deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 11086: merge from phase 2

Browse Source
This commit is contained in:
Joey Caparas
2018-09-04 22:21:34 +00:00
parent e488291a6a 403d0cff8e
commit 82e088fb18
10 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
View File

@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration
**To set the default browser as Internet Explorer 11**
1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
1. Open your Group Policy editor and go to the **Computer Configuration\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
![set default associations group policy setting](images/setdefaultbrowsergp.png)

2
devices/hololens/hololens-insider.md
View File

@ -15,7 +15,7 @@ ms.date: 07/27/2018
Welcome to the latest Insider Preview builds for HoloLens! Its simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
<span id="get-insider" />
## How do I install the Insider builds?

2
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -34,7 +34,7 @@ PowerShell scripts to help set up and manage your Microsoft Surface Hub.
To successfully execute these PowerShell scripts, you will need to install the following prerequisites:
- [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950)
- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](https://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185)
- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](https://www.powershellgallery.com/packages/MSOnline/1.1.183.17)
- [Windows PowerShell Module for Skype for Business Online](https://www.microsoft.com/download/details.aspx?id=39366)
## <a href="" id="scripts-for-admins"></a>PowerShell scripts for Surface Hub administrators

6
mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
View File

@ -8,14 +8,16 @@ ms.pagetype: mdop, security
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
ms.date: 5/30/2018
ms.date: 8/30/2018
ms.author: pashort
author: shortpatti
---
# Applying hotfixes on MBAM 2.5 SP1
This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1
### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1
[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126)
[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=57157)
#### Steps to update the MBAM Server for existing MBAM environment
1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features).

6
windows/client-management/mdm/bitlocker-csp.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/16/2018
ms.date: 08/31/2018
---
# BitLocker CSP
@ -257,7 +257,7 @@ The following diagram shows the BitLocker configuration service provider in tree
<p style="margin-left: 20px">On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.</p>
> [!Note]
> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
> In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
<p style="margin-left: 20px">If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.</p>
@ -347,7 +347,7 @@ The following diagram shows the BitLocker configuration service provider in tree
<p style="margin-left: 20px">This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.</p>
> [!Note]
> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits.
> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits.
>
>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.

8
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: brianlic-msft
ms.date: 05/18/2018
ms.date: 09/04/2018
---
# Manage Windows Defender Credential Guard
@ -98,7 +98,7 @@ If you enable Windows Defender Credential Guard by using Group Policy, the steps
You can also enable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
```
DG_Readiness_Tool_v3.2.ps1 -Enable -AutoReboot
DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot
```
### Review Windows Defender Credential Guard performance
@ -118,7 +118,7 @@ You can view System Information to check that Windows Defender Credential Guard
You can also check that Windows Defender Credential Guard is running by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
```
DG_Readiness_Tool_v3.2.ps1 -Ready
DG_Readiness_Tool_v3.5.ps1 -Ready
```
> [!NOTE]
@ -186,7 +186,7 @@ For more info on virtualization-based security and Windows Defender Device Guard
You can also disable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
```
DG_Readiness_Tool_v3.2.ps1 -Disable -AutoReboot
DG_Readiness_Tool_v3.5.ps1 -Disable -AutoReboot
```
#### Disable Windows Defender Credential Guard for a virtual machine

6
windows/security/information-protection/tpm/tpm-fundamentals.md
View File

@ -68,7 +68,7 @@ The TPM can be used to protect certificates and RSA keys. The TPM key storage pr
## TPM Cmdlets
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://technet.microsoft.com/library/jj603116.aspx).
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/).
## Physical presence interface
@ -144,6 +144,6 @@ The Windows TPM-based smart card, which is a virtual smart card, can be configur
## Related topics
- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
- [TPM Cmdlets in Windows PowerShell](https://technet.microsoft.com/library/jj603116.aspx)
- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/)
- [TPM WMI providers](https://msdn.microsoft.com/library/aa376476.aspx)
- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)

8
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
author: jsuther1974
ms.date: 08/16/2018
ms.date: 08/31/2018
---
# Microsoft recommended block rules
@ -137,6 +137,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/>
<Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/>
<Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40"/>
@ -705,7 +706,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_D_604" FriendlyName="PowerShellShell 604" Hash="B38E1198F82E7C2B3123984C017417F2A48BDFF5B6DBAD20B2438D7B65F6E39F"/>
<Deny ID="ID_DENY_D_605" FriendlyName="PowerShellShell 605" Hash="DE16A6B93178B6C6FC33FBF3E9A86CFF070DA6D3"/>
<Deny ID="ID_DENY_D_606" FriendlyName="PowerShellShell 606" Hash="A3EF9A95D1E859958DEBE44C033B4562EBB9B4C6E32005CA5C07B2E07A42E2BE"/>
<!-- pubprn.vbs
-->
<!-- rs2 x86fre
@ -838,6 +839,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_LXRUN"/>
<FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/>
<FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM"/>
<FileRuleRef RuleID="ID_DENY_KILL"/>
<FileRuleRef RuleID="ID_DENY_WMIC"/>
<FileRuleRef RuleID="ID_DENY_MWFC" />
<FileRuleRef RuleID="ID_DENY_WFC" />
@ -1455,7 +1457,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<CiSigners />
<HvciOptions>0</HvciOptions>
</SiPolicy>
```
<br />

2
windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
View File

@ -11,7 +11,7 @@ ms.author: justinha
ms.date: 10/19/2017
---
# Enable hardware-based isolation for Microsoft Edge
# Prepare to install Windows Defender Application Guard
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)

2
windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
View File

@ -11,7 +11,7 @@ ms.author: justinha
ms.date: 10/19/2017
---
# Application testing scenarios for hardware-based isolation
# Application Guard testing scenarios
**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)