From c3be617e0d73095d3242633fdd7c3ccc658d21a4 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 4 May 2017 08:48:49 -0700 Subject: [PATCH 1/9] do not apply package from system32 --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 804d9de6f8..b5b9ec5163 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -25,7 +25,7 @@ If you want to minimize connections from Windows to Microsoft services, or confi You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. -To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. +To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. From 25efcdbc5450243b0db73b2c98e8c856b3687cc3 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 4 May 2017 10:41:05 -0700 Subject: [PATCH 2/9] enable incremental build --- .openpublishing.publish.config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 77e4cb1ee7..4b026cfdc9 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -2,6 +2,7 @@ "build_entry_point": "", "need_generate_pdf": false, "need_generate_intellisense": false, + "enable_incremental_build": true, "docsets_to_publish": [ { "docset_name": "education", From 0722c4926f11d2acbbaad4c061650459044bf3ae Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 4 May 2017 11:20:00 -0700 Subject: [PATCH 3/9] Removed TechNet --- CONTRIBUTING.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f5c90d0691..99dceed75d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,7 +18,7 @@ We've tried to make editing an existing, public file as simple as possible. **To edit a topic** -1. Go to the page on TechNet that you want to update, and then click **Edit**. +1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**. ![GitHub Web, showing the Edit link](images/contribute-link.png) @@ -62,14 +62,23 @@ We've tried to make editing an existing, public file as simple as possible. The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places: - [Windows 10](https://docs.microsoft.com/windows/windows-10) - - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy) + + - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy) + - [Surface](https://docs.microsoft.com/surface) + - [Surface Hub](https://docs.microsoft.com/surface-hub) + - [HoloLens](https://docs.microsoft.com/hololens) + - [Microsoft Store](https://docs.microsoft.com/microsoft-store) + - [Windows 10 for Education](https://docs.microsoft.com/education/windows) + - [Windows 10 for SMB](https://docs.microsoft.com/windows/smb) + - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer) + - [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack) From ff6cc8968a4e963406c8aa76cb21360b0de6f31b Mon Sep 17 00:00:00 2001 From: John Tobin Date: Thu, 4 May 2017 12:01:24 -0700 Subject: [PATCH 4/9] Indentation fix for Event ID 17 --- .../credential-guard/credential-guard-manage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/access-protection/credential-guard/credential-guard-manage.md b/windows/access-protection/credential-guard/credential-guard-manage.md index 9396f2dd47..05f08ab263 100644 --- a/windows/access-protection/credential-guard/credential-guard-manage.md +++ b/windows/access-protection/credential-guard/credential-guard-manage.md @@ -143,8 +143,8 @@ For client machines that are running Windows 10 1703, LSAIso is running whenever - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] - You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. + You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. ## Disable Credential Guard From 2c535a6bfb5c061d00bf4aa682b614cb7363225c Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 4 May 2017 12:48:56 -0700 Subject: [PATCH 5/9] fixing a typo enablng = enabling --- .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 1aa658b96a..208b3e6a3c 100644 --- a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -49,7 +49,7 @@ The Windows Hello for Business PIN is subject to the same set of IT management p ## What if someone steals the laptop or phone? To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device. -You can provide additional protection for laptops that don't have TPM by enablng BitLocker and setting a policy to limit failed sign-ins. +You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins. **Configure BitLocker without TPM** 1. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy: From fb4b41bddc37840c5abf48ecdd46e65417079849 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 4 May 2017 14:38:48 -0700 Subject: [PATCH 6/9] Fixed duplicate text --- browsers/edge/available-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 8c8984005a..3289a9892e 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -357,7 +357,7 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A https://fabrikam.com/opensearch.xml - - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.

If you don't configure this setting, the default search engine is set to the one specified in App settings. + - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market. - If you don't configure this setting (default), the default search engine is set to the one specified in App settings. From 98a8dd86255211e50b8270551f987123179d9478 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 4 May 2017 14:40:02 -0700 Subject: [PATCH 7/9] enable PDF download --- .openpublishing.publish.config.json | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 4b026cfdc9..9a990acba8 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -3,6 +3,10 @@ "need_generate_pdf": false, "need_generate_intellisense": false, "enable_incremental_build": true, + "branch_target_mapping": { + "live": ["Publish","Pdf"], + "master": ["Publish", "Pdf"] + }, "docsets_to_publish": [ { "docset_name": "education", @@ -377,23 +381,32 @@ "version": 0 } ], + "Targets": { + "Pdf": { + "template_folder": "_themes.pdf" + } + }, "notification_subscribers": [ "brianlic@microsoft.com" ], - "branches_to_filter": [ - "" - ], + "branches_to_filter": [""], "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs", "git_repository_branch_open_to_public_contributors": "master", "skip_source_output_uploading": false, "need_preview_pull_request": true, "dependent_repositories": [ - { + { + "path_to_root": "_themes.pdf", + "url": "https://github.com/Microsoft/templates.docs.msft.pdf", + "branch": "master", + "branch_mapping": {} + }, + { "path_to_root": "_themes", "url": "https://github.com/Microsoft/templates.docs.msft", "branch": "master", "branch_mapping": {} } ], - "need_generate_pdf_url_template": false + "need_generate_pdf_url_template": true } \ No newline at end of file From 35b34ce81930067bae3ea9c6a170c0cb4d6d9deb Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Thu, 4 May 2017 14:46:03 -0700 Subject: [PATCH 8/9] Removed erroneous reference to SQL Server 2012 R1. --- windows/deployment/windows-10-poc-sc-config-mgr.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 0ce8558c9c..4e36256cae 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -4,8 +4,7 @@ description: Deploy Windows 10 in a test lab using System Center Configuration M ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.pagetype: deploy -keywords: deployment, automate, tools, configure, sccm, configuration manager +ms.pagetype: deploykeywords: deployment, automate, tools, configure, sccm, configuration manager localizationpriority: high author: greg-lindsay --- @@ -15,7 +14,6 @@ author: greg-lindsay **Applies to** - Windows 10 - **Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides: - [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) @@ -26,7 +24,6 @@ The PoC environment is a virtual network running on Hyper-V with three virtual m - **DC1**: A contoso.com domain controller, DNS server, and DHCP server. - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. - This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. >Multiple features and services are installed on SRV1 in this guide. This is not a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be extremely slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, clicking **Settings**, clicking **Memory**, and modifying the value next to **Maximum RAM**. @@ -38,7 +35,6 @@ This guide provides end-to-end instructions to install and configure System Cent Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.

-
TopicDescriptionTime @@ -48,8 +44,7 @@ Topics and procedures in this guide are summarized in the following table. An es
[Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)Prerequisite procedures to support Zero Touch installation.60 minutes
[Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)Use the MDT wizard to create the boot image in Configuration Manager.20 minutes
[Create a Windows 10 reference image](#create-a-windows-10-reference-image)This procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.0-60 minutes -
[Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)Add a Windows 10 operating system image and distribute it.10 minutes -
[Create a task sequence](#create-a-task-sequence)Create a Configuration Manager task sequence with MDT integration using the MDT wizard15 minutes +
[Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)Add a Windows 10 operating system image and distribute it.10 minutes
[Create a task sequence](#create-a-task-sequence)Create a Configuration Manager task sequence with MDT integration using the MDT wizard15 minutes
[Finalize the operating system configuration](#finalize-the-operating-system-configuration)Enable monitoring, configure rules, and distribute content.30 minutes
[Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)Deploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes
[Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)Replace a client computer with Windows 10 using Configuration Manager.90 minutes @@ -60,7 +55,6 @@ Topics and procedures in this guide are summarized in the following table. An es ## Install prerequisites - 1. Before installing System Center Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1: ``` @@ -78,7 +72,7 @@ Topics and procedures in this guide are summarized in the following table. An es This command mounts the .ISO file to drive D on SRV1. -4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server 2012 SP2: +4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server: ``` D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms From a0d25eb11c3c416b509ffe3919c6df32cb8e706f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 4 May 2017 15:12:00 -0700 Subject: [PATCH 9/9] remove repeated line --- ...custom-ti-api-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md index 3f71267756..c801b3feab 100644 --- a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -27,7 +27,7 @@ You can define custom alert definitions and indicators of compromise (IOC) using Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md). ### Use the threat intelligence REST API to create custom threat intelligence alerts -You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource, you call and specify the resource URLs using one of the following operations: +You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource: - GET - POST