^Q9c~f;tmdJ@yp%O&M4VWn!>oyQ+i-O|ykw1RY?&uZ zU;nVN5qQ_daUc(ylO{;R_~F?9_a+R+ zhZZ=I1s@zqC*33Q;!L55~|PyZCK)azr46=;VUO^R-q=| zt1r@kB~}g|?bIq|#xeHOa0+X%1ci6mO-;UqXXw|fU6z+l!RoQoo|;)QHs>#OP-F)% zzRP-t8S-9r4Zq1=JDWQ!hR?Fc#7Z%08b(L>iWEa$>zQWdAWZ{K(%_(@3VGT=I$3YPaBE_UQ`J)Lor5VgjA3p_&OGs) zmxNA5YKN9jNB!r!a(PFAL+Viz_NaIS44zf-6zzP2?N-9}1ecH+(LLk^6q<9~vUh^D zeC@|UnJc4Pw~)6QkS|jCj_2{bv@GB?ta`A!a*4LurlqDZxaDlFc=sMWV4xJWRf%-1 zhCHvhHGK%~UM`V3QOsK<0U|5SW`#FN;zdZ1mN&dv<%U~;ptAu-L2sqPgVF1rbFi3Uw@=a39$)ck zY?G})d9s<8D0c~P%0)}xb5Hh8V45U%OYj(6hCb=5@vudP6h8j);(iDsD4E|G^s5bD zVb+hMxmwqXR>_Gy`fNe+s>Hycio^8E=m%O9*fEZVH1YMDX10~f)d{n4X9Ne!)NVeO z-ex`$$WfrHSJ}SfnN^7)o=|Sr*LK?#?IQ%T+47J3A-6JLY;GO7?Sb77AOzdE7$QT2 zqBUv^^w)6ae=c&nrhHu#C5+7kyaOZ?*>B}FBH6)Tr+Y9pmLwE>ceaB|zo;w%a0(~o z3!Aae4i1`|%~~p1C9_@Ds>2RFExck2l&8%Xqeuad8hClV9px6Tqf*3cXD{-2jkwh= ze?DH5t!rnnbCqj};Ircg`*_v(o;F1>qAy@q%}cDu;)|^srr%D@CyH$1f@q<8*WH+K zunI{7Qx9r?w#7F%dl7yW4H8x-qE^e9eP?qg4Hq3LD-n7P(yJNvQdZ`riJu!xvb?uGk!h8owj{ivlx4%=0greAL z58a=4%b)HSlPK_h8dv^f*O-424zYEXU{lS3SJ}v6CKGu)zc;;E^j^zQL8^OPMC@)o znj&i}M(;p|D`Miqa4_cS8bWHs&ICtOss0frs!8CiD9K};5E&ESL_?_HOBCRpI1o|J z(0_NMi8rZfs^P~S0+l-b5~1vTJ#7%1(pe-C-5qeQ_`O4aLS=D-Ric3PHc&q5t9mFmGJPnHUuYV|nuZrM$ zWj~?8?4r_e6Srl)-aSUI)$d%I&l?6^lPYsoD9n7_35qZXsBupb+qD;md-R%TmPojQQB44Y|R|N3_~7>~)`x(lpGec$Gnl!}*y4SJ`^u+ClNq_KdT&`il zr+bXI=L>JZ*ZJm_wt*i*-KjXy5YK3tng7y~Vchnoi*1jp@!_1bONsFEz69ZOwn^AN zsvg)~ag@N?>3wqFhb?<3DtZ4Tp_u;D-b2j4j(j~8|EC*ogtelC-N6XyX#YuCbMcAo zFRp*?U(o)D1JHu!03*U?$-JUs=eY>ua{qc~)6|>DRG^sO#LBelsgF$3>RrzUKKZa=3m~xF6=%m zYLp)I_rgIUvYzMHHYX`9Oef7N+7%qDRN;r)lOP)8nU!vuh<`_i_?kohD3K8yHVJAm z6W7Fi2s%SY1*E*?b_J@=0hA{^{ z^~9n*k0*2*UeF%Gp2|Iq*#iQT)-I>&+`XrCmRUcEJ0{SsW+Ry|W z-8BJGomU-(>OAR385Nj*)+M}qLCas%3NW4xakcGT2%ZiUf3SwK*l z&(a@`FB&+f5j*p=Q|Yt~0LiX-AX{9_Q`~%Xp~B;G9iJ+=U~h9ik=M2tX&?YdC_-*=xKx1j0$xzl4V2sTx`cIOjhjC5zHR29 zX2ee^i?hk0{{hqBr2vmFkAOi`hm__kr&7;*d0v_b4gnPT^cU;X!OKIqL$)5p#e9w- z^Ha?t|%w>Qb zmu&MmD?SPc6y3O1q*B9ED4z@IDV+q5cZGw0q7QuTMd!rzi@k^%y=CAvz!4i8lR zdJ_Vc!9R1ffU$Hx$l*xW-+Wko#+D+u|2#OqmN6%RUEW6JqOPsdgnTm#(A9f`MUpGj zQqpGzh7&bIetYqh$9C_++a&i)ET zm1V#_G>U5CQ>3_?ds}}cx?Gz$5W^1$#G+o;WIyb&#A4(Anm%&5um!pNBtGvGFnS)4xnk8B%o!=3rNqCuQt zY!(RV#~HVLMIIJ<{6P*#{ED6trZSEqF1%g|f^Q_*2g%3NOauM_bZF5sKldm(-^i|f zzQ1%3@|}=>O-E!J!6kC=K-CX7DUTd(w*)6v$HE?)vK;9lyk)7zQ5;@rd}|k+WOUW7 zlUyxz!&vyo9H}EZ-g;#k%%e$I^7(4exrhPE4$ImL5EA@>A$;D zk&dt8g_dg3p5{JdE){oWC*rPmW63!p3G9~VPK#7Pf3t+Nuo3*Gbv%cbjQ!7@876&o z?+PG&au@xGi04iePGcj?;zE>&e8V5@gPNXG-*4jBECrW*9*j^cf)Zyvc-V1?6RBW5In`>=r)em@es0WLM=B`fL#7Yw?sYe;W(rH=%kOiY)F77@ zVP7&WEC$p7g-($`flmmR{y+pY>#8@ozy8%}!W^JwxO6Qy&h$UdZ-bo#PdLKvVlC5C zQ85CbIsEIZh6H9HbIK~xe=shEX0f?NrC_ihjFP%X)NgOAa9NQB5_=Yziji;X;CL zX@U!nVeSvHDQrZ>=C{JB8!Gbb`UI)^y;_LtT1RVI&b$ekuUz3=-FGF`BhsU_&M|Nk zGk{C?cJzgW`P+&+jQ82Keg2)t(R_U(rAVpqwzEffo4Cu{8$CnAWt?`SckF>wEfMoB zG#5}-xZ1pYc>B0oii>4o&og3JY8$}xHfmX(3GVDg9!(L_go7Hsw`1Q(nfe#J{`%9y!fkDw+k1&Eox-$-#EQRzz zkI3D_5DG6W11Oza!MIx(@qbb_nCd|@CC8piR;exG7`*Esnr zuX!suOZ*0AWRP^o`QAm_mA`;^2bN+B`YJ3|AhyPRnafmIB_-%l^y?dPd1qp7eRwh} zK@uVQNwZv55bL`on0E(vkA32~*Avte!{CyOY~JEmIN3$q9VS*~f#P$0o0%I?vcYHRK6qu-g%~pI=Pm>5lScc^|dB=nY?y3vj;| zKD>o9&}8=9iL?DK(&3d*e^Y9M-?Dgs?*QU>??f%BePK*oYwe=}CFMmRYxo%;Prq(s zf&5|l{Yl#_GYkqEV`4^zyC}hpznG~e-R3CNT^EZ{ZQFS}zk6F}yCN~-jIv|y#CEqNrrBS;S*~($EEv#g(Al3 z^Wuq+joBB)8#H5g^8$aZlx-hYw+_Ycw1Jy~^a2F`wnT82vvfDU!TP z)6C?KK4u z9D@NUQzn~e!P>bd)>)GEG?c|*VpynUVTJBk9HV4!P52=E)8)0tm1np;TWs`)y~-{x zw*7AqsytRIg@_SpGRr8N6daJ1!nn7I9Uz^$@d@eaASfSJ@Kg1)KW%o^*R);-+(Ni* z+o+Y8-W)dXXzmskVCUC^|MNYcF&@Wm@3eH0eX$C&cc40*M;cuBnnM{wNH#BVG%0uA z)YtRdB`TmL-B0yCrqsZEcrZU!OFozWFlJ7vS4642qG&5NWlJC3g@SIYj6j@}1KbJS zPJ8pY-H9U&uWH<@apnL*ChcrCOLDHmK)_Z3#(StdO~BX+L@v245OEJd-4%Mu_mszHRRFoul^dRY&D=?mH>SV zursxLIXunDf4r1^yu?q(hm`2kej2+D&g2tW6QJzDb2hNDIW}@0uXs)Ix4_X#qC%M5 zVyzywdreLRgI*~zbx5MG_n7>bUOwTVw-rmQ!}bJ8+wBBQoV}5nQ(-ZM{*YduA883& zv$6;(kRW|^nL9<0O?#szwQtAL1hgxv@UDqV@-u#h@{K;xxRF`_=dM!cQ6c4S;-_g+ zuItj|{&GmXP8WGq)Tlje19N+NK{PfYvRrd$xm?oIRq1j+sdm`A$RH&3VWtdLtS?S0 zS&}%!T^xCMrtRi0-rL@y_5cwC`N@ZdkJ6*Mb0s7vckXIah(g9ggHG$_cO`6%DWrw< zU+_kSGV|6t?$C6{|NlT}QJdoi(k7gshqZIBQ-ZoPK7#lP9-~>b*`i!}i!=5v#R_%(p7_ zwgMlO^l}JOM|`f(%!9-|Ea@G0I0FO8#gQpxYxK1ZtPm%(+nyaJ8?8W1c9;wuG)`E= zVEhy@qVkPhxoWytbk9O3U++S8%UnvTQtyC7lyP?&W#I)qrn-TWq$ul{%G2HGlx9Dd zYO@`(cemdS?uvLn;)vic>?o8Zj2%(fExZ#vH27=Pn#V%0!VpAdFG*BPI>GM&-JiS(Ff6dS%c@I5_0E%C8V#V^@SB}aLUn6SqI!u z{&K@_?m0-TXQ_6{vrtHAE4c*csshSN%~BSNaG4odpPGaRX?Lw72WC(l0qTOuj7u_f zwn!=fQlo0U?rBua%1xu!B>^P`hR|c_9M`M)3uUlQy~E-fdJnAQbBpDF{MHBbj03m# zJC!|#CUofQ`95{9i!iRTZ-F{J6k~4qkjoavc5`^P_wLY6;zju{y4z(ea;!xCgUsno z<FKG zF?%4nCtpmOB-G93!uit1xG9Krd$r>h0fWeq{p9-NyR-M-5PuX{SE?azzLgWkqIYWz6HyjPOP20B zE_{l2lpL&WWo_yyVT!awHpu!bjHfY{WH(TQ?|ZGA3ofcy{QNj~_HzPgVV#ap(I!QF z4Bk3Lz1NZplBcI^BIGC|v2m(OMthI7&qo?=9uQLFqr@$d%9OQtje}@cE1DiCS{B6t z$ADg~pqdv%<3;1d=8B_o!kkX?R1oH51_kX}Z&pNJfYnm&(rj=Kvy(dl{A-=PpN7h@ zYxP-kfYNRC%O!IPDYt|S@i=*XW6Dyt$KjC-ls$4GY0@N19NnjnZ(bTl(WFx zLDrfhm~td(%uKE-7QWh%M0+0?IH*%)KirSLqxml8X}D5valB=>1GFaqEC#vOhDd=d z?KGBn<8nfu!)BttsTp_nSQKI;SCTk9gEr2uZ`y0yp3NF(ee>4q zlydkn-n#q0_bIbjuUKTNf+Ff}Uv6)aC))_StcP&gCr}#IFh(4H$0P6EZ%a-sKJJ@L z*y#Sj5mCPd2&8t}f!<1kIN6Zz3v;NiV8Ek&Xa7Lb=2)37%GKNh6VLS-Vbg4EsiwTS z+FpT0X-d?l+Q-UCT8`^Zqwd{aYdduyyQao;XQkaJB#xD?X%pO3p2Guni}GWnYo zZ_v}6-&2fHo5L$@ix{I$T9=s=cgpQLVNk7q+>2CuTf^m=Mn|tmUbAXl7es2Yx|(HA zvG!EE%J;FJbO`=(7H*K;u5IW>mLS0mbS>{>ORGfxVvNUWhZ76KbQ`go~J3ZT@#MkomdaEkxzP-KDpX!yx%Y#YrGD?!PwoEPA5Y>-+H)KXT ze6vDL9iBN=cb8v`l+_DN+#YXbU*F%}{6JpbRTF)Pzrz+3PrrXZnM-hTG}To2kG zMgM?&VM{Th#{HU|8kCMUPM7{wZx}cZ@4exQ(VaMi@u6o{%n-3;K0YJU7SjAWxZbh} zgLckjZ(7XL&PmMK|8;dF~*ZRvO znj1PF)M8LYEvu}#(sfBTW^T%%k9$;VMwpqaN15M)xbuu{VoA7K^?r~C%Oq7kMP>A! zR%(_G~!%k+^ zzA&MeYbv;xa+DJ75tt=@2t_xD(Ob(bDejdr^d*Hf*%wRD8}tOjcy{l4@NQKMAFonM zS(hjIjCWZo&G%XQLSj}IA+_PJ6QeMtf@*!FDExd=8$OG)=aT!5IR_Yjbi@A|D0!?&~(Y;jqnz-{xVK zr_`BVpZ65}?WKB)2w&GS$+@dCeGpdVA0kb6i-n8_p?*`TB-c+_&9bhHk;=cBxQ4*O?&GqR%7oOWh{@e21Wp!yG@a0~1Jtt-iSxVd z+J>JpC)Xpc%gl3lp)oHKh$DV$IiS^NFLGvpp1L%M)l%a8`*DS0Q=vId36jvLYfoYA z+&jf>lZ_KZS;aoMlH1ZjfS<%x3wBk2}(P(Uc6WBk{t@hR*eFs*{aLw=HF!-mENeqnf*o`a0y29#uO(R-89 zGpp!-Msn+~a?pGKbag!CyKppkU-1&90L+&TY?eoB8DN<%x!f)-I%cg=7QmcZ83fv4 zPSjEG=;$ar$Z-A?pdbhyyRh1VvMRr@(tqA*xEk^kuPyiROj3Hfv&p|r+@VM7qv^Kb z$Q@M?`4;leX(V< z7d~sgvM=Wb+UuZTv`;QLM_$?tYNk9Qh)xOe!ZHCXHI}@+=9<7NIc|-9Q0(5-OW$d- zse5mz-q-rA4LZ!1HBP-{oz2{1%Hv_Wo+%6sP}5 zmcyfu&PO%we_gZPp7KrVRY^AkL-gDd_mnu*B7@dS;&gJRm2}Uz$L#L`64--R#*w>T zq5EHQS2B=^LzJ7@QH;iU1Ay`N-w_EAsZNN#TKu Date: Mon, 21 Jun 2021 17:17:32 +0200 Subject: [PATCH 02/24] Update hello-feature-pin-reset.md removed double quotes from ConfigureWebSignInAllowedUrls proposed value. --- .../hello-for-business/hello-feature-pin-reset.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 6d1ae1fbd1..c772362fa2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -197,7 +197,7 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au - **Description:** (Optional) List of domains that are allowed during PIN reset flows. - **OMA-URI:** ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls - **Data type:** String - - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be "signin.contoso.com;portal.contoso.com" + - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be signin.contoso.com;portal.contoso.com (no double quotes) ![Custom Configuration for ConfigureWebSignInAllowedUrls policy](images/pinreset/allowlist.png) @@ -218,4 +218,4 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au - [Windows Hello and password changes](hello-and-password-changes.md) - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) From 012e0b3338d2ec20be7a95aa5852c7d4523cdffa Mon Sep 17 00:00:00 2001 From: Brian Delaney <68655382+briandelmsft@users.noreply.github.com> Date: Tue, 22 Jun 2021 11:52:02 -0400 Subject: [PATCH 03/24] Update event-4627.md resizing image to max the text to its right easier to read --- windows/security/threat-protection/auditing/event-4627.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index ff63c0c122..cf25e61624 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -21,7 +21,7 @@ ms.technology: mde - Windows Server 2016 -Event 4627 illustration +Event 4627 illustration ***Subcategory:*** [Audit Group Membership](audit-group-membership.md) From b2087ddf915607b1f00bc132598694ba6f7cac51 Mon Sep 17 00:00:00 2001 From: Brian Delaney <68655382+briandelmsft@users.noreply.github.com> Date: Tue, 22 Jun 2021 11:55:18 -0400 Subject: [PATCH 04/24] Update event-4627.md Updating image size to max text on its right easier to read and consistent with other events --- windows/security/threat-protection/auditing/event-4627.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index cf25e61624..0ae5e51990 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -21,7 +21,7 @@ ms.technology: mde - Windows Server 2016 -Event 4627 illustration +Event 4627 illustration ***Subcategory:*** [Audit Group Membership](audit-group-membership.md) From c251aec0540803ac99ae0c0522123ad3054e4383 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 22 Jun 2021 12:26:53 -0700 Subject: [PATCH 05/24] Fixed the link to Managed Installer EA --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 99f5695221..2b7538b891 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -121,7 +121,7 @@ To create the WDAC policy, they build a reference server on their standard hardw As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If the unsigned, internal application is updated, they must also update the WDAC policy to allow the new version. ## File rule precedence order -WDAC has a built-in file rule conflict logic that translates to precedence order. It will first processes all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deploy-wdac-policies-with-managed-installer.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). +WDAC has a built-in file rule conflict logic that translates to precedence order. It will first processes all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). ## More information about filepath rules From 67e7fb72ae34de3b0b10f7ee2aca1037f5565cc3 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Wed, 23 Jun 2021 11:35:43 -0700 Subject: [PATCH 06/24] Applied suggested edits --- .../select-types-of-rules-to-create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 5f12576ef7..42fcb69ab3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -121,8 +121,8 @@ To create the WDAC policy, they build a reference server on their standard hardw As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If the unsigned, internal application is updated, they must also update the WDAC policy to allow the new version. ## File rule precedence order -<<<<<<< HEAD -WDAC has a built-in file rule conflict logic that translates to precedence order. It will first processes all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). + +WDAC has a built-in file rule conflict logic that translates to precedence order. It will first process all explicit deny rules it finds. Then, it will process all explicit allow rules. If no deny or allow rule exists, WDAC will check for [Managed Installer EA](deployment/deploy-wdac-policies-with-memcm.md). Lastly, if none of these exists, WDAC will fall back on [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md). ## More information about filepath rules From 5185eba0fd5749e0a4ab5f5b8b6c4a98cc1735ec Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Wed, 23 Jun 2021 13:27:32 -0700 Subject: [PATCH 07/24] Updated Note for Disabled:Script Enforcment to select-types-of-rules-to-create and wdac-wizard-create-base-policy files. --- .../select-types-of-rules-to-create.md | 2 +- .../wdac-wizard-create-base-policy.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 42fcb69ab3..4fd6f8105d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -61,7 +61,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **8 Required:EV Signers** | This rule requires that drivers must be WHQL signed and have been submitted by a partner with an Extended Verification (EV) certificate. All Windows 10 and later drivers will meet this requirement. | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | -| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows 10 without the proper update may have unintended results. | +| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes) NOTE: This option is required to run HTA files, and is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows 10 without the proper update may have unintended results. | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md index 91ba9aeac7..2c5382e43b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md @@ -59,7 +59,7 @@ A description of each policy rule, beginning with the left-most column, is provi |------------ | ----------- | | **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. | -| **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. | +| **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. | |**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.| | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. | From d2ad0329efdd7535e79d3c84363e440bf9964527 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Thu, 24 Jun 2021 11:37:40 -0700 Subject: [PATCH 08/24] Add the missing period --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 4fd6f8105d..1652ad9cd5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -61,7 +61,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **8 Required:EV Signers** | This rule requires that drivers must be WHQL signed and have been submitted by a partner with an Extended Verification (EV) certificate. All Windows 10 and later drivers will meet this requirement. | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | -| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes) NOTE: This option is required to run HTA files, and is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows 10 without the proper update may have unintended results. | +| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows 10 without the proper update may have unintended results. | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | From 7ea8c78d51c31642b527fccf283cb9b4a12f6eb9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 25 Jun 2021 07:25:19 +0530 Subject: [PATCH 09/24] removed symbols and pre word. as per user report #9717 . so I removed special symbols nas pre word . --- windows/deployment/windows-10-subscription-activation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 6861d74931..dfb7ea6b10 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -197,7 +197,7 @@ You are using Windows 10, version 1607, 1703, or 1709 with KMS for activation, a To change all of your Windows 10 Pro devices to Windows 10 Enterprise, run the following command on each computer: ```console -cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 +cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 ``` The command causes the OS to change to Windows 10 Enterprise and then seek out the KMS server to reactivate.  This key comes from [Appendix A: KMS Client Setup Keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)) in the Volume Activation guide.  It is also possible to inject the Windows 10 Pro key from this article if you wish to step back down from Enterprise to Pro. @@ -280,4 +280,4 @@ Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscr [Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
\ No newline at end of file +[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
From 2e8ded285f3d5efbea683bd150c8f569da17b0b1 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 28 Jun 2021 13:25:30 -0700 Subject: [PATCH 10/24] fix duplicate and hook up article to toc --- windows/configuration/TOC.yml | 2 +- .../cortana-at-work-testing-scenarios.md | 12 +++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml index a5a0bbbb07..803fc6fa2a 100644 --- a/windows/configuration/TOC.yml +++ b/windows/configuration/TOC.yml @@ -138,7 +138,7 @@ - name: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization href: cortana-at-work/cortana-at-work-o365.md - name: Testing scenarios using Cortana in your business or organization - href: cortana-at-work/cortana-at-work-testing-scenarios.md + href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query href: cortana-at-work/test-scenario-1.md - name: Test scenario 2 - Perform a quick search with Cortana at work diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md index 46b62aec12..02f6340c08 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md @@ -1,5 +1,5 @@ --- -title: Testing scenarios using Cortana in your business or organization (Windows 10) +title: Cortana at work testing scenarios description: A list of suggested testing scenarios that you can use to test Cortana in your organization. ms.prod: w10 ms.mktglfcycl: manage @@ -7,25 +7,19 @@ ms.sitesec: library author: greg-lindsay ms.localizationpriority: medium ms.author: greglin -ms.date: 10/05/2017 +ms.date: 06/28/2021 ms.reviewer: manager: dansimp --- -# Testing scenarios using Cortana in your business or organization +# Cortana at work testing scenarios We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to: - [Sign into Azure AD, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md) - - [Perform a Bing search with Cortana](cortana-at-work-scenario-2.md) - - [Set a reminder](cortana-at-work-scenario-3.md) - - [Use Cortana to find free time on your calendar](cortana-at-work-scenario-4.md) - - [Find out about a person](cortana-at-work-scenario-5.md) - - [Change your language and perform a quick search with Cortana](cortana-at-work-scenario-6.md) - - [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md) \ No newline at end of file From 4713be3c03c7b29ede68a4daefd77ceea2f1042f Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 28 Jun 2021 13:28:12 -0700 Subject: [PATCH 11/24] Update cortana-at-work-testing-scenarios.md --- .../cortana-at-work/cortana-at-work-testing-scenarios.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md index 02f6340c08..8137313839 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md @@ -1,6 +1,6 @@ --- title: Cortana at work testing scenarios -description: A list of suggested testing scenarios that you can use to test Cortana in your organization. +description: Suggested testing scenarios that you can use to test Cortana in your organization. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 6de0f33c286c674a4b828cd55a5d6367120c5544 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 28 Jun 2021 13:31:49 -0700 Subject: [PATCH 12/24] toc rename node --- windows/configuration/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml index 803fc6fa2a..867a205b26 100644 --- a/windows/configuration/TOC.yml +++ b/windows/configuration/TOC.yml @@ -117,7 +117,7 @@ items: - name: Set up and test Cortana in Windows 10, version 2004 and later href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md - - name: Testing scenarios using Cortana in your business or organization + - name: Cortana at work testing scenarios href: cortana-at-work/cortana-at-work-testing-scenarios.md - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query href: cortana-at-work/cortana-at-work-scenario-1.md From 6c2c743438e594ae16a330447e065e3a41ad08f5 Mon Sep 17 00:00:00 2001 From: Joe Davies Date: Mon, 28 Jun 2021 16:04:52 -0700 Subject: [PATCH 13/24] Removal of ransomware-malware article --- .openpublishing.redirection.json | 5 ++ windows/security/threat-protection/TOC.yml | 2 +- .../threat-protection/intelligence/TOC.yml | 2 +- .../intelligence/criteria.md | 2 +- .../intelligence/phishing-trends.md | 2 +- .../intelligence/ransomware-malware.md | 77 ------------------- .../intelligence/understanding-malware.md | 2 +- .../ltsc/whats-new-windows-10-2019.md | 1 - 8 files changed, 10 insertions(+), 83 deletions(-) delete mode 100644 windows/security/threat-protection/intelligence/ransomware-malware.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8dbea776cc..25d94e8125 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -18920,6 +18920,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md", + "redirect_url": "/security/compass/human-operated-ransomware", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows", diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml index e310d0d993..60b48e0739 100644 --- a/windows/security/threat-protection/TOC.yml +++ b/windows/security/threat-protection/TOC.yml @@ -193,7 +193,7 @@ - name: Phishing href: intelligence/phishing.md - name: Ransomware - href: intelligence/ransomware-malware.md + href: /security/compass/human-operated-ransomware - name: Rootkits href: intelligence/rootkits-malware.md - name: Supply chain attacks diff --git a/windows/security/threat-protection/intelligence/TOC.yml b/windows/security/threat-protection/intelligence/TOC.yml index eb239b51c5..78fea4eba3 100644 --- a/windows/security/threat-protection/intelligence/TOC.yml +++ b/windows/security/threat-protection/intelligence/TOC.yml @@ -18,7 +18,7 @@ - name: Phishing trends and techniques href: phishing-trends.md - name: Ransomware - href: ransomware-malware.md + href: /security/compass/human-operated-ransomware - name: Rootkits href: rootkits-malware.md - name: Supply chain attacks diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 8f05e1c296..381dc66ce4 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -62,7 +62,7 @@ Microsoft classifies most malicious software into one of the following categorie * **Password stealer:** A type of malware that gathers your personal information, such as usernames and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit. -* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md). +* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again. [See more information about ransomware](/security/compass/human-operated-ransomware). * **Rogue security software:** Malware that pretends to be security software but doesn't provide any protection. This type of malware usually displays alerts about nonexistent threats on your device. It also tries to convince you to pay for its services. diff --git a/windows/security/threat-protection/intelligence/phishing-trends.md b/windows/security/threat-protection/intelligence/phishing-trends.md index 9645672acd..1785d95a38 100644 --- a/windows/security/threat-protection/intelligence/phishing-trends.md +++ b/windows/security/threat-protection/intelligence/phishing-trends.md @@ -41,7 +41,7 @@ An attacker sends a fraudulent email requesting you to open or download a docume ## Phishing emails that deliver other threats -Phishing emails are often effective, so attackers sometimes use them to distribute [ransomware](ransomware-malware.md) through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note, which asks you to pay a sum of money to access to your files. +Phishing emails are often effective, so attackers sometimes use them to distribute [ransomware](/security/compass/human-operated-ransomware) through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note, which asks you to pay a sum of money to access to your files. We have also seen phishing emails that have links to [tech support scam](support-scams.md) websites. These websites use various scare tactics to trick you into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems. diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md deleted file mode 100644 index 5a04348f87..0000000000 --- a/windows/security/threat-protection/intelligence/ransomware-malware.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Ransomware -ms.reviewer: -description: Learn how to protect your computer and network from ransomware attacks, which can stop you from accessing your files. -keywords: security, malware, ransomware, encryption, extortion, money, key, infection, prevention, tips, WDSI, MMPC, Microsoft Malware Protection Center, ransomware-as-a-service, ransom, ransomware downloader, protection, prevention, solution, exploit kits, backup, Cerber, Locky, WannaCry, WannaCrypt, Petya, Spora -ms.prod: m365-security -ms.mktglfcycl: secure -ms.sitesec: library -ms.localizationpriority: medium -ms.author: dansimp -author: dansimp -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -search.appverid: met150 -ms.technology: mde ---- -# Ransomware - -Ransomware is a type of malware that encrypts files and folders, preventing access to important files. Ransomware attempts to extort money from victims by asking for money, usually in form of cryptocurrencies, in exchange for the decryption key. But cybercriminals won't always follow through and unlock the files they encrypted. - -The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms especially susceptible to ransomware attacks. - -## How ransomware works - -Most ransomware infections start with: - -- Email messages with attachments that try to install ransomware. - -- Websites hosting [exploit kits](exploits-malware.md) that attempt to use vulnerabilities in web browsers and other software to install ransomware. - -Once ransomware infects a device, it starts encrypting files, folders, entire hard drive partitions using encryption algorithms like RSA or RC4. - -Ransomware is one of the most lucrative revenue channels for cybercriminals, so malware authors continually improve their malware code to better target enterprise environments. Ransomware-as-a-service is a cybercriminal business model where malware creators sell their ransomware and other services to cybercriminals, who then operate the ransomware attacks. The business model also defines profit sharing between the malware creators, ransomware operators, and other parties that may be involved. For cybercriminals, ransomware is big business at the expense of individuals and businesses. - -### Examples - -Sophisticated ransomware like **Spora**, **WannaCrypt** (also known as WannaCry), and **Petya** (also known as NotPetya) spread to other computers via network shares or exploits. - -- Spora drops ransomware copies in network shares. - -- WannaCrypt exploits the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to infect other computers. - -- A Petya variant exploits the same vulnerability, in addition to CVE-2017-0145 (also known as EternalRomance), and uses stolen credentials to move laterally across networks. - -Older ransomware like **Reveton** (nicknamed "Police Trojan" or "Police ransomware") locks screens instead of encrypting files. They display a full screen image and then disable Task Manager. The files are safe, but they're effectively inaccessible. The image usually contains a message claiming to be from law enforcement that says the computer has been used in illegal cybercriminal activities and a fine needs to be paid. - -Ransomware like **Cerber** and **Locky** search for and encrypt specific file types, typically document and media files. When the encryption is complete, the malware leaves a ransom note using text, image, or an HTML file with instructions to pay a ransom to recover files. - -**Bad Rabbit** ransomware was discovered attempting to spread across networks using hardcoded usernames and passwords in brute force attacks. - -## How to protect against ransomware - -Organizations can be targeted specifically by attackers, or they can be caught in the wide net cast by cybercriminal operations. Large organizations are high value targets because attackers can demand bigger ransoms. - -To provide the best protection against ransomware attacks, Microsoft recommends that you: - -- Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite. - -- Apply the latest updates to your operating systems and apps. - -- Educate your employees so they can identify social engineering and spear-phishing attacks. - -- [Implement controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). It can stop ransomware from encrypting files and holding the files for ransom. - -For more general tips, see [prevent malware infection](prevent-malware-infection.md). - -## Human-operated ransomware - -Unlike auto-spreading ransomware like WannaCry or NotPetya, human-operated ransomware is the result of active and ongoing attacks that target an organization rather than a single device. Cybercriminals use their knowledge of common system and security misconfigurations and vulnerabilities to infiltrate the organization, navigate the enterprise network, adapt to the environment, and exploit its weaknesses as they go. - -Hallmarks of these human-operated ransomware attacks typically include credential theft and lateral movement and can result in deployment of ransomware payloads to high business impact resources that attackers choose. Once deployed, the attackers contact the organization with their ransom demands. - -The same primary prevention techniques described in this article should be implemented to prevent human-operated ransomware. For additional preventative measures against human-operated ransomware, see this [article](/security/compass/human-operated-ransomware). - -See [this blog post](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/) from the Microsoft 365 Defender Threat Intelligence Team for more information and attack chain analysis of actual human-operated ransomware attacks. diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index 63477837e9..f98d44ceb7 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -32,7 +32,7 @@ There are many types of malware, including: - [Exploits and exploit kits](exploits-malware.md) - [Macro malware](macro-malware.md) - [Phishing](phishing.md) -- [Ransomware](ransomware-malware.md) +- [Ransomware](/security/compass/human-operated-ransomware) - [Rootkits](rootkits-malware.md) - [Supply chain attacks](supply-chain-malware.md) - [Tech support scams](support-scams.md) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index cd82d2c618..b9b73c1bcb 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -141,7 +141,6 @@ This also means you’ll see more links to other security apps within **Windows You can read more about ransomware mitigations and detection capability at: - [Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) -- [Ransomware security intelligence](/windows/security/threat-protection/intelligence/ransomware-malware) - [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) Also see [New capabilities of Microsoft Defender for Endpoint further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) From 86c3b2f3618f0fc57c970fbef3ea98156e732255 Mon Sep 17 00:00:00 2001 From: Joe Davies Date: Mon, 28 Jun 2021 16:06:14 -0700 Subject: [PATCH 14/24] Update whats-new-windows-10-version-1703.md --- windows/whats-new/whats-new-windows-10-version-1703.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 2c639ff2a3..b05bba2289 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -150,7 +150,7 @@ New features for Microsoft Defender AV in Windows 10, version 1703 include: In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). -You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [ransomware information topic](/windows/security/threat-protection/intelligence/ransomware-malware) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). +You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). ### Device Guard and Credential Guard From f5fb120b36094e6a5ee3bcf57a2da0890a15cc62 Mon Sep 17 00:00:00 2001 From: Joe Davies Date: Mon, 28 Jun 2021 16:10:22 -0700 Subject: [PATCH 15/24] Update whats-new-windows-10-2019.md --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index b9b73c1bcb..2b62e7fc98 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -36,7 +36,7 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use ## Microsoft Intune -Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes support for features such as [Windows Autopilot](#windows-autopilot). However, note that Windows 10 Update Rings Device profiles do not support LTSC releases, therefore you should use [Policy configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), WSUS, or Configuration Manager for patching. +Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes support for features such as [Windows Autopilot](#windows-autopilot). However, note that Windows 10 Update Rings Device profiles do not support LTSC releases, therefore you should use [Policy configuration service provider](/windows/client-management/mdm/policy-csp-update), WSUS, or Configuration Manager for patching. ## Security From 31939be3bc76a31327092f1d4b8c7831ac0356ad Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 28 Jun 2021 17:41:55 -0700 Subject: [PATCH 16/24] Corrected note styles, adjusted layout, added punctuation, minor fixes --- .../hello-feature-pin-reset.md | 41 +++++++++++++------ .../threat-protection/auditing/event-4627.md | 15 ++++--- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index c772362fa2..6d78a9e26b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -50,17 +50,17 @@ Destructive and non-destructive PIN reset use the same entry points for initiati For Azure AD joined devices: 1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon. -1. Click **I forgot my PIN** from the PIN credential provider -1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (i.e. Password, PIN, Security key) -1. Follow the instructions provided by the provisioning process +1. Click **I forgot my PIN** from the PIN credential provider. +1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (i.e., Password, PIN, Security key). +1. Follow the instructions provided by the provisioning process. 1. When finished, unlock your desktop using your newly created PIN. For Hybrid Azure AD joined devices: 1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon. -1. Click **I forgot my PIN** from the PIN credential provider +1. Click **I forgot my PIN** from the PIN credential provider. 1. Enter your password and press enter. -1. Follow the instructions provided by the provisioning process +1. Follow the instructions provided by the provisioning process. 1. When finished, unlock your desktop using your newly created PIN. > [!NOTE] @@ -94,13 +94,20 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se ### Connect Azure Active Directory with the PIN reset service 1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. + 1. After you have logged in, choose **Accept** to give consent for the PIN reset service to access your account. + ![PIN reset service application in Azure](images/pinreset/pin-reset-service-prompt.png) + 1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. + 1. After you have logged in, choose **Accept** to give consent for the PIN reset client to access your account. - ![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png) - > [!NOTE] - > After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant. + + ![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png) + + > [!NOTE] + > After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant. + 1. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant. > [!div class="mx-imgBorder"] @@ -122,7 +129,7 @@ You configure Windows 10 to use the Microsoft PIN Reset service using the comput 1. Set **Enable PIN recovery** to **Yes**. > [!NOTE] -> You can also setup PIN recovery using configuration profiles. +> You can also set up PIN recovery using configuration profiles. > > 1. Sign in to Endpoint Manager. > 1. Click **Devices** > **Configuration Profiles** > Create a new profile or edit an existing profile using the Identity Protection profile type. @@ -141,7 +148,7 @@ The PIN reset configuration for a user can be viewed by running [**dsregcmd /sta #### Sample User state Output for Destructive PIN Reset -``` +```console +----------------------------------------------------------------------+ | User State | +----------------------------------------------------------------------+ @@ -160,7 +167,7 @@ The PIN reset configuration for a user can be viewed by running [**dsregcmd /sta #### Sample User state Output for Non-Destructive PIN Reset -``` +```console +----------------------------------------------------------------------+ | User State | +----------------------------------------------------------------------+ @@ -189,21 +196,29 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au ### Configuring Policy Using Intune 1. Sign-in to [Endpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account. + 1. Click **Devices**. Click **Configuration profiles**. Click **Create profile**. + 1. For Platform select **Windows 10 and later** and for Profile type select **Templates**. In the list of templates that is loaded, select **Custom** and click Create. + 1. In the **Name** field type **Web Sign In Allowed URLs** and optionally provide a description for the configuration. Click Next. + 1. On the Configuration settings page, click **Add** to add a custom OMA-URI setting. Provide the following information for the custom settings + - **Name:** Web Sign In Allowed URLs - **Description:** (Optional) List of domains that are allowed during PIN reset flows. - **OMA-URI:** ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls - **Data type:** String - - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be signin.contoso.com;portal.contoso.com (no double quotes) + - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be _signin.contoso.com;portal.contoso.com_ (without quotation marks) - ![Custom Configuration for ConfigureWebSignInAllowedUrls policy](images/pinreset/allowlist.png) + :::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy" source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist.png"::: 1. Click the Save button to save the custom configuration. + 1. On the Assignments page, use the Included groups and Excluded groups sections to define the groups of users or devices that should receive this policy. Once you have completed configuring groups click the Next button. + 1. On the Applicability rules page, click Next. + 1. Review the configuration that is shown on the Review + create page to make sure that it is accurate. Click create to save the profile and apply it to the configured groups. > [!NOTE] diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 0ae5e51990..8831845dfa 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -33,12 +33,14 @@ You must also enable the Success audit for [Audit Logon](audit-logon.md) subcate Multiple events are generated if the group membership information cannot fit in a single security audit event. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:*** -``` + +```xml - - @@ -86,7 +88,8 @@ Multiple events are generated if the group membership information cannot fit in - **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon or invokes it. @@ -122,7 +125,8 @@ Multiple events are generated if the group membership information cannot fit in - **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed. @@ -148,7 +152,8 @@ Multiple events are generated if the group membership information cannot fit in For 4627(S): Group membership information. -> **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). +> [!IMPORTANT] +> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). - Typically this action is reported by the NULL SID account, so we recommend reporting all events with **“Subject\\Security ID”** not equal “**NULL SID**”. From f3348d35ac9613cb2b4142d1aaf6411cbd2c0032 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 28 Jun 2021 19:05:04 -0700 Subject: [PATCH 17/24] Acrolinx "multi-factor " --- .../hello-for-business/hello-feature-pin-reset.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 6d78a9e26b..154ea379e1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -23,7 +23,7 @@ ms.reviewer: - Windows 10, version 1709 or later -Windows Hello for Business provides the capability for users to reset forgotten PINs using the "I forgot my PIN link" from the Sign-in options page in Settings or from above the lock screen. User's are required to authenticate and complete multi-factor authentication to reset their PIN. +Windows Hello for Business provides the capability for users to reset forgotten PINs using the "I forgot my PIN link" from the Sign-in options page in Settings or from above the lock screen. User's are required to authenticate and complete multifactor authentication to reset their PIN. There are two forms of PIN reset called destructive and non-destructive. Destructive PIN reset is the default and does not require configuration. During a destructive PIN reset, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned. For non-destructive PIN reset, you must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. @@ -79,7 +79,7 @@ Visit the [Windows Hello for Business Videos](./hello-videos.md) page and watch - Azure AD registered, Azure AD joined, and Hybrid Azure AD joined - Windows 10, version 1709 to 1809, **Enterprise Edition**. There is no licensing requirement for this feature since version 1903. -When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication to Azure, and completes multi-factor authentication, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory. +When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication to Azure, and completes multifactor authentication, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory. Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. From bed8791d8c1c644bd1f85cba485d4244bcfc2b7d Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 28 Jun 2021 19:07:34 -0700 Subject: [PATCH 18/24] Add option for lightbox view --- .../hello-for-business/hello-feature-pin-reset.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 154ea379e1..0ecc622ba4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -110,8 +110,7 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se 1. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant. - > [!div class="mx-imgBorder"] - > ![PIN reset service permissions page](images/pinreset/pin-reset-applications.png) + :::image type="content" alt-text="PIN reset service permissions page" source="images/pinreset/pin-reset-applications.png" lightbox="images/pinreset/pin-reset-applications.png"::: ### Configure Windows devices to use PIN reset using Group Policy From 29f9abbe8a1f1765aa6cac4f6da234a27788fae3 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 28 Jun 2021 19:11:51 -0700 Subject: [PATCH 19/24] Indented list item and content in list items --- .../threat-protection/auditing/event-4627.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 8831845dfa..4a4fce1919 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -88,8 +88,8 @@ Multiple events are generated if the group membership information cannot fit in - **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> [!NOTE] -> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon or invokes it. @@ -107,10 +107,10 @@ Multiple events are generated if the group membership information cannot fit in - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4672](event-4672.md)(S): Special privileges assigned to new logon.” -**Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field: +- **Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field: -| Logon Type | Logon Title | Description | -|------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Logon Type | Logon Title | Description | +|------------|-------------------|----------------------| | 2 | Interactive | A user logged on to this computer. | | 3 | Network | A user or computer logged on to this computer from the network. | | 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. | @@ -125,8 +125,8 @@ Multiple events are generated if the group membership information cannot fit in - **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> [!NOTE] -> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed. From 87b9f5377dcd60cc32db75e6c80bf096cfdf0728 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 29 Jun 2021 09:31:40 +0530 Subject: [PATCH 20/24] removed invalid link , added correct link as per user report issue #9747 , so I added correct link and removed invalid link --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 89776f9222..9de7a6f1c2 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -87,4 +87,4 @@ The table below lists the supported configurations for remotely connecting to an ## Related topics -[How to use Remote Desktop](https://support.microsoft.com/instantanswers/ff521c86-2803-4bc0-a5da-7df445788eb9/how-to-use-remote-desktop) \ No newline at end of file +[How to use Remote Desktop](https://support.microsoft.com/en-us/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c) From a2b22b9e83bfaab9faf72a0098df0be3f622455c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 29 Jun 2021 17:41:56 +0530 Subject: [PATCH 21/24] typo correction as per user report issue #9750 , so I corrected word --- .../bitlocker/bitlocker-network-unlock-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml index 17c1035e0b..10287fc220 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml @@ -35,6 +35,6 @@ sections: BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it. Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is - not available you will need to use the recovery key to unlock the computer if it can ot be connected to the network. + not available you will need to use the recovery key to unlock the computer if it can not be connected to the network. For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). From 0cff94693ae41c30ebb1b4924655ccdb51cd2942 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 29 Jun 2021 19:17:31 +0530 Subject: [PATCH 22/24] Update windows/client-management/connect-to-remote-aadj-pc.md thanks for pointing out. Today I forgotted to remove localisation. Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 9de7a6f1c2..275869bf99 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -87,4 +87,4 @@ The table below lists the supported configurations for remotely connecting to an ## Related topics -[How to use Remote Desktop](https://support.microsoft.com/en-us/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c) +[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c) From 72e5c293c3d9b20db903c059c860342b52af49dd Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 09:36:42 -0700 Subject: [PATCH 23/24] hardware req --- windows/whats-new/windows-11-requirements.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 8c87b2c454..54e1400de4 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -38,7 +38,7 @@ To install or upgrade to Windows 11, devices must meet the following minimum har - Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use. -\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-10-specifications#primaryR5). +\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements] (https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility). @@ -86,5 +86,6 @@ Some features in Windows 11 have requirements beyond those listed above. See the ## See also +[Windows minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview)
[Windows 11 overview](windows-11.md) From 3fc77d46d66876d7ac2db48b7372f9fcf1f8c665 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 13:21:18 -0700 Subject: [PATCH 24/24] fix link --- windows/whats-new/windows-11-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 54e1400de4..368dd33786 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -38,7 +38,7 @@ To install or upgrade to Windows 11, devices must meet the following minimum har - Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use. -\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements] (https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). +\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility).