From 46936a5bb14a9499dddfb866ba7ead8c268fbcfa Mon Sep 17 00:00:00 2001 From: Joe Skeen Date: Tue, 29 Dec 2020 09:14:30 -0700 Subject: [PATCH 1/4] Update bitlocker-how-to-enable-network-unlock.md fix wording --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 2061c1421c..1284208f66 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -26,7 +26,7 @@ ms.custom: bitlocker This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. -Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers. +Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult for enterprises to roll out software patches to unattended desktops and remotely administered servers. Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for Network Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session. From 564a005dc434b3bc89e0efe60e9ce7570d45afe1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 30 Dec 2020 12:29:07 +0500 Subject: [PATCH 2/4] Update microsoft-cloud-app-security-config.md --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index a05d99d1d6..869c67e8b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -44,7 +44,7 @@ Once activated, Microsoft Defender for Endpoint will immediately start forwardin ## View the data collected -To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). +To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/mde-integration#investigate-devices-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). From 49e4bf55a51c12da969a07b21540aa81d6e14beb Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 30 Dec 2020 18:24:38 +0500 Subject: [PATCH 3/4] Addition of information in security properties As suggested by the user, there were security properties missing in the document and has been added. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8819 --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 8dc3221ed3..fdec65680d 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -196,7 +196,7 @@ Value | Description **5.** | If present, NX protections are available. **6.** | If present, SMM mitigations are available. **7.** | If present, Mode Based Execution ControlĀ is available. - +**8.** | If present, APIC virtualization is available. #### InstanceIdentifier @@ -227,6 +227,7 @@ Value | Description **1.** | If present, Windows Defender Credential Guard is configured. **2.** | If present, HVCI is configured. **3.** | If present, System Guard Secure Launch is configured. +**4.** | If present, SMM Firmware Measurement is configured. #### SecurityServicesRunning @@ -238,6 +239,7 @@ Value | Description **1.** | If present, Windows Defender Credential Guard is running. **2.** | If present, HVCI is running. **3.** | If present, System Guard Secure Launch is running. +**4.** | If present, SMM Firmware Measurement is running. #### Version From 9631e4445d6d9b450ac5ad6287b17c5d61b673c5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Dec 2020 09:33:27 -0800 Subject: [PATCH 4/4] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 869c67e8b9..1ec715c5e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -44,7 +44,7 @@ Once activated, Microsoft Defender for Endpoint will immediately start forwardin ## View the data collected -To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/mde-integration#investigate-devices-in-cloud-app-security). +To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/mde-integration#investigate-devices-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).