From 6ebb5527816f1610a68db624b7dcdf9471520d19 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 9 Jan 2021 19:23:07 +0500 Subject: [PATCH 01/29] Update in the note section As pointed by the user, the note section of the document has been updated to reflect the correct information regarding NTAuth. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8709 --- .../hello-hybrid-key-whfb-settings-pki.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 87b70bbd2c..f4f7a6860f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -81,7 +81,13 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. > [!NOTE] -> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail. +> The CA issuing the domain controller certificate must be included in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a multi-tier CA hierarchy or a third-party CA, this may not be done by default. If the Domain Controller certificate does not directly chain to a CA certificate in the NTAuth store, user authentication will fail. + +To check the NTAuth certificate, you can use the below powershell command + +```powershell +Certutil -viewstore -enterprise NTAuth +``` ### Publish Certificate Templates to a Certificate Authority From 545a69ee3fd407ff7cede0114ffc8328f11e3c12 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 9 Jan 2021 19:32:52 +0500 Subject: [PATCH 02/29] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index f4f7a6860f..614cd3be6f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -83,7 +83,7 @@ The certificate template is configured to supersede all the certificate template > [!NOTE] > The CA issuing the domain controller certificate must be included in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a multi-tier CA hierarchy or a third-party CA, this may not be done by default. If the Domain Controller certificate does not directly chain to a CA certificate in the NTAuth store, user authentication will fail. -To check the NTAuth certificate, you can use the below powershell command +The following PowerShell command can be used to check the NTAuth certificate: ```powershell Certutil -viewstore -enterprise NTAuth From a2f324116bab5d0c9c204299a1ac142f17b891a8 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 19 Feb 2021 10:41:52 +0500 Subject: [PATCH 03/29] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md Co-authored-by: mapalko --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 614cd3be6f..b00b4cc551 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -81,7 +81,7 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. > [!NOTE] -> The CA issuing the domain controller certificate must be included in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a multi-tier CA hierarchy or a third-party CA, this may not be done by default. If the Domain Controller certificate does not directly chain to a CA certificate in the NTAuth store, user authentication will fail. +> The certificate for the CA issuing the domain controller certificate must be included in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a multi-tier CA hierarchy or a third-party CA, this may not be done by default. If the Domain Controller certificate does not directly chain to a CA certificate in the NTAuth store, user authentication will fail. The following PowerShell command can be used to check the NTAuth certificate: From cec0159439a48c31b76f9ccbd3b97ff3ec28ae25 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 19 Feb 2021 10:42:12 +0500 Subject: [PATCH 04/29] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md Co-authored-by: mapalko --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index b00b4cc551..9773a3fe79 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -83,7 +83,7 @@ The certificate template is configured to supersede all the certificate template > [!NOTE] > The certificate for the CA issuing the domain controller certificate must be included in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a multi-tier CA hierarchy or a third-party CA, this may not be done by default. If the Domain Controller certificate does not directly chain to a CA certificate in the NTAuth store, user authentication will fail. -The following PowerShell command can be used to check the NTAuth certificate: +The following PowerShell command can be used to check all certificates in the NTAuth store: ```powershell Certutil -viewstore -enterprise NTAuth From 78878545f4b505b1d2394abc4b6da18fd3404463 Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Sun, 28 Feb 2021 04:06:53 -0600 Subject: [PATCH 05/29] Update allow-com-object-registration-in-windows-defender-application-control-policy.md --- ...ows-defender-application-control-policy.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 1a451b7545..0719946e8e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -92,4 +92,55 @@ Example 3: Allows a specific COM object to register in PowerShell ``` +### How to configure the settings for the CLSIDs +For example, you get an error in the Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script) like below: + +Log Name: Microsoft-Windows-AppLocker/MSI and Script +Source: Microsoft-Windows-AppLocker +Date: 11/11/2020 1:18:11 PM +Event ID: 8036 +Task Category: None +Level: Error +Keywords: +User: S-1-5-21-3340858017-3068726007-3466559902-3647 +Computer: contoso.com +Description: +{f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy. +Event Xml: + + + + 8036 + 0 + 2 + 0 + 0 + 0x4000000000000000 + + 819347 + + + Microsoft-Windows-AppLocker/MSI and Script + contoso.com + + + + false + {f8d253d9-89a4-4daa-87b6-1168369f0b21} + + + +To add this CLSID to the existing policy, follow the steps below, +1. Open the Powershell ISE with administrative priviledge. +2. Now from the admin powershell ISE, type this command and run it. Considering the name of the policy is WDAC_policy.xml . +PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath \WDAC_policy.xml -Key 8856f961-340a-11d0-a96b-00c04fd705a2 -Provider WSH -Value True -ValueName EnterpriseDefinedClsId -ValueType Boolean + +Once the command is run, you will find that the following section is added to the policy xml. + + + + + true + + From 6efb94c299f26d716526abae992c4c98bbf20e3c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 1 Mar 2021 11:58:03 -0800 Subject: [PATCH 06/29] Update allow-com-object-registration-in-windows-defender-application-control-policy.md --- ...istration-in-windows-defender-application-control-policy.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 0719946e8e..0630c68598 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -10,11 +10,10 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: jsuther1974 +author: dansimp ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 05/21/2019 ms.technology: mde --- From 97af8184425bfd3ce484420d4b82bca4253277a8 Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Mon, 1 Mar 2021 14:06:54 -0600 Subject: [PATCH 07/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...istration-in-windows-defender-application-control-policy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 0630c68598..c9af678a85 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -136,10 +136,11 @@ PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath \WDAC_ Once the command is run, you will find that the following section is added to the policy xml. +```XML true - +``` From 30e6f9a79c49053152e7c787fe9a046759583f50 Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Mon, 1 Mar 2021 14:07:45 -0600 Subject: [PATCH 08/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...-windows-defender-application-control-policy.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index c9af678a85..81cde27871 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -129,12 +129,16 @@ Event Xml: -To add this CLSID to the existing policy, follow the steps below, -1. Open the Powershell ISE with administrative priviledge. -2. Now from the admin powershell ISE, type this command and run it. Considering the name of the policy is WDAC_policy.xml . -PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath \WDAC_policy.xml -Key 8856f961-340a-11d0-a96b-00c04fd705a2 -Provider WSH -Value True -ValueName EnterpriseDefinedClsId -ValueType Boolean +To add this CLSID to the existing policy, use the following steps: -Once the command is run, you will find that the following section is added to the policy xml. +1. Open PowerShell ISE with Administrative privileges. +2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`. + +```PowerShell +PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath \WDAC_policy.xml -Key 8856f961-340a-11d0-a96b-00c04fd705a2 -Provider WSH -Value True -ValueName EnterpriseDefinedClsId -ValueType Boolean +``` + +Once the command has been run, you will find that the following section is added to the policy XML. ```XML From ca5fbad68fc880ff636b9595ee89e4d4e33fae32 Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Mon, 1 Mar 2021 14:08:31 -0600 Subject: [PATCH 09/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...istration-in-windows-defender-application-control-policy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 81cde27871..4a3a78f5df 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -106,6 +106,7 @@ Computer: contoso.com Description: {f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy. Event Xml: +```XML @@ -128,6 +129,8 @@ Event Xml: {f8d253d9-89a4-4daa-87b6-1168369f0b21} +``` + To add this CLSID to the existing policy, use the following steps: From 181c080c176fae74125dfc8fc0014354dd939d42 Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Mon, 1 Mar 2021 14:08:49 -0600 Subject: [PATCH 10/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...tion-in-windows-defender-application-control-policy.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 4a3a78f5df..2353588ab0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -100,12 +100,14 @@ Date: 11/11/2020 1:18:11 PM Event ID: 8036 Task Category: None Level: Error -Keywords: +Keywords: User: S-1-5-21-3340858017-3068726007-3466559902-3647 -Computer: contoso.com +Computer: contoso.com Description: {f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy. -Event Xml: + +Event XML: + ```XML From 334f10e5902c8a38ed9ed6369e0c01a7000d057d Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Mon, 1 Mar 2021 16:40:44 -0600 Subject: [PATCH 11/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...tration-in-windows-defender-application-control-policy.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 2353588ab0..77be4c9cfa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -91,8 +91,9 @@ Example 3: Allows a specific COM object to register in PowerShell ``` -### How to configure the settings for the CLSIDs -For example, you get an error in the Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script) like below: +### How to configure settings for the CLSIDs + +Given the following example of an error in the Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script): Log Name: Microsoft-Windows-AppLocker/MSI and Script Source: Microsoft-Windows-AppLocker From a14099a5ca12a13caea6207f8452ecd14c299b7d Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Tue, 2 Mar 2021 18:40:11 -0600 Subject: [PATCH 12/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...gistration-in-windows-defender-application-control-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 77be4c9cfa..5bda9a2469 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -93,7 +93,7 @@ Example 3: Allows a specific COM object to register in PowerShell ``` ### How to configure settings for the CLSIDs -Given the following example of an error in the Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script): +Given the following example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**): Log Name: Microsoft-Windows-AppLocker/MSI and Script Source: Microsoft-Windows-AppLocker From b0b159c1ee71ee95483be99e4af54e1c8cf332ee Mon Sep 17 00:00:00 2001 From: yogesh thangjam <53617154+TJ2215@users.noreply.github.com> Date: Tue, 2 Mar 2021 18:40:41 -0600 Subject: [PATCH 13/29] Update windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...egistration-in-windows-defender-application-control-policy.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 5bda9a2469..e14bb95c30 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -134,7 +134,6 @@ Event XML: ``` - To add this CLSID to the existing policy, use the following steps: 1. Open PowerShell ISE with Administrative privileges. From 1125bf9d79f6de9de401b3be915f98bfd6d5fa0e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 3 Mar 2021 21:33:23 +0100 Subject: [PATCH 14/29] Resolve broken links to Insider Preview builds Resolve broken links in whats-new-windows-10-version-2004.md Changes proposed: - Replace 8 occurrences of the outdated /at-work-pro/wip-4-biz-whats-new directory & page links Codestyle & whitespace: - Remove redundant leading space before dash in the "See Also" bullet point list - Remove redundant HTML `
` tags from "See Also" sentence endings (handled by MarkDown) - Remove any redundant end-of-line (EOL) whitespace (blanks) Closes #9241 --- .../whats-new-windows-10-version-2004.md | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 562b8ec51b..dcbc461a06 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10, version 2004 -This article lists new and updated features and content that are of interest to IT Pros for Windows 10, version 2004, also known as the Windows 10 May 2020 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1909. +This article lists new and updated features and content that are of interest to IT Pros for Windows 10, version 2004, also known as the Windows 10 May 2020 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1909. To download and install Windows 10, version 2004, use Windows Update (**Settings > Update & Security > Windows Update**). For more information, see this [video](https://aka.ms/Windows-10-May-2020-Update). @@ -33,7 +33,7 @@ To download and install Windows 10, version 2004, use Windows Update (**Settings - You can now enable passwordless sign-in for Microsoft accounts on your Windows 10 device by going to **Settings > Accounts > Sign-in options**, and selecting **On** under **Make your device passwordless**. Enabling passwordless sign in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN. -- Windows Hello PIN sign-in support is [added to Safe mode](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#windows-hello-pin-in-safe-mode-build-18995). +- Windows Hello PIN sign-in support is [added to Safe mode](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#windows-hello-pin-in-safe-mode-build-18995). - Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (MSA). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894). @@ -108,7 +108,7 @@ Windows PowerShell cmdlets have been improved: - **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting. Additional improvements: -- Enterprise network [throttling is enhanced](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling. +- Enterprise network [throttling is enhanced](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling. - Automatic cloud-based congestion detection is available for PCs with cloud service support. The following [Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization) policies are removed in this release: @@ -116,7 +116,7 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym - Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth) - Reason: Replaced with separate policies for foreground and background - Max Upload Bandwidth (DOMaxUploadBandwidth) - - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. + - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. - Absolute max throttle (DOMaxDownloadBandwidth) - Reason: separated to foreground and background @@ -134,11 +134,11 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym ### Wi-Fi 6 and WPA3 -Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks. +Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks. ### TEAP -In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea). +In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea). ## Virtualization @@ -182,7 +182,7 @@ Also see information about the exciting new Edge browser [here](https://blogs.wi ## Application settings -This release enables explicit [control over when Windows automatically restarts apps](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#control-over-restarting-apps-at-sign-in-build-18965) that were open when you restart your PC. +This release enables explicit [Control over restarting apps at sign-in (Build 18965)](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#control-over-restarting-apps-at-sign-in-build-18965) that were open when you restart your PC. ## Windows Shell @@ -194,8 +194,8 @@ Several enhancements to the Windows 10 user interface are implemented in this re - Productivity: chat-based UI gives you the ability to [interact with Cortana using typed or spoken natural language queries](https://support.microsoft.com/help/4557165) to easily get information across Microsoft 365 and stay on track. Productivity focused capabilities such as finding people profiles, checking schedules, joining meetings, and adding to lists in Microsoft To Do are currently available to English speakers in the US. - - In the coming months, with regular app updates through the Microsoft Store, we’ll enhance this experience to support wake word invocation and enable listening when you say “Cortana,” offer more productivity capabilities such as surfacing relevant emails and documents to help you prepare for meetings, and expand supported capabilities for international users. - + - In the coming months, with regular app updates through the Microsoft Store, we’ll enhance this experience to support wake word invocation and enable listening when you say “Cortana,” offer more productivity capabilities such as surfacing relevant emails and documents to help you prepare for meetings, and expand supported capabilities for international users. + - Security: tightened access to Cortana so that you must be securely logged in with your work or school account or your Microsoft account before using Cortana. Because of this tightened access, some consumer skills including music, connected home, and third-party skills will no longer be available. Additionally, users [get cloud-based assistance services that meet Office 365’s enterprise-level privacy, security, and compliance promises](https://docs.microsoft.com/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide) as set out in the Online Services Terms. - Move the Cortana window: drag the Cortana window to a more convenient location on your desktop. @@ -208,7 +208,7 @@ Windows Search is improved in several ways. For more information, see [Superchar ### Virtual Desktops -You can now [rename your virtual desktops](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#renaming-your-virtual-desktops-build-18975), instead of getting stuck with the system-issued names like Desktop 1. +There is a new [Update on Virtual Desktop renaming (Build 18975)](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#update-on-virtual-desktop-renaming-build-18975), where, instead of getting stuck with the system-issued names like Desktop 1, you can now rename your virtual desktops more freely. ### Bluetooth pairing @@ -216,13 +216,13 @@ Pairing Bluetooth devices with your computer will occur through notifications, s ### Reset this PC -The 'reset this PC' recovery function now includes a [cloud download](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#new-reset-this-pc-option-cloud-download-build-18970) option. +The 'reset this PC' recovery function now includes a [cloud download](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#reset-your-pc-from-the-cloud-build-18970) option. ### Task Manager The following items are added to Task Manager in this release: - GPU Temperature is available on the Performance tab for devices with a dedicated GPU card. -- Disk type is now [listed for each disk on the Performance tab](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#disk-type-visible-in-task-manager-performance-tab-build-18898). +- Disk type is now [listed for each disk on the Performance tab](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#disk-type-now-visible-in-task-manager-performance-tab-build-18898). ## Graphics & display @@ -232,7 +232,7 @@ The following items are added to Task Manager in this release: ### 2-in-1 PCs -A [new tablet experience](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#new-tablet-experience-for-2-in-1-convertible-pcs-build-18970) for two-in-one convertible PCs is available. The screen will be optimized for touch when you detach your two-in-one's keyboard, but you'll still keep the familiar look of your desktop without interruption. +[Introducing a new tablet experience for 2-in-1 convertible PCs! (Build 18970)](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#introducing-a-new-tablet-experience-for-2-in-1-convertible-pcs-build-18970) A new tablet experience for two-in-one convertible PCs is available. The screen will be optimized for touch when you detach your two-in-one's keyboard, but you'll still keep the familiar look of your desktop without interruption. ### Specialized displays @@ -245,24 +245,24 @@ Examples include: - Dedicated video monitoring - Monitor panel testing and validation - Independent Hardware Vendor (IHV) driver testing and validation - + To prevent Windows from using a display, choose Settings > Display and click Advanced display settings. Select a display to view or change, and then set the Remove display from desktop setting to On. The display will now be available for a specialized use. ## Desktop Analytics -[Desktop Analytics](https://docs.microsoft.com/configmgr/desktop-analytics/overview) is a cloud-connected service, integrated with Configuration Manager that provides data-driven insights to the management of Windows endpoints in your organization. Desktop Analytics requires a Windows E3 or E5 license, or a Microsoft 365 E3 or E5 license. +[Desktop Analytics](https://docs.microsoft.com/configmgr/desktop-analytics/overview) is a cloud-connected service, integrated with Configuration Manager that provides data-driven insights to the management of Windows endpoints in your organization. Desktop Analytics requires a Windows E3 or E5 license, or a Microsoft 365 E3 or E5 license. For information about Desktop Analytics and this release of Windows 10, see [What's new in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/whats-new). ## See Also - - [What’s new for IT pros in Windows 10, version 2004](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-10-version-2004/ba-p/1419764): Windows IT Pro blog.
- - [What’s new in the Windows 10 May 2020 Update](https://blogs.windows.com/windowsexperience/2020/05/27/whats-new-in-the-windows-10-may-2020-update/): Windows Insider blog.
- - [What's New in Windows Server](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server): New and updated features in Windows Server.
- - [Windows 10 Features](https://www.microsoft.com/windows/features): General information about Windows 10 features.
- - [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
- - [Start developing on Windows 10, version 2004 today](https://blogs.windows.com/windowsdeveloper/2020/05/12/start-developing-on-windows-10-version-2004-today/): New and updated features in Windows 10 that are of interest to developers.
- - [What's new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new): A preview of new features for businesses.
- - [What's new in Windows 10, version 2004 - Windows Insiders](https://docs.microsoft.com/windows-insider/at-home/whats-new-wip-at-home-20h1): This list also includes consumer focused new features.
- - [Features and functionality removed in Windows 10](https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features): Removed features.
- - [Windows 10 features we’re no longer developing](https://docs.microsoft.com/windows/deployment/planning/windows-10-deprecated-features): Features that are not being developed.
+- [What’s new for IT pros in Windows 10, version 2004](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-10-version-2004/ba-p/1419764): Windows IT Pro blog. +- [What’s new in the Windows 10 May 2020 Update](https://blogs.windows.com/windowsexperience/2020/05/27/whats-new-in-the-windows-10-may-2020-update/): Windows Insider blog. +- [What's New in Windows Server](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server): New and updated features in Windows Server. +- [Windows 10 Features](https://www.microsoft.com/windows/features): General information about Windows 10 features. +- [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. +- [Start developing on Windows 10, version 2004 today](https://blogs.windows.com/windowsdeveloper/2020/05/12/start-developing-on-windows-10-version-2004-today/): New and updated features in Windows 10 that are of interest to developers. +- [What's new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/Active-Dev-Branch): A preview of new features for businesses. +- [What's new in Windows 10, version 2004 - Windows Insiders](https://docs.microsoft.com/windows-insider/at-home/whats-new-wip-at-home-20h1): This list also includes consumer focused new features. +- [Features and functionality removed in Windows 10](https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features): Removed features. +- [Windows 10 features we’re no longer developing](https://docs.microsoft.com/windows/deployment/planning/windows-10-deprecated-features): Features that are not being developed. From 574e16ac738f5036f4ce37214e43f83cebd1daac Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Fri, 5 Mar 2021 00:42:26 +0100 Subject: [PATCH 15/29] Add missing missing sentence ending period dot. (Correction for text outside of PR change.) Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index dcbc461a06..2463fd18c5 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -114,7 +114,7 @@ Additional improvements: The following [Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization) policies are removed in this release: - Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth) - - Reason: Replaced with separate policies for foreground and background + - Reason: Replaced with separate policies for foreground and background. - Max Upload Bandwidth (DOMaxUploadBandwidth) - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. - Absolute max throttle (DOMaxDownloadBandwidth) From 49a3d9d1b2e3a2c8e97b280b55682bec94e04d60 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Fri, 5 Mar 2021 00:43:39 +0100 Subject: [PATCH 16/29] Case correction - sentence casing. Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 2463fd18c5..1336deed7f 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -116,7 +116,7 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym - Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth) - Reason: Replaced with separate policies for foreground and background. - Max Upload Bandwidth (DOMaxUploadBandwidth) - - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. + - Reason: Impacts uploads to internet peers only, which isn't used in enterprises. - Absolute max throttle (DOMaxDownloadBandwidth) - Reason: separated to foreground and background From 55c754ecaa70cafc55bff875337c08a6b353f676 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Fri, 5 Mar 2021 00:44:37 +0100 Subject: [PATCH 17/29] Case correction and add missing sentence ending period. Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 1336deed7f..3311e5f61d 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -118,7 +118,7 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym - Max Upload Bandwidth (DOMaxUploadBandwidth) - Reason: Impacts uploads to internet peers only, which isn't used in enterprises. - Absolute max throttle (DOMaxDownloadBandwidth) - - Reason: separated to foreground and background + - Reason: Separated to foreground and background. ### Windows Update for Business From cd5a2bfaa6703d7bcd75a32cd07e2c7d8ab96be2 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Fri, 5 Mar 2021 00:46:23 +0100 Subject: [PATCH 18/29] Sentence improvement for archived link description. Copy review improvement suggestion accepted. Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/whats-new/whats-new-windows-10-version-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 3311e5f61d..6e7a63e0fe 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -232,7 +232,7 @@ The following items are added to Task Manager in this release: ### 2-in-1 PCs -[Introducing a new tablet experience for 2-in-1 convertible PCs! (Build 18970)](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#introducing-a-new-tablet-experience-for-2-in-1-convertible-pcs-build-18970) A new tablet experience for two-in-one convertible PCs is available. The screen will be optimized for touch when you detach your two-in-one's keyboard, but you'll still keep the familiar look of your desktop without interruption. +See [Introducing a new tablet experience for 2-in-1 convertible PCs! (Build 18970)](https://docs.microsoft.com/windows-insider/archive/new-in-20H1#introducing-a-new-tablet-experience-for-2-in-1-convertible-pcs-build-18970) for details on a new tablet experience for two-in-one convertible PCs that is now available. The screen will be optimized for touch when you detach your two-in-one's keyboard, but you'll still keep the familiar look of your desktop without interruption. ### Specialized displays From 3e130cdaa8ee82444b74c1983e2c2f3e149d0539 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 7 Mar 2021 21:09:22 +0500 Subject: [PATCH 19/29] Update mac-jamfpro-policies.md As reported, there was formating issue in the code and its now fixed. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9259 --- .../microsoft-defender-atp/mac-jamfpro-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index 780f0d40dd..a6ed3b27f6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -512,7 +512,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer. - Identifier: `com.microsoft.wdav` - Identifier Type: Bundle ID - - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: identifier com.microsoft.wdav and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 ![Image of configuration setting](images/22cb439de958101c0a12f3038f905b27.png) From bf4ffb0fbe585db36c4ef1eb6d8a3d604edfa319 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 8 Mar 2021 17:43:07 +0500 Subject: [PATCH 20/29] Added quotea Added quotes, removed them mistakenly. --- .../microsoft-defender-atp/mac-jamfpro-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index a6ed3b27f6..9d6a7b4083 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -512,7 +512,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer. - Identifier: `com.microsoft.wdav` - Identifier Type: Bundle ID - - Code Requirement: identifier com.microsoft.wdav and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 ![Image of configuration setting](images/22cb439de958101c0a12f3038f905b27.png) From eacaa0c59898588871c3510ea1e78d5beead7b9f Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 8 Mar 2021 17:46:49 +0500 Subject: [PATCH 21/29] Correction in Markdown Added correction in markdown. --- .../microsoft-defender-atp/mac-jamfpro-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index 9d6a7b4083..655d1ae603 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -512,7 +512,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer. - Identifier: `com.microsoft.wdav` - Identifier Type: Bundle ID - - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9 ![Image of configuration setting](images/22cb439de958101c0a12f3038f905b27.png) From 2fe8daa86fdb0a55af97d86b8d9b68c2509913eb Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Sun, 14 Mar 2021 21:01:08 +0200 Subject: [PATCH 22/29] add note pointing to older article https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9068 --- .../security/threat-protection/auditing/audit-file-system.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 7da7e7d670..70075509ce 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -21,6 +21,8 @@ ms.technology: mde - Windows 10 - Windows Server 2016 +> [!NOTE] +> For more details about applicability on older operating system versions, check [this article](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)). Audit File System determines whether the operating system generates audit events when users attempt to access file system objects. From fc730dcd338a6d81ef87f92a3ca6f23ed1f15430 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 15 Mar 2021 09:04:56 +0200 Subject: [PATCH 23/29] Update windows/security/threat-protection/auditing/audit-file-system.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/threat-protection/auditing/audit-file-system.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 70075509ce..6f4a85f583 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -22,7 +22,7 @@ ms.technology: mde - Windows Server 2016 > [!NOTE] -> For more details about applicability on older operating system versions, check [this article](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)). +> For more details about applicability on older operating system versions, read the article [Audit File System](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)). Audit File System determines whether the operating system generates audit events when users attempt to access file system objects. @@ -63,4 +63,3 @@ Only one event, “[4658](event-4658.md): The handle to an object was closed,” - [5051](event-5051.md)(-): A file was virtualized. - [4670](event-4670.md)(S): Permissions on an object were changed. - From 94d1d8b96bd76e7ca5fcfc4b0f9ef0ae25530500 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 15 Mar 2021 22:06:34 +0200 Subject: [PATCH 24/29] Update windows/security/threat-protection/auditing/audit-file-system.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/threat-protection/auditing/audit-file-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 6f4a85f583..ef4138dc66 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -22,7 +22,7 @@ ms.technology: mde - Windows Server 2016 > [!NOTE] -> For more details about applicability on older operating system versions, read the article [Audit File System](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)). +> For more details about applicability on older operating system versions, read the article [Audit File System](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)). Audit File System determines whether the operating system generates audit events when users attempt to access file system objects. From ad14b6c92c93846f490cb57023ca1b1cc70886c0 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Mon, 15 Mar 2021 15:08:00 -0500 Subject: [PATCH 25/29] Update security-compliance-toolkit-10.md Updated list to remove 1903 as it went EoS in December, forgot to update it --- .../security/threat-protection/security-compliance-toolkit-10.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 18151f137c..3662667af2 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -31,7 +31,6 @@ The Security Compliance Toolkit consists of: - Windows 10 Version 20H2 (October 2020 Update) - Windows 10 Version 2004 (May 2020 Update) - Windows 10 Version 1909 (November 2019 Update) - - Windows 10 Version 1903 (May 2019 Update) - Windows 10 Version 1809 (October 2018 Update) - Windows 10 Version 1803 (April 2018 Update) - Windows 10 Version 1607 (Anniversary Update) From dbae09a082a3a1942e61324a5a805136c2a8b058 Mon Sep 17 00:00:00 2001 From: Apu Dutta Date: Mon, 15 Mar 2021 17:31:21 -0700 Subject: [PATCH 26/29] Update CSP tree format to include DownloadServer --- windows/client-management/mdm/euiccs-csp.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 9ce12f6be8..97ae6b939f 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -25,6 +25,10 @@ eUICCs --------IsActive --------PPR1Allowed --------PPR1AlreadySet +--------DownloadServers +------------ServerName +----------------DiscoveryState +----------------AutoEnable --------Profiles ------------ICCID ----------------ServerName From f4811cf1ce043d6c69dd8eacb8fd0f922232f633 Mon Sep 17 00:00:00 2001 From: Oludele0315 <79658488+Oludele0315@users.noreply.github.com> Date: Wed, 17 Mar 2021 15:49:03 -0700 Subject: [PATCH 27/29] Update network-protection.md @denisebmsft , please peruse the update to this page. --- .../microsoft-defender-atp/network-protection.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 7ff00a13e3..8f684557fe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -31,6 +31,11 @@ ms.date: 03/08/2021 Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. Network protection expands the scope of [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). Network protection is supported on Windows, beginning with Windows 10, version 1709. +Network Protection is not yet supported on other operating systems. However, please review Web protection - [Windows security | Microsoft Docs] (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) to find out which Web Protection functionality is supported using the Edge (Chromium) browser. + +Network Protection extends the protection in [Web protection] (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) to an OS level – and would thus provide Web protection functionality in Edge to other supported browsers as well as non-browser applications. +In addition, Network Protection provides visibility and blocking of Indicators of Compromise (IOCs) when used with [Endpoint detection and response](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) including the enforcement of your [custom indicator list.] (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) + For more information about how to enable network protection, see [Enable network protection](enable-network-protection.md). Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network. From 2323574fbea8a42ef215d2c9710c3e8c4e20a6a3 Mon Sep 17 00:00:00 2001 From: Oludele0315 <79658488+Oludele0315@users.noreply.github.com> Date: Wed, 17 Mar 2021 16:05:45 -0700 Subject: [PATCH 28/29] Update network-protection.md @denisebmsft --- .../network-protection.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 7ff00a13e3..85615d9896 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -88,6 +88,23 @@ This procedure creates a custom view that filters to only show the following eve | 1125 | Event when network protection fires in audit mode | | 1126 | Event when network protection fires in block mode | + +## Considerations for Windows virtual desktop running Windows 10 Enterprise Multi-Session +Due to the multi-user nature of this operating system, please observe the following: + +1. Network Protection is a machine-wide feature and cannot be targeted to specific user (sessions). +2. This applies to Web content filtering policies as well. +3. If differentiation between user groups is required, consider creating separate Windows Virtual Desktop host pools and assignments. +4. Test Network Protection in audit mode to test behavior before blocking. +5. Due to the multi-user nature, you may consider resizing your deployment accordingly. + +Alternative option: +For Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure, Network protection for Microsoft Edge can be enabled using the following method: + +1. Use Turn on network protection - Windows security | Microsoft Docs and follow the instructions to apply your policy +2. Execute the following PowerShell command: Set-MpPreference -AllowNetworkProtectionOnWinServer 1 + + ## Related articles - [Evaluate network protection](evaluate-network-protection.md) | Undertake a quick scenario that demonstrates how the feature works, and what events would typically be created. From 979590164a568e4172007c66b5c3653436d6680c Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Mon, 22 Mar 2021 11:26:16 -0700 Subject: [PATCH 29/29] pencil edits --- .../microsoft-defender-atp/network-protection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 468f21ca8c..3af559d037 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -31,10 +31,10 @@ ms.date: 03/08/2021 Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. Network protection expands the scope of [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). Network protection is supported on Windows, beginning with Windows 10, version 1709. -Network Protection is not yet supported on other operating systems. However, please review Web protection - [Windows security | Microsoft Docs] (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) to find out which Web Protection functionality is supported using the Edge (Chromium) browser. +Network Protection is not yet supported on other operating systems. To learn which Web Protection functionality is supported using the Edge (Chromium) browser, see [Web protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) to find out which Web Protection functionality is supported using the Edge (Chromium) browser. -Network Protection extends the protection in [Web protection] (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) to an OS level – and would thus provide Web protection functionality in Edge to other supported browsers as well as non-browser applications. -In addition, Network Protection provides visibility and blocking of Indicators of Compromise (IOCs) when used with [Endpoint detection and response](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) including the enforcement of your [custom indicator list.] (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) +Network Protection extends the protection in [Web protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) to an OS level – and would thus provide Web protection functionality in Edge to other supported browsers as well as non-browser applications. +In addition, Network Protection provides visibility and blocking of Indicators of Compromise (IOCs) when used with [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) including the enforcement of your [custom indicator list](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators). For more information about how to enable network protection, see [Enable network protection](enable-network-protection.md). Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network.