mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 10:53:43 +00:00
Merge pull request #3515 from MicrosoftDocs/repo_sync_working_branch
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Tina Burden
GitHub
@ -17,7 +17,9 @@ ms.date: 02/28/2020
|
||||
|
||||
The CertificateStore configuration service provider is used to add secure socket layers (SSL), intermediate, and self-signed certificates.
|
||||
|
||||
> **Note** The CertificateStore configuration service provider does not support installing client certificates.
|
||||
> [!Note]
|
||||
> The CertificateStore configuration service provider does not support installing client certificates.
|
||||
> The Microsoft protocol version of Open Mobile Alliance (OMA) is case insensitive.
|
||||
|
||||
|
||||
|
||||
@ -643,4 +645,3 @@ Configure the device to automatically renew an MDM client certificate with the s
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1022,7 +1022,6 @@ The XML below is for Windows 10, version 1803.
|
||||
<DFProperties>
|
||||
<AccessType>
|
||||
<Add />
|
||||
<Delete />
|
||||
<Get />
|
||||
<Replace />
|
||||
</AccessType>
|
||||
|
||||
@ -16,6 +16,9 @@ manager: dansimp
|
||||
|
||||
In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
|
||||
|
||||
> [Note]
|
||||
> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide).
|
||||
|
||||
To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image.
|
||||
|
||||
|
||||
|
||||
@ -44,7 +44,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en
|
||||
|
||||
- **Feature suggestions, fun facts, tips**
|
||||
|
||||
The lock screen background will occasionally suggest Windows 10 features that the user hasn't tried yet, such as **Snap assist**.
|
||||
The lock screen background will occasionally make reccomendations on how to enhance your productivity and enjoyment of Microsoft products including suggesting other relevant Microsoft products and services.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -82,6 +82,9 @@ When using WSUS to manage updates on Windows client devices, start by configurin
|
||||
9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**.
|
||||
|
||||
|
||||
|
||||
>[!IMPORTANT]
|
||||
> Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations
|
||||
|
||||
> [!NOTE]
|
||||
> There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx).
|
||||
|
||||
@ -71,7 +71,6 @@ The following methodology was used to derive these network endpoints:
|
||||
|||HTTPS|*licensing.mp.microsoft.com|
|
||||
|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
|
||||
||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2|*maps.windows.com|
|
||||
|| The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTP|fs.microsoft.com*|
|
||||
|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
|
||||
||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2|*login.live.com|
|
||||
|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
|
||||
|
||||
@ -98,6 +98,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
|
||||
| 0x801C03F0 | There is no key registered for the user. |
|
||||
| 0x801C03F1 | There is no UPN in the token. |
|
||||
| 0x801C044C | There is no core window for the current thread. |
|
||||
| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request AAD token for provisioning. Unable to enroll a device to use a PIN for login. |
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
@ -74,9 +74,12 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
|
||||
|
||||
The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
|
||||
|
||||
> [!NOTE]
|
||||
> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](https://docs.microsoft.com/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-manage-in-organization#policy-conflicts-from-multiple-policy-sources)
|
||||
|
||||
#### Enable Windows Hello for Business
|
||||
|
||||
The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
|
||||
The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
|
||||
|
||||
You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
|
||||
|
||||
|
||||
@ -62,8 +62,7 @@ The following is a sample Native VPN profile. This blob would fall under the Pro
|
||||
|
||||
<!--Sample EAP profile (PEAP)-->
|
||||
<Authentication>
|
||||
<UserMethod>Eap</UserMethod>
|
||||
<MachineMethod>Eap</MachineMethod>
|
||||
<UserMethod>Eap</UserMethod>
|
||||
<Eap>
|
||||
<Configuration>
|
||||
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
|
||||
|
||||
@ -214,6 +214,8 @@ Path Publisher
|
||||
|
||||
Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name.
|
||||
|
||||
Regarding to how to get the Product Name for the Apps you wish to Add, please reach out to our Windows Support Team to request the guidelines
|
||||
|
||||
### Import a list of apps
|
||||
|
||||
This section covers two examples of using an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time.
|
||||
@ -461,10 +463,10 @@ contoso.sharepoint.com|contoso.visualstudio.com
|
||||
|
||||
Specify the domains used for identities in your environment.
|
||||
All traffic to the fully-qualified domains appearing in this list will be protected.
|
||||
Separate multiple domains with the "," delimiter.
|
||||
Separate multiple domains with the "|" delimiter.
|
||||
|
||||
```code
|
||||
exchange.contoso.com,contoso.com,region.contoso.com
|
||||
exchange.contoso.com|contoso.com|region.contoso.com
|
||||
```
|
||||
|
||||
### Network domains
|
||||
|
||||
@ -146,6 +146,7 @@ This event generates when a logon session is created (on destination machine). I
|
||||
|
||||
| Logon Type | Logon Title | Description |
|
||||
|:----------:|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `0` | `System` | Used only by the System account, for example at system startup. |
|
||||
| `2` | `Interactive` | A user logged on to this computer. |
|
||||
| `3` | `Network` | A user or computer logged on to this computer from the network. |
|
||||
| `4` | `Batch` | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |
|
||||
@ -155,6 +156,8 @@ This event generates when a logon session is created (on destination machine). I
|
||||
| `9` | `NewCredentials` | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |
|
||||
| `10` | `RemoteInteractive` | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |
|
||||
| `11` | `CachedInteractive` | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |
|
||||
| `12` | `CashedRemoteInteractive` | Same as RemoteInteractive. This is used for internal auditing. |
|
||||
| `13` | `CachedUnlock` | Workstation logon. |
|
||||
|
||||
- **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
|
||||
|
||||
|
||||
@ -57,3 +57,4 @@ Table and column names are also listed within the Microsoft Defender Security Ce
|
||||
- [Advanced hunting overview](advanced-hunting-overview.md)
|
||||
- [Work with query results](advanced-hunting-query-results.md)
|
||||
- [Learn the query language](advanced-hunting-query-language.md)
|
||||
- [Advanced hunting data schema changes](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914)
|
||||
|
||||
@ -48,7 +48,7 @@ The following video provides an overview of Windows Sandbox.
|
||||
2. Enable virtualization on the machine.
|
||||
|
||||
- If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
|
||||
- If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
|
||||
- If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set-VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
|
||||
1. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
|
||||
|
||||
- If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
|
||||
|
||||
Reference in New Issue
Block a user